Apache 2.0 · Self-hostable · OpenAI-compatible · Now with managed Cloud

One gateway.
Complete AI control.

A drop-in proxy that sits between every application and every LLM provider you use. PHI redaction, prompt-injection blocking, cost governance, and full agentic containment — enforced on every call, with zero code changes.

how a single request moves through the gateway
YOUR APPLICATION OpenAI SDK · REST · MCP agent GATEWAY 13-stage governance pipeline AUTH · RATE LIMIT · POLICY BUDGET · GUARDRAILS · PHI/PII COMPRESSION · SEMANTIC CACHE ROUTE · EXECUTE · AUDIT LLM PROVIDERS OpenAI · Anthropic · 20+ more redacting PHI: MRN, NPI, drug names checking team budget — 67% used semantic cache: no match found routing: lowest-cost healthy provider
20+LLM Providers
13Pipeline Stages
15PHI Entity Types
~1.75msP50 Governance Overhead
3Deployment Editions
The Pipeline

Thirteen stages, one request

Every call passes through four governance layers before it ever reaches an LLM.

Ingress
01Auth & API Keys
02Rate Limiting
03Policy Engine
Compliance
04Budget Enforcement
05Guardrails (regex + ML)
06PHI/PII Redaction
07A/B Testing
Optimization
08Prompt Compression
09Semantic Cache
Execution & Audit
10Intelligent Routing
11LLM Execution
12Output Guardrails
13Hash-Chained Audit
Capabilities

Everything a governed gateway needs

Built for teams that need control, not just a proxy.

HIPAA PHI Redaction

15 entity types including MRN, NPI, ICD-10, CPT codes, drug names, and provider identities. Full round-trip: redact before the LLM sees it, restore in the response. Session-scoped deterministic tokenization keeps the same entity mapped to the same token across a 50-turn agent run.

Healthcare-Grade
INPUT Patient John Smith, MRN 123456789, prescribed Lisinopril by Dr. Sarah Johnson NPI 1234567890
TO LLM Patient [NAME_1], MRN [MRN_1], prescribed [DRUG_1] by [PROVIDER_1] NPI [NPI_1]

Guardrails: Regex + ML

35+ regex patterns for jailbreaks, token smuggling, and prompt extraction, plus an optional pluggable ML classifier layer for paraphrased attacks that regex misses.

New

20+ LLM Providers

OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, Google Gemini, Groq, Mistral, DeepSeek, Cohere, Fireworks, Together AI, Ollama, xAI, Perplexity, and more. Switch providers with zero code changes.

Multi-Provider

Live Model & Pricing Registry

Pricing auto-refreshes from a maintained source with a local override for negotiated rates — no more hand-editing a stale price table when a provider ships a new model.

New

Semantic Caching + Embeddings

/v1/embeddings now runs through the full governance pipeline, and backs an embedding-aware cache layer that catches true paraphrases, not just near-identical strings — 40%+ cost reduction on repetitive workloads.

Cost Optimization

FinOps Cost Attribution & Showback

Per-team, per-user, per-feature, and per-agent-run cost breakdowns with CSV export and anomaly attribution — see exactly which workflow caused the spend spike.

New

Shadow-MCP Detection & Kill Switch

Discover tool servers your agents are calling that were never registered, block unsanctioned calls automatically, and cut off a runaway agent session or MCP server with one action.

New

Agentic Session Governance

Sub-agent depth limiting, per-run cost caps, infinite-loop detection via fingerprinting, and consistent PHI redaction across every turn of an agent session.

AI Agents

Anomaly Detection & Observability

Prometheus metrics, OpenTelemetry traces, and a hash-chained tamper-evident audit log. EMA-based anomaly detection on spend and error-rate spikes, delivered via Slack, MS Teams, PagerDuty, or email.

Observability

Six Routing Strategies

Round-robin, weighted, least-latency, cost-optimized, quality-scored, and fallback — with a circuit breaker per provider and data-residency enforcement for PHI traffic.

Reliability

Azure Entra ID SSO

RS256/ES256 JWT validation against Microsoft's JWKS endpoint, App Role enforcement, and multi-tenant support — no separate API keys required for org members.

Enterprise Auth

Prompt Management + Evals

Versioned prompt templates served by the gateway, with built-in A/B testing and lightweight LLM-as-judge evals reusing the same experiments engine.

New
Published Numbers

Governance is nearly free

Full in-process pipeline overhead, single worker, zero-latency mock provider.

~1.75ms P50 added latency, full 13-stage pipeline
<2ms P99 added latency
~780rps Per process, single worker
+0.25ms Marginal cost of full PHI + guardrails + audit

Measured with our in-repo benchmark suite (benchmarks/benchmark_gateway.py). This is pipeline overhead, not a network hop — it scales horizontally rather than chasing a single-node throughput ceiling.

Architecture

Runs inside your perimeter

Self-host on your own infrastructure, or let us run it — your data path is the same either way.

Clients
OpenAI SDK
REST / HTTP
MCP Agents
Admin Console
CI/CD Pipeline
Any OpenAI-compatible SDK
AI Control Plane Gateway
Auth · Rate Limit · Policy
Budget · Guardrails · PHI/PII · A/B
Compression · Semantic Cache
Routing · LLM Call · Output · Audit
Standard HTTPS
LLM Providers
OpenAI
Anthropic
Azure
Bedrock
Google
Groq
Mistral
DeepSeek
+ 9 more
Infrastructure
Prometheus
OpenTelemetry
Hash-Chained Audit
Semantic Cache
Budget Store
Alerting
Use Cases

Built for regulated and agentic workloads

Healthcare

HIPAA-grade AI workflows with PHI redaction across 15 entity types. Output guardrails scan LLM responses for PHI leakage before they reach your application.

  • PHI never reaches the LLM
  • Output content guardrails
  • Data residency enforcement
  • Hash-chained audit trail

Financial Services

PII redaction for customer data, budget controls per team and product line, a policy engine to block regulated content, and a full audit trail.

  • PII/PCI data redaction
  • Per-product budget caps
  • Regulatory policy enforcement
  • Audit logs for SOC 2

Legal & Professional Services

Prevent confidential client data from reaching public LLM APIs. Route sensitive matters to on-premise models while using cloud LLMs for non-sensitive work.

  • Data classification routing
  • On-premise model support
  • Client confidentiality
  • Matter-level budget caps

Agentic AI Platforms

MCP tool-call governance, shadow-server detection, and a per-session kill switch for teams running fleets of autonomous agents against real infrastructure.

  • Unsanctioned MCP server detection
  • Agent inventory + spend per run
  • Sub-agent depth & loop limits
  • One-click session kill switch
Three Ways to Run It

One engine, three editions

Same governance pipeline underneath. Choose who manages the infrastructure.

Open Source

Self-Hosted

Free forever
Apache 2.0. Run the full pipeline on your own infrastructure — you manage everything.
  • All 13 pipeline stages
  • 20+ LLM providers
  • PHI/PII redaction & guardrails
  • Full source, no telemetry
Get on GitHub
Enterprise

On-Prem / VPC

Custom
Install inside your own VPC or data center. No usage billing — flat annual license.
  • Full admin portal, self-hosted
  • Entra ID SSO on day one
  • HIPAA BAA available
  • Dedicated deployment support
Talk to Sales
Live Demo

See it live

Watch a request flow through all 13 pipeline stages in real time. PHI gets redacted before the LLM call, then restored in the response — the model never sees real patient data.

Launch Interactive Demo →
AI CONTROL PLANE — LIVE DEMO
✓ Auth
✓ Rate Limit
✓ Policy
✓ Budget
⟳ PHI Redaction
— Routing
— LLM Call
— Audit
Pricing

Priced against the market, not against you

Free forever on Open Source. Pay for usage on Cloud, or a flat license for on-prem.

Cloud Free
$0/month
10K requests/month, full pipeline, community support.
  • All 13 pipeline stages
  • 1 project, hosted dashboard
  • Community support
Start Free
Enterprise
Custom
On-prem/VPC, unlimited scale, HIPAA BAA.
  • Unlimited requests
  • HIPAA BAA available
  • Dedicated deployment engineer
Contact Sales