# Fairvisor

> Fairvisor is an open-source policy enforcement engine for API rate limiting, LLM cost control, and agentic loop protection. It runs as a decision sidecar or reverse proxy between your API gateway and upstream services — enforcing rate limits, LLM cost budgets, token-per-minute limits, kill switches, loop detection, and circuit breakers from a single declarative JSON policy bundle with sub-millisecond decision latency and no external database.

site: https://docs.fairvisor.com
source: https://github.com/fairvisor/edge
sitemap: https://docs.fairvisor.com/sitemap.xml
llm-index: https://docs.fairvisor.com/llm/index.md

## What Fairvisor does

Fairvisor evaluates every HTTP request against a declarative policy bundle and returns a deterministic allow/reject/throttle verdict. Enforcement decisions happen in-process (OpenResty/LuaJIT shared memory), with no Redis or external datastore in the hot path. Policies hot-reload without restart — push a new bundle and enforcement changes within seconds.

Fairvisor is LLM-provider-agnostic. It works with OpenAI, Anthropic, Google, Azure OpenAI, and any HTTP API. The LLM token limiter enforces per-minute (TPM) and per-day (TPD) budgets using pessimistic reservation at request time and post-response reconciliation.

## Key capabilities

- **Token Bucket** — per-key request-rate limiting with burst; identity keys on JWT claims, headers, or IP attributes
- **Cost-Based Budget** — period spend quotas (5m / hourly / daily / weekly) with staged warn/throttle/reject actions
- **LLM Token Limiter** — TPM and TPD budgets; pessimistic reservation + refund on completion
- **Kill Switch** — instant traffic block matched on any descriptor, optional TTL, takes effect on next request
- **Shadow Mode** — dry-run enforcement: tracks would-reject without blocking; safe for policy rollouts
- **Loop Detection** — blocks runaway agentic loops by detecting repeated identical requests per identity
- **Circuit Breaker** — auto-trips when spend rate exceeds threshold, auto-resets after cooldown
- **Streaming Enforcement** — mid-stream SSE truncation when completion token budget is exceeded

## Deployment modes

- **decision_service** — sidecar; existing gateway calls /v1/decision via auth_request or ext_authz
- **reverse_proxy** — inline; Fairvisor evaluates and proxies in one step, no external gateway needed

## Supported gateways

nginx, Envoy, Kong, Traefik, Cloudflare, AWS API Gateway, GCP API Gateway, Azure APIM

## Start here

- https://docs.fairvisor.com/docs/how-it-works/
- https://docs.fairvisor.com/docs/quickstart/
- https://docs.fairvisor.com/docs/reference/get-started-api/

## Algorithms

- https://docs.fairvisor.com/docs/algorithms/token-bucket/
- https://docs.fairvisor.com/docs/algorithms/cost-budget/
- https://docs.fairvisor.com/docs/algorithms/llm-limiter/
- https://docs.fairvisor.com/docs/algorithms/kill-switch/
- https://docs.fairvisor.com/docs/algorithms/loop-detector/

## Policy Format

- https://docs.fairvisor.com/docs/policy/bundle/
- https://docs.fairvisor.com/docs/policy/selectors/
- https://docs.fairvisor.com/docs/policy/rules/
- https://docs.fairvisor.com/docs/policy/kill-switches/
- https://docs.fairvisor.com/docs/policy/loop-detection/
- https://docs.fairvisor.com/docs/policy/shadow-mode/
- https://docs.fairvisor.com/docs/policy/circuit-breaker/

## Deployment

- https://docs.fairvisor.com/docs/deployment/docker/
- https://docs.fairvisor.com/docs/deployment/helm/
- https://docs.fairvisor.com/docs/deployment/standalone/
- https://docs.fairvisor.com/docs/deployment/env/
- https://docs.fairvisor.com/docs/deployment/saas/
- https://docs.fairvisor.com/docs/deployment/ha-installation/
- https://docs.fairvisor.com/docs/deployment/performance-tuning/

## Gateway Integration

- https://docs.fairvisor.com/docs/gateway/nginx/
- https://docs.fairvisor.com/docs/gateway/envoy/
- https://docs.fairvisor.com/docs/gateway/kong/
- https://docs.fairvisor.com/docs/gateway/traefik/
- https://docs.fairvisor.com/docs/gateway/cloudflare/
- https://docs.fairvisor.com/docs/gateway/aws-api-gateway/
- https://docs.fairvisor.com/docs/gateway/gcp-api-gateway/
- https://docs.fairvisor.com/docs/gateway/azure-apim/

## Core Reference

- https://docs.fairvisor.com/docs/reference/api/
- https://docs.fairvisor.com/docs/reference/headers/
- https://docs.fairvisor.com/docs/reference/reasons/
- https://docs.fairvisor.com/docs/reference/metrics/
- https://docs.fairvisor.com/docs/reference/streaming/
- https://docs.fairvisor.com/docs/reference/core-reference/
- https://docs.fairvisor.com/docs/reference/decision-tracing/
- https://docs.fairvisor.com/docs/reference/request-lifecycle/

## Operations

- https://docs.fairvisor.com/docs/reference/runbooks/
- https://docs.fairvisor.com/docs/reference/slo-alerting/
- https://docs.fairvisor.com/docs/reference/troubleshooting/
- https://docs.fairvisor.com/docs/reference/gateway-failure-policy/
- https://docs.fairvisor.com/docs/reference/operator-faq/
- https://docs.fairvisor.com/docs/reference/operations-hub/
- https://docs.fairvisor.com/docs/reference/security-model/
- https://docs.fairvisor.com/docs/reference/reliability-security/

## CLI

- https://docs.fairvisor.com/docs/cli/overview/
- https://docs.fairvisor.com/docs/cli/init/
- https://docs.fairvisor.com/docs/cli/validate/
- https://docs.fairvisor.com/docs/cli/test/
- https://docs.fairvisor.com/docs/cli/connect/
- https://docs.fairvisor.com/docs/cli/status/
- https://docs.fairvisor.com/docs/cli/logs/

## Runbooks (Cookbook)

- https://docs.fairvisor.com/docs/cookbook/kill-switch-incident-response/
- https://docs.fairvisor.com/docs/cookbook/budget-exhaustion-runbook/
- https://docs.fairvisor.com/docs/cookbook/shadow-mode-rollout/
- https://docs.fairvisor.com/docs/cookbook/reject-spike-runbook/
- https://docs.fairvisor.com/docs/cookbook/rate-limit-by-user/
- https://docs.fairvisor.com/docs/cookbook/bad-bundle-rollback-runbook/
- https://docs.fairvisor.com/docs/cookbook/saas-disconnect-runbook/