Open-source gateway (npx)
Run the AxioRank AI Gateway on your own machine. One command, guardrails on by default, and a signed receipt on every response. MIT licensed, zero runtime dependencies.
@axiorank/gateway is the open-source core of the AI Gateway: an OpenAI-compatible
proxy you run locally with one command. Guardrails run on the hot path with no
network round trip, and every response leaves a signed, offline-verifiable receipt.
It is MIT licensed with zero runtime dependencies.
Quickstart
export OPENAI_API_KEY=sk-...
npx @axiorank/gatewayPoint any OpenAI client at it. That is the whole change.
from openai import OpenAI
client = OpenAI(base_url="http://localhost:8787/v1", api_key="sk-...")
client.chat.completions.create(model="gpt-4o-mini", messages=[{"role": "user", "content": "hi"}])See the whole story offline, with no API key, in the built-in demo:
npx @axiorank/gateway demoIt fires three requests through a mock upstream: a prompt injection is blocked, a leaked secret is masked before it reaches the model, and a clean request returns a signed receipt that is verified live.
Guardrails
Guardrails run locally on every call. Two modes cover the prompt and the completion.
| Mode | Prompt (default block) | Completion (default redact) |
|---|---|---|
block | a deny stops the call with a 403 | a poisoned or leaking answer is withheld |
redact | mask secrets and PII, forward the rest | mask secrets and PII in the answer |
observe | score and record, never act | score and record, never act |
off | skip | skip |
Redact mode masks what it can (secrets, PII) and blocks what it cannot (injection,
destructive operations). Every response carries x-axiorank-risk and
x-axiorank-signals headers with the categories only, never the evidence.
Routing and reliability
A route maps an alias to an ordered list of provider targets.
{
"routes": [{
"alias": "axio/auto",
"strategy": "cost", // failover | cost | round_robin
"retryCount": 1,
"timeoutMs": 60000,
"targets": [
{ "upstream": "openai", "model": "gpt-4o-mini" },
{ "upstream": "groq", "model": "llama-3.3-70b-versatile" },
{ "upstream": "ollama", "model": "qwen2.5" }
]
}]
}Send model: "axio/auto" and the gateway picks the primary by strategy, retries a
transient failure, and fails over to the next target on a 429, timeout, or 5xx.
First-class upstreams are openai, azure, openrouter, and any custom base
URL. Presets like groq, together, fireworks, mistral, deepseek, xai,
anthropic, gemini, ollama, vllm, and lmstudio are shorthand for a custom
endpoint, so any OpenAI-compatible provider works.
Receipts
Every response leaves a signed Gateway Receipt that commits, with hashes only, to what the gateway did: the route it chose, the guardrail verdicts, redaction counts, token counts, and the hash of the exact body it returned. Receipts are chained, so the whole log is tamper evident.
npx @axiorank/gateway verify ~/.axiorank/gateway/receipts.jsonl
# receipt chain valid (128 receipts, key a1b2c3d4)The signature is a detached Ed25519 over the JCS-canonical payload, the same
primitive the AxioRank platform uses, so any standard library can verify it. The
public key is at http://localhost:8787/.well-known/axiorank/jwks.json.
Open source and AxioRank Cloud
The gateway is complete on its own. Set AXIORANK_KEY to light up the hosted
platform on top of it.
| This package (free) | AxioRank Cloud | |
|---|---|---|
| Guardrails | local, offline | hosted detectors and ML judge |
| Signed receipts | local, chained log | transparency log with independent witnesses |
| Routing, failover, retries | yes | plus a dashboard and per-alias analytics |
| Response cache | exact match, in memory | exact match today, semantic cache on the roadmap |
| Policy, approvals, spend | local default posture | custom policy, human approvals, budgets, SIEM |
| Route sync | pull and push | managed in the dashboard |
The repository is at github.com/AxioRank/gateway. Deploy with Docker, Node 20 or newer, or Cloudflare Workers.
AI Gateway (drop-in proxy)
Govern every model call across your org by changing one base URL. No application code changes.
Agent Runs (traces, sessions, metadata)
Group an agent's tool calls and model turns into one run, group runs into sessions, tag calls with your own metadata, and read it all back with per-step cost and latency.