Rust Performance
L2 + L3 built with axum + tokio. 599 req/s on cache-hit path. 18ms P50. Zero-copy SSE streaming. No Python wrappers in the hot path.
Open Source · Apache 2.0 · Self-Hosted
Govern AI before it governs your budget.
The self-hosted gateway that unifies API traffic, LLM calls, and autonomous agents in one control plane.
Three layers. One audit trail. Zero data leaving your network.
terminal
$ docker compose up -d
[+] Running 8/8
$ curl localhost:9080/healthcheck
✓ API Gateway ready 50k TPS · P99 < 50ms
✓ AI Gateway ready 599 req/s cache-hit · Rust
✓ Agent Gateway ready MCP + A2A · Rust
_
Open Source
|
Built on Apache APISIX
|
L2 + L3 built in Rust
|
13 LLM Providers
|
3 layers, 1 docker compose
Your AI stack is three tools duct-taped together.
Platform engineers managing AI workloads are running separate tools for the edge, the LLM layer, and agents. Three auth systems. Three dashboards. Three 2am incidents.
Shadow AI burning budgets
Teams calling LLM APIs with no governance. A runaway prompt loop burns $50K over a weekend. Finance cannot forecast AI spend.
Three systems, zero unification
Kong for the edge. LiteLLM in the middle. A separate agent runtime. Three repos, three auth configs, three observability stacks.
Agents with zero governance
Autonomous agents calling tools with no allowlists, no session budgets, no human approval for high-risk operations. MCP + A2A are here, but who governs them?
There's a better way.
One gateway. Three layers. Shared everything.
Click a layer to explore. All three share tenant_id, Redis, ClickHouse, and OTel traces.
API Gateway — Apache APISIX
Battle-tested L7 proxy handling all inbound traffic. 50k TPS at P99 < 50ms on production hardware. Per-tenant rate limiting, JWT auth, and every request logged to ClickHouse.
- ●Per-tenant rate limiting — Redis-backed sliding window, bucket key:
rl:{tenant_id}:{route}:{window} - ●JWT auth + Keycloak — tenant_id extracted from JWT claims, validated before routing
- ●ClickHouse request logging — async via http-logger, Buffer engine for high-write throughput
- ●Key auth — service-to-service API key validation with tenant scoping
- ●Grafana dashboard — request rate, error rate, P99 latency per tenant
L1 performance (local Docker)
Throughput50k TPS
P99 Latency< 50ms
Plugin overhead< 1ms
Stack
APISIX
Lua
etcd
Redis
Keycloak
Shared across all layers
tenant_id
Propagated end-to-end from JWT to ClickHouse
Redis
Rate limits, caches, sessions, budgets
ClickHouse
Request logs, AI usage, agent audit trail
OTel + Jaeger
Cross-layer distributed traces
Why developers choose gatez
Not marketing claims. Measured results from real deployments.
Multi-Tenant by Default
tenant_id in every API call, every log entry, every cache key. Rate limit buckets, token budgets, tool allowlists — all tenant-isolated from day one. Not bolted on.
Cross-Layer Traces
One span tree from APISIX → AI Gateway → agent tool call. See an HTTP request become an LLM call become a tool invocation. OTel + Jaeger. No competitor has this.
Agent Governance
MCP + A2A protocol support. HITL gates for high-risk tool calls. Tool allowlists (deny-by-default). Session budgets. Tool poisoning detection. A2A loop detection.
Self-Hosted
Docker Compose to start. Kubernetes for production. Air-gap capable. Your data never leaves your infrastructure. HIPAA, GDPR, ISO 42001 ready.
Open Source
Apache 2.0. No "community edition" limitations. No license traps. No open-core bait-and-switch. Every feature ships in the open-source build.
How gatez compares
Not every tool does every job. Here is what each platform actually ships.
| Feature | gatez | Kong | Portkey | agentgateway |
|---|---|---|---|---|
| API Gateway (L1) | ✓ | ✓ | ✕ | ✕ |
| AI Gateway (L2) | ✓ | Partial | ✓ | ✕ |
| Agent Gateway (L3) | ✓ | ✕ | ✕ | ✓ |
| All 3 layers unified | ✓ | ✕ | ✕ | ✕ |
| Cross-layer traces | ✓ | ✕ | ✕ | ✕ |
| Multi-tenant native | ✓ | Partial | ✕ | Partial |
| Self-hosted / air-gap | ✓ | ✓ | ✕ | ✓ |
| MCP + A2A protocols | ✓ | ✕ | ✕ | ✓ |
| HITL gates | ✓ | ✕ | ✕ | ✕ |
| Per-tenant token budgets | ✓ | Enterprise | ✕ | ✕ |
| Two-portal control plane | ✓ | Partial | ✕ | ✕ |
| API lifecycle governance | ✓ | Partial | ✕ | ✕ |
| Open source | ✓ | Partial | ✕ | ✕ |
See full comparisons:
Running in 60 seconds
Clone, start, call. That request goes through rate limiting (L1), PII redaction (L2), and token budget enforcement (L2). All logged. All traced.
quick-start
# Clone and start the full stack
$ git clone https://github.com/gatez-dev/gatez.git
$ cd gatez && docker compose up -d
# Your first API call through all 3 layers
$ curl -H "Authorization: Bearer $TOKEN" \
-H "x-tenant-id: acme" \
http://localhost:9080/v1/chat/completions \
-d '{"model":"gpt-4o","messages":[{"role":"user","content":"Hello"}]}'
L1 rate-limited, JWT-validated, logged to ClickHouse
L2 PII-redacted, cache-checked, budget-enforced
L3 session-tracked, tool-allowlisted, audit-trailed
Solutions
AI Cost Control
Stop shadow AI from burning your budget. Token budgets, semantic caching, per-tenant cost analytics.
Learn moreAgent Governance
Give agents tools. Keep humans in control. HITL gates, tool allowlists, session budgets, A2A policies.
Learn moreRegulated AI
AI governance that satisfies your auditor. Full air-gap, PII redaction, complete audit trail, no data leaves your network.
Learn moreAPI Monetization
Meter, limit, and bill every API call per tenant. Self-service developer portal, API key workflows, usage export for billing.
Learn moreOpen source. Built in public.
Apache 2.0 licensed. No open-core. No feature gates. Every feature ships in the open-source build. The code is public, so we have no incentive to lie about features.
Apache 2.0
License
3 Layers
All open source
Rust + Lua
Performance-first
Public
Roadmap on GitHub
Need production support?
On-prem deployment assistance. Custom Keycloak/SSO integration. SLA guarantees. Architecture review. Dedicated support channel.