Gatekeeper
AI budget vault · provider routing control

One vault for AI Spend.
Govern every model call.

Put provider keys, routing rules, role budgets, and usage evidence behind one controlled gateway. Gatekeeper is the spend-control layer for founders who want one operator to manage many AI companies without losing financial visibility.

Target
overhead
15+
providers
Ledger
key proof
Beta
CRDT proof
DEMO
$ curl https://api.gatekeeper.run/v1/chat/completions \
-H "Authorization: Bearer bh_k1_prod_abc123" \
-d '{"model":"gpt-4o","messages":[{"role":"user","content":"..."}]}'
→ Key verification target checked [offline, no network call]
→ Rate check target: CRDT GCounter [no Redis]
→ gpt-4o (faster, lower cost for this query)
→ Encoded: 245B (was 2.3KB JSON via Cap'n Proto)
< HTTP/2 200 [overhead target tracked in claim ledger]
data: {"delta":{"content":"The answer"}}
data: {"delta":{"content":" is 42."}}
data: [DONE]
✓ Cost: $0.0031 Budget: $12.43 / $50.00 [74.9% remaining]
Gatekeeper brand package

Turn AI budget control into a boardroom-grade trust surface.

Gatekeeper now has repo-saved hero art, carousel frames, pricing media, and launch graphics built around vaults, routes, budgets, providers, and audit evidence. Generated visuals stay illustrative until the claim ledger links them to product proof.

Hero-ready
No watermark
Mobile crop
Contrast-safe
Repo-saved
Optimized JPEG
Gatekeeper cinematic command center with AI key vaults, budgets, provider routing, and spend governance
vault-router mediaILLUSTRATIVE
problem

AI spend becomes a company-control problem

One operator running many companies needs per-worker keys, model access, provider routing, budgets, and audit trails.

product

A vault and router for governed requests

Gatekeeper centralizes key checks, provider routing, role budgets, and spend records across major model providers.

proof

Budgets become visible

The vault-router image turns invisible policy, spend, and provider controls into a buyer-ready trust surface.

upsell

From API keys to company budgets

A user managing spend naturally upgrades into Pitt Management portfolios with company-level controls.

cta

Put target models behind policy

Start with one gateway key, then scale into role budgets, marketplace templates, and virtual-company governance.

OpenAI GPT-4o|
Anthropic Claude|
Google Gemini|
Groq Llama3|
Together AI|
Mistral Large|
Cohere Command R+|
Perplexity|
Fireworks AI|
Replicate|
DeepSeek|
Ollama|
AWS Bedrock|
Azure OpenAI|
Vertex AI|
HuggingFace|
OpenRouter|
Anyscale|
Cloudflare AI|
+ 270 more via OpenRouter|
OpenAI GPT-4o|
Anthropic Claude|
Google Gemini|
Groq Llama3|
Together AI|
Mistral Large|
Cohere Command R+|
Perplexity|
Fireworks AI|
Replicate|
DeepSeek|
Ollama|
AWS Bedrock|
Azure OpenAI|
Vertex AI|
HuggingFace|
OpenRouter|
Anyscale|
Cloudflare AI|
+ 270 more via OpenRouter|
gatekeeper ~ verify

$ gatekeeper verify bh_k1_prod_abc123

Verifying key offline (no network call)...

Ed25519 signature: valid target benchmark

Rate limit: 847 / 10000 rpm CRDT target

Budget: $12.43 / $50.00 remaining

Providers: gpt-4o, claude-3-5-sonnet, gemini-2.0

──────────────────────────────────────────

total overhead: benchmark target end-to-end proof pending

Zero-Trust API Keys

API keys that verify OFFLINE.
No round trip to any server.

Your key is a cryptographic proof, not a database lookup. Ed25519 signature verification, CRDT checks, and test evidence are validated during assisted onboarding before broad claims.

Ed25519 Signature

Your key IS a cryptographic proof. Verification is a single elliptic curve operation. No database. No cache. No server call.

Proof target
Delegatable

Mint a sub-key scoped to only GPT-4, valid for 24h, for your contractor. Parent-constraint behavior is validated during onboarding.

Scoped sub-keys
Posture-Gated

Key only works if the requesting device passes health checks. Compromised machine → key silently invalid.

Device health
Epoch Kill Switch

Increment the epoch. Global invalidation behavior is verified during assisted onboarding before public timing claims.

Test evidence
Quick Start

Guided Setup.

No signup. No cloud account. No SaaS dashboard. Assisted onboarding confirms the first working setup before public self-serve promises.

$ docker run -p 8080:8080 \
  -e OPENAI_API_KEY=$OPENAI_API_KEY \
  ghcr.io/blackholemesh/gatekeeper:latest
Guided self-hosted setup path. No signup. No cloud. Your infra.
DockerKubernetesBare metalBlackhole mesh
Why self-hosted?
Your keys never leave
API keys stored in your environment. Gatekeeper never sends them upstream.
No vendor lock-in
Single binary. No external services required. Runs on any Linux, macOS, or container.
Internal latency target
Running inside your network avoids WAN round-trips for key verification; exact latency is benchmarked per setup.
Audit target
Request logging to BH_AUDIT is validated as part of the assisted setup checklist.
Migration

Change one line.

Drop-in replacement for OpenAI, Anthropic, and Ollama. Point your base URL at Gatekeeper. Standard SDK and framework paths are checked during assisted onboarding before compatibility claims are published.

Before
curl https://api.openai.com/v1/chat/completions \
  -H "Authorization: Bearer $OPENAI_KEY" \
  -d '{"model":"gpt-4o","messages":[...]}'
↓ change one line ↓
After
curl https://api.gatekeeper.run/v1/chat/completions \
  -H "Authorization: Bearer $GK_KEY" \
  -d '{"model":"gpt-4o","messages":[...]}'

Zero migration cost

Gatekeeper is OpenAI-API compatible. Change the base URL and your API key. Standard OpenAI-compatible SDK paths are validated during assisted onboarding.

  • OpenAI Python SDK
  • LangChain / LlamaIndex
  • Vercel AI SDK
  • Direct fetch / curl
Distributed Rate Limiting

Rate limits without a coordinator.

No Redis-first architecture target. CRDT rate limiting is validated during assisted onboarding. Each node can track usage independently and convergence is measured before production claims.

CRDT GCounter
Coordinator-free counting

Each gateway node can maintain its own usage shard. GCounter merge behavior and failure modes are validated during onboarding.

ZK Rate Proofs
Private usage attestation

Assisted-beta benchmark target: prove you're within your rate limit without revealing usage. ZK proof timing targets are tracked in the claim ledger before broad launch.

JetStream Audit
BH_AUDIT stream

All usage data streams to BH_AUDIT for tamper-evident audit trail. Post-mortems show exact usage per key, per provider, per model — with cryptographic integrity.

Provider Network

15+ providers. Automatic failover.

Provider outage failover is an assisted-beta proof target before broad self-serve launch. Target providers sit behind a single endpoint with unified key management.

OAI
OpenAI
A
Anthropic
G
Google
GQ
Groq
T
Together
M
Mistral
C
Cohere
P
Perplexity
F
Fireworks
R
Replicate
DS
DeepSeek
OL
Ollama
AWS
AWS Bedrock
AZ
Azure AI
GCP
Vertex AI
Provider health and incident claims require ledger evidence before public self-serve launch
Wire Format

Binary messages target smaller payloads than JSON.

Cap'n Proto binary encoding

Schema-aware binary decoding

Cap'n Proto examples show the intended binary format. Payload-size claims remain benchmark targets until linked to evidence in the claim ledger.

JSON average payload2,300 bytes
Cap'n Proto target message230 bytes
JetStream · 6 streams · 5 KV buckets

Auto-provisioned infrastructure

JetStream streams for usage telemetry, audit logs, and CRDT rate-limit state. Provisioning is validated during assisted setup.

BH_AUDITStreamTamper-evident API call log
BH_USAGEStreamPer-key CRDT usage deltas
BH_RATEKVGCounter shards per node
BH_KEYSKVKey metadata + epoch state
BH_HEALStreamBMAP self-healing events
Self-Healing

Gatekeeper self-heals via BMAP. assisted recovery targets.

Self-healing playbooks and recovery times are assisted-beta proof targets. JetStream event capture is validated during onboarding before broad public claims.

BMAP playbook execution trace
00:00DETECTOpenAI /v1/chat/completions → 503
00:02PLANBMAP playbook: provider-failover triggered
00:05EXECRerouting to Anthropic claude-3-5-sonnet
00:08VERIFYHealth check passed · traffic restored
00:28DONEJetStream healing event logged to BH_HEAL
Demo recovery trace · MTTR target tracked in claim ledger
Performance

An AI gateway launch path for offline verification,
CRDT rate limits, and XDP speed.

Performance claims are assisted-beta targets until linked to benchmark evidence.

Benchmark
Overhead target
Evidence required
Ledger
Key verification target
Offline benchmark required
Proof
Failover target
Provider outage recovery proof
Onboard
Cost reduction target
Routing proof required
Cost Savings

Target lower AI spend with automatic model tier routing.

Simple queries can route to cheaper models while complex queries escalate to frontier models. Exact savings and routing latency are verified during assisted onboarding.

API calls per day
100K
Monthly savings
$1K
10K/day10M/day

Smart routing can send simple queries to cheaper models after policy validation. Exact savings are verified during assisted onboarding.

A spend-control launch path with offline verification.

Ed25519 keys. CRDT rate limits. ZK proofs. XDP speed. 15+ providers. No auth service to scale. No coordinator to fail.

$ curl -s https://api.gatekeeper.run/v1/models