AI needs to be safe
and governed.
Start at the foundation. We open-sourced it.
The AlphaBitCore Nexus AI Gateway governs the bottom two layers of the AlphaBitCore stack — network and models. Every enterprise LLM call intercepted, every provider selection policy-checked, every prompt audited, every model invocation routed through one compliance engine. We believe these foundation layers should belong to the open-source community. Take them. Run them. Contribute.
Network and models are the foundation. Secure those, at minimum.
Every enterprise AI deployment sits on a stack: network, models, tools, skills, workflows, agents. The higher layers are where the magic happens; the bottom two are where the leaks happen. Unsanctioned providers, shadow keys, untracked model spend, prompts that should never have left the perimeter, costs nobody can attribute. If you do nothing else, govern the foundation.
Goal-directed workers that plan, execute, and report under policy.
Multi-step procedures that orchestrate skills, tools, and models into governed pipelines.
Reusable, governed capabilities composed from tools and models.
MCPs, internal APIs, data systems — every effectful action.
Provider selection, routing, caching, and quota across hosted and self-hosted foundation models.
Where traffic to AI providers actually leaves your perimeter.
The AlphaBitCore Nexus AI Gateway covers the network and model layers and is fully open source. Tools, skills, workflows, and agents are governed by the full AlphaBitCore platform (AlphaBitCore Prime).
One compliance engine. One audit pipeline. Three pipes to choose from.
SDK, network, or OS.
AI Gateway intercepts OpenAI-shaped SDK traffic on /v1. Compliance Proxy intercepts arbitrary HTTPS at the network layer via transparent TLS bump. Desktop Agent intercepts at the OS layer (pf / iptables / WinDivert). Pick one or run all three — every pipe runs the same hooks pipeline.
Write OpenAI shape. Route to anything.
First-class codecs for OpenAI, Anthropic, Gemini, Vertex, Azure, Bedrock, Cohere, MiniMax, GLM, Replicate, and Voyage. OpenAI-compatible passthrough for DeepSeek, Moonshot, Mistral, Groq, Fireworks, Together, Perplexity, xAI, and HuggingFace.
Exact, semantic, in-flight.
Valkey-backed exact-match response cache. Semantic vector cache via valkey-search with poison guard and circuit breaker. In-flight singleflight folds concurrent identical prompts into one upstream call. Anthropic and Gemini provider-native cache accounting surfaced in billing.
Multi-axis budgets, real time.
Per-organization, per-virtual-key, per-provider, per-model budgets. Token or USD. Hard and soft limits. Sliding-window enforcement. Counters update on every event — no batch lag. Seven routing strategies: single, fallback, loadbalance, conditional, A/B split, policy, smart.
PII, classification, audit, kill-switch.
PII detection, data classification, keyword filtering, content safety, rate limiting, IP allowlists, request-size validation, webhook forwarders, per-stage audit, SIEM forwarding, three-tier kill switch, and emergency passthrough flags for break-glass.
IAM, virtual keys, OIDC, vault.
RBAC + ABAC with an NRN resource model. Virtual keys with per-key model scope. OIDC federation with JIT user provisioning. Organization / project hierarchy. AES-256-GCM credential vault with key rotation. Agent fleet management via Hub.
Five Go services, one control console, one compliance pipeline.
AI Gateway (:3050), Compliance Proxy (:3128), Desktop Agent (local), Nexus Hub (:3060), Control Plane API (:3001), and a React UI (:3000) — the six services that make up the AlphaBitCore Nexus AI Gateway. Storage is PostgreSQL 16, Valkey 8, and NATS JetStream. The three intercept pipes are independent — each runs the full hooks pipeline on its own traffic — and the Agent can stamp an Ed25519-signed attestation so the Compliance Proxy skips re-MITM on traffic the Agent already governed.
- Apache 2.0 — fork it, vendor it, ship it
- Pre-GA · active development · public CI on main
- Go 1.25+, Node 20+, Docker; one-shot dev bootstrap script
- Self-host in your VPC, on-prem, or air-gapped
Foundation-layer governance shouldn't be a vendor lock-in.
Governing AI at the network and model layers is table stakes. Every enterprise should have an audited, policy-enforcing gateway in front of their LLM traffic and their provider selection — and it shouldn't matter whether they buy from us, build it themselves, or fork ours.
The full AlphaBitCore platform — Control Plane, EAC issuance, deterministic replay, the Investment & Wealth Workbench — is where we earn our living. The foundation layers are where the community deserves an open default.
The AlphaBitCore Nexus AI Gateway is shipped Apache 2.0. Run it standalone. Vendor it into your platform. Contribute back. When you're ready to govern the rest of the stack — tools, skills, workflows, agents — the upgrade path to AlphaBitCore Prime is in-place.
Take the foundation. The rest of the stack is here when you need it.
Clone the repo, run ./scripts/dev-start.sh, and you have a governed AI gateway covering network and model traffic running locally in minutes. When you're ready to extend governance to tools, skills, workflows, and agents, we sell three offerings.