_ _ ___ ____ _____ ____ _ _ _ ____ ____ _____ ____ | \ | |/ _ \| _ \| ____/ ___| | | | / \ | _ \| _ \| ____| _ \ | \| | | | | | | | _|| | _| | | |/ _ \ | |_) | | | | _| | |_) | | |\ | |_| | |_| | |__| |_| | |_| / ___ \| _ <| |_| | |___| _ < |_| \_|\___/|____/|_____\____|\___/_/ \_\_| \_\____/|_____|_| \_\
Install NodeGuarder on Windows. No accounts, no signup, no cloud.
--- system requirements --------------------------------------------
| OS | Windows 10 or 11, 64-bit |
|---|---|
| RAM | 8 GB minimum (16 GB recommended with semantic model) |
| Disk | ~1.5 GB free (model downloads on first run) |
| GPU | DirectML-capable GPU optional (RTX 2070+ tested, auto CPU fallback) |
| Architecture | x86_64 only |
--- download & install -------------------------------------------------
1. Download the latest NodeGuarder-Setup-x.x.x.msi from
GitHub Releases.
2. Run the MSI. No configuration prompts — the installer places the agent at
3. Find your bearer token in the system tray:
Right-click the lock icon → Copy Bearer Token
or open Settings → it's shown at the top.
4. Point your AI tool to the proxy endpoint:
The agent automatically starts with Windows. No accounts, no telemetry.
2. Run the MSI. No configuration prompts — the installer places the agent at
%ProgramFiles%\NodeGuarder and launches it immediately.
3. Find your bearer token in the system tray:
Right-click the lock icon → Copy Bearer Token
or open Settings → it's shown at the top.
4. Point your AI tool to the proxy endpoint:
http://127.0.0.1:51820/v1 Authorization: Bearer ng-<your-token>
The agent automatically starts with Windows. No accounts, no telemetry.
--- silent install (enterprise / mdm) ----------------------------------
Deploy via Intune, Group Policy, or any MDM:
For auto-enrollment to a portal, place a provisioning file at
msiexec /i NodeGuarder-Setup-x.x.x.msi /quiet /norestart
For auto-enrollment to a portal, place a provisioning file at
%PROGRAMDATA%\NodeGuarder\provisioning.toml
before first launch:
[provisioning] enrollment_code = "ng-<enrollment-code>" admin_url = "https://your-portal:50051"
--- ide configuration -------------------------------------------------
All settings follow the same pattern: set the OpenAI-compatible endpoint to
Continue.dev
Edit
Cursor
Settings → Models → Add provider:
OpenAI Base URL:
API Key:
VS Code (Continue extension)
Same as Continue.dev — the extension reads
Windsurf
Settings → search "OpenAI" → set Base URL and API Key.
JetBrains AI Assistant
Settings → Tools → AI Assistant → select OpenAI provider:
API URL:
API Key:
Aider
Cline (VS Code extension)
http://127.0.0.1:51820/v1 and use your bearer token as the API key.
Continue.dev
Edit
%USERPROFILE%\.continue\config.json:
{
"models": [{
"title": "NodeGuarder",
"provider": "openai",
"model": "gpt-4",
"apiBase": "http://localhost:51820/v1",
"apiKey": "ng-<your-token>"
}],
"tabAutocompleteModel": {
"title": "NodeGuarder Tab",
"provider": "openai",
"model": "gpt-4o-mini",
"apiBase": "http://localhost:51820/v1",
"apiKey": "ng-<your-token>"
}
}
Cursor
Settings → Models → Add provider:
OpenAI Base URL:
http://localhost:51820/v1
API Key:
ng-<your-token>
VS Code (Continue extension)
Same as Continue.dev — the extension reads
~/.continue/config.json.
Windsurf
Settings → search "OpenAI" → set Base URL and API Key.
JetBrains AI Assistant
Settings → Tools → AI Assistant → select OpenAI provider:
API URL:
http://localhost:51820/v1
API Key:
ng-<your-token>
Aider
export OPENAI_API_BASE=http://localhost:51820/v1 export OPENAI_API_KEY=ng-<your-token> aider --model gpt-4
Cline (VS Code extension)
settings.json:
{
"cline.openaiApiBase": "http://localhost:51820/v1",
"cline.openaiApiKey": "ng-<your-token>",
"cline.model": "gpt-4"
}
--- upstream routing --------------------------------------------------
The agent forwards cleaned prompts to an upstream LLM. Configure routes in
Settings → Gateway or in
Routes are evaluated in order — first match wins. Patterns are glob-matched against the
API keys can be a literal value or
config.toml:
[[proxy.upstream_routes]] match_pattern = "gpt-4*" url = "https://api.openai.com/v1" api_key = "env:OPENAI_API_KEY" [[proxy.upstream_routes]] match_pattern = "*" url = "https://gateway.corp.internal/v1" api_key = "sk-gateway-key"
Routes are evaluated in order — first match wins. Patterns are glob-matched against the
model field in each request.
| Pattern | Matches |
|---|---|
gpt-4* | gpt-4, gpt-4-turbo, gpt-4-32k |
claude-*-sonnet | claude-3-sonnet, claude-3-5-sonnet |
*llama* | llama3, codellama, deepseek-llama |
* | Everything (catch-all) |
API keys can be a literal value or
env:VARIABLE_NAME to read
from the environment at runtime.
--- verification -------------------------------------------------------
Confirm the agent is running and routing traffic:
You should receive a streaming response (or an error if the upstream isn't configured yet).
Open the agent's Security Activity tab to see detected events in real time. If you're enrolled in an enterprise portal, events also appear in the central audit log.
curl.exe -s http://127.0.0.1:51820/v1/chat/completions ^
-H "Content-Type: application/json" ^
-H "Authorization: Bearer ng-<your-token>" ^
-d "{\"model\":\"gpt-4\",\"messages\":[{\"role\":\"user\",\"content\":\"Hello\"}]}"
You should receive a streaming response (or an error if the upstream isn't configured yet).
Open the agent's Security Activity tab to see detected events in real time. If you're enrolled in an enterprise portal, events also appear in the central audit log.