AxioRankDocs

Open-source gateway (npx)

Run the AxioRank AI Gateway on your own machine. One command, guardrails on by default, and a signed receipt on every response. MIT licensed, zero runtime dependencies.

@axiorank/gateway is the open-source core of the AI Gateway: an OpenAI-compatible proxy you run locally with one command. Guardrails run on the hot path with no network round trip, and every response leaves a signed, offline-verifiable receipt. It is MIT licensed with zero runtime dependencies.

Quickstart

export OPENAI_API_KEY=sk-...
npx @axiorank/gateway

Point any OpenAI client at it. That is the whole change.

from openai import OpenAI
client = OpenAI(base_url="http://localhost:8787/v1", api_key="sk-...")
client.chat.completions.create(model="gpt-4o-mini", messages=[{"role": "user", "content": "hi"}])

See the whole story offline, with no API key, in the built-in demo:

npx @axiorank/gateway demo

It fires three requests through a mock upstream: a prompt injection is blocked, a leaked secret is masked before it reaches the model, and a clean request returns a signed receipt that is verified live.

Guardrails

Guardrails run locally on every call. Two modes cover the prompt and the completion.

ModePrompt (default block)Completion (default redact)
blocka deny stops the call with a 403a poisoned or leaking answer is withheld
redactmask secrets and PII, forward the restmask secrets and PII in the answer
observescore and record, never actscore and record, never act
offskipskip

Redact mode masks what it can (secrets, PII) and blocks what it cannot (injection, destructive operations). Every response carries x-axiorank-risk and x-axiorank-signals headers with the categories only, never the evidence.

Routing and reliability

A route maps an alias to an ordered list of provider targets.

{
  "routes": [{
    "alias": "axio/auto",
    "strategy": "cost",          // failover | cost | round_robin
    "retryCount": 1,
    "timeoutMs": 60000,
    "targets": [
      { "upstream": "openai", "model": "gpt-4o-mini" },
      { "upstream": "groq", "model": "llama-3.3-70b-versatile" },
      { "upstream": "ollama", "model": "qwen2.5" }
    ]
  }]
}

Send model: "axio/auto" and the gateway picks the primary by strategy, retries a transient failure, and fails over to the next target on a 429, timeout, or 5xx. First-class upstreams are openai, azure, openrouter, and any custom base URL. Presets like groq, together, fireworks, mistral, deepseek, xai, anthropic, gemini, ollama, vllm, and lmstudio are shorthand for a custom endpoint, so any OpenAI-compatible provider works.

Receipts

Every response leaves a signed Gateway Receipt that commits, with hashes only, to what the gateway did: the route it chose, the guardrail verdicts, redaction counts, token counts, and the hash of the exact body it returned. Receipts are chained, so the whole log is tamper evident.

npx @axiorank/gateway verify ~/.axiorank/gateway/receipts.jsonl
# receipt chain valid (128 receipts, key a1b2c3d4)

The signature is a detached Ed25519 over the JCS-canonical payload, the same primitive the AxioRank platform uses, so any standard library can verify it. The public key is at http://localhost:8787/.well-known/axiorank/jwks.json.

Open source and AxioRank Cloud

The gateway is complete on its own. Set AXIORANK_KEY to light up the hosted platform on top of it.

This package (free)AxioRank Cloud
Guardrailslocal, offlinehosted detectors and ML judge
Signed receiptslocal, chained logtransparency log with independent witnesses
Routing, failover, retriesyesplus a dashboard and per-alias analytics
Response cacheexact match, in memoryexact match today, semantic cache on the roadmap
Policy, approvals, spendlocal default posturecustom policy, human approvals, budgets, SIEM
Route syncpull and pushmanaged in the dashboard

The repository is at github.com/AxioRank/gateway. Deploy with Docker, Node 20 or newer, or Cloudflare Workers.

On this page