Vigil Gateway · Q3 2026 launch · Private beta open

Cloud agent defense. One URL change.

Route your AI agent traffic through Vigil Gateway. Four-model detection, deterministic policy enforcement, cryptographic audit, and TAP-issued agent identity. Zero install on your servers. Same engine as the desktop app.

See the installPricing →
agent.tsdiff
// Before
const client = new OpenAI({
  baseURL: "https://api.openai.com/v1",
  apiKey: process.env.OPENAI_API_KEY
});

// After
const client = new OpenAI({
  baseURL: "https://gateway.runvigil.ai/v1/openai",
  apiKey: process.env.OPENAI_API_KEY,
  defaultHeaders: {
    "X-Vigil-Key": process.env.VIGIL_KEY
  }
});

// Full coverage. Zero refactor.
<40ms
Added latency (p95)
4
Detection models inline
100%
VOAF audit coverage
0
Servers to manage
How it works

Three minutes. Three steps. Full defense.

Gateway is a drop-in. Point your SDK at gateway.runvigil.ai instead of the provider. We proxy, inspect, enforce, audit, and forward. Upstream response streams back unchanged when clean. Gets held when not.

Step01
Get an API key.
Sign up at gateway.runvigil.ai. Create a project. Copy the key. Free tier gives you 100k requests monthly if you are already a Citadel subscriber.
Step02
Change one line.
Swap your provider base URL for Vigil Gateway. OpenAI, Anthropic, Google, and Groq supported at launch. All parameters pass through unchanged.
Step03
Ship.
Every request is now detected, enforced, and VOAF-audited. Policy violations return a structured error. Everything else streams through with full parity.
ExamplesBefore and after, four providers.
# Python (OpenAI SDK)
client = OpenAI(base_url="https://api.openai.com/v1")
client = OpenAI(
  base_url="https://gateway.runvigil.ai/v1/openai",
  default_headers={"X-Vigil-Key": VIGIL_KEY}
)

# Python (Anthropic SDK)
client = Anthropic(
  base_url="https://gateway.runvigil.ai/v1/anthropic",
  default_headers={"X-Vigil-Key": VIGIL_KEY}
)

# Go (Groq, via HTTP client)
req.Header.Set("X-Vigil-Key", vigilKey)
req.URL = "https://gateway.runvigil.ai/v1/groq/chat/completions"

# curl (Google Gemini)
curl https://gateway.runvigil.ai/v1/google/v1beta/models/gemini-pro:generateContent \
  -H "X-Vigil-Key: $VIGIL_KEY" \
  -H "x-goog-api-key: $GOOGLE_KEY"
Coverage

What gets included at the URL swap.

Gateway runs the same engine as the desktop app. These are the capabilities you get for free, out of the box, on every request.

01 / Detection
Four-model ensemble on every request.
Isolation Forest for outliers. LSTM for drift. Bayesian for anomaly scoring. Multi-Window CUSUM for slow attacks. All statistical, never an LLM. Cannot be prompt-injected.
02 / Enforcement
Execution Gate on high-risk actions.
Financial transfers, external communications, code execution. Configurable policy holds. Async approval via webhook, dashboard, or mobile push. Deterministic rules, never LLM judgment.
03 / Identity
TAP certificate per agent.
Every agent you route through Gateway gets a Trust Attestation Protocol certificate. Revocable in one API call. Cascade revocation across all queued actions via VARP.
04 / Audit
VOAF-sealed every request.
SHA-256 hash chain. Third-party verifiable with open-source vigil-verify CLI. Export as VOAF, VOAF-M for training, or Markdown. Hold up in regulatory and legal review.
05 / Observability
Real-time dashboard.
Per-project request volume, anomaly rate, gate trigger count, cost attribution across providers. SIEM export on Team and Enterprise. Native Datadog and Splunk integrations in roadmap.
06 / Reliability
Singapore and US regions.
Primary region Fly.io Singapore. US and EU in roadmap. Circuit-breaker passes through on Gateway outage. Provider SLA unchanged. Added latency under 40ms p95.
Pricing

Four tiers. One engine. Scale as your agents do.

Consumer Citadel and Sovereign plans include Gateway quota for your own cloud agents. Developer and above buy scale. Enterprise buys SLA and SOC 2.

Bundled
Free
$0
Included with Citadel / Sovereign
Gateway quota for a consumer's own cloud agents. For individual builders with Vigil already installed.
  • VolumeUp to 100k requests / month
  • ProvidersOpenAI, Anthropic, Google, Groq
  • PolicyYour Citadel/Sovereign policy applies
  • SupportCommunity forum
See consumer plans
Most popular
Developer
$49
per month
For individual developers shipping agents. Higher volume, single key, full dashboard access.
  • Volume1M requests / month
  • KeysSingle project key
  • DashboardFull Gateway console
  • PolicyCustom policy rules
  • SupportCommunity + email
Small teams
Team
$499
per month
Shared workspace for small companies routing production agent traffic through Vigil.
  • Volume10M requests / month
  • KeysMultiple projects, SSO
  • PolicyShared team policies
  • AuditVOAF export + SIEM
  • SupportEmail, 24h response
Regulated scale
Enterprise
Custom
From $5k / month
SLA, SOC 2 in scope, dedicated support, self-hosted option. WARDEN standard included.
  • VolumeUnlimited, custom SLA
  • DeploySelf-hosted option
  • SecuritySOC 2, SSO/SCIM, SIEM
  • ProtocolFull TAP / VARP / VOAF
  • SupportDedicated success manager
Talk to sales
Integrations

Native support. Framework-first.

Gateway works with any SDK that lets you override the base URL. We are also shipping first-class integrations with the frameworks most agents are written in.

Framework
Drop-in LLM wrapper. One-line replacement for ChatOpenAI, ChatAnthropic. Automatic TAP issuance per chain.
Partnership in discussion
Agent runtime
Native TAPAgent primitive. Every node in your graph gets a verifiable identity. VARP-aware state machine.
Partnership in discussion
Protocol
Anthropic Model Context Protocol. Gateway operates as an MCP-aware proxy. TAP rides on the MCP session header.
Roadmap Q3 2026
SDK
Base URL override. Works today. Documented recipe for streamText and generateText with Vigil coverage.
Works today
Infrastructure
Complementary positioning. Cloudflare handles caching and rate limiting. Vigil handles defense and audit.
Partnership in discussion
Platform
Environment variable configuration. Covered via Cloud Agent Registry. Status visible in Vigil dashboard.
Works today
Hosting
One-click deploy of Gateway daemon alongside your agent. TAP-by-default. Low-latency sidecar for power users.
Roadmap Q4 2026
Open spec
TypeScript and Python Vigil SDKs in development. Richer metadata for framework authors. TAP and VOAF in one import.
Roadmap Q4 2026
Protocol

Every agent gets a verifiable identity.

Gateway issues a Trust Attestation Protocol certificate to every agent that routes through it. The certificate declares what the agent is, what it can do, and who vouches for it.

When an agent gets compromised, a single VARP call revokes the certificate and cascades the revocation across every queued action across every surface. No more chasing down leaked access tokens manually.

Every request generates a VOAF record. SHA-256 chained. Third-party verifiable with the open-source vigil-verify CLI. You own the audit trail.

Read the spec →
TAP certificate · example
agent_id
agt_a47e9c1b
issuer
vigil-authority/v2
principal
user@example.com
scope
chat.read, chat.write,
stripe.read
restricted
stripe.transfer.>1000
valid_until
2026-05-21T14:22:00Z
revocation
varp://revoke/agt_a47e9c1b
signature
0x4b8f...e2a1
Questions

The honest answers.

Does Gateway see my prompts?
Yes. Gateway is an inline proxy. It has to inspect the request and response to run detection. Prompts and responses are processed in memory, VOAF-sealed in your project's audit log, and not retained otherwise. They are not used for training. They are not shared with providers beyond the original intended upstream call. Enterprise tier supports self-hosted Gateway where traffic never leaves your VPC.
What is the latency overhead?
Under 40ms p95 for standard requests. Detection runs in parallel with the provider call, not sequentially. Gate-triggered holds add the approval wait time only for the Tier 2 or Tier 3 actions that trigger them. Everything else streams through at provider-native latency.
What happens if Gateway goes down?
Circuit breaker mode. On Gateway outage, configured projects can pass through to the provider directly. You lose defense on those requests but you do not lose availability. Outage events are VOAF-logged with a flag so your audit trail remains honest about coverage gaps.
Which providers are supported?
At launch: OpenAI, Anthropic, Google (Gemini), Groq. Any provider with an OpenAI-compatible API works immediately. Enterprise tier can request additional provider support with a typical two-week lead time.
How does Gateway compare to Cloudflare AI Gateway or Portkey?
They are observability layers. They log, cache, and rate-limit. Vigil is a defense layer. It detects, enforces, and revokes. The two are complementary. You can use Cloudflare for caching and Vigil for defense without conflict. The integration is in discussion with the Cloudflare team.
Is there an open-source version?
The protocol specifications (TAP, VARP, VOAF) are open. The vigil-verify CLI that validates VOAF audit records is open source. The Gateway proxy itself is a hosted service. Enterprise tier includes the self-hosted deployment option with source-available licensing.

Cover your agents before they cover for you.

The agent economy is shipping. The defense layer is not. Put your cloud traffic through Gateway today and take the next 15 minutes off your threat surface forever.

Get API keyRead the docs →
PlatformThe AI defense platform for AI·Buildv2.1.0 · 362 tests · 11 crates · 31 endpoints · <10ms p99·PatentsVIGIL-2026-001 · VIGIL-2026-002·RegulatoryNIST docket 2025-0035 · mmk-190r-hvap