One high-performance gateway for service, LLM, and MCP traffic.
An open source HTTP and gRPC gateway that handles traditional application traffic and AI-native protocols in one data plane. Route, secure, observe, and govern services, LLM provider traffic, MCP tools, and agent-to-agent communication without stitching together separate gateways.
LLM Gateway
Route to OpenAI, Claude, Gemini, or any self-hosted model with credentialing and failover.
MCP / A2A
Native protocol support for Model Context Protocol and agent-to-agent traffic.
APIs & Services
HTTP, gRPC, and TCP traffic — observable by default with mTLS and OIDC built in.
Everything you need for agent traffic — in one binary.
One control plane for service traffic, LLM routing, MCP, A2A, and inference — with policy and observability that the platform team actually trusts.
Service Gateway
HTTP, gRPC, TCP — observable by default.
Run any north–south or east–west traffic through a single binary. Zero-config TLS, OIDC, mTLS-rotation, native Envoy compatibility for those who want it.
HTTP/2gRPCmTLSTLS-1.3
LLM Gateway
Route, fail over, and budget across 12+ model backends.
Drop-in OpenAI-compatible API in front of OpenAI, Anthropic, Bedrock, Gemini, Vertex, Cohere, OSS Llama runs — with per-team token budgets, semantic caching and prompt redaction.
OpenAIAnthropicBedrockGeminiVertex
Inference Routing
Smart routing across self-hosted GPU pools.
Latency-aware, cost-aware, model-aware routing for self-hosted inference. Plug-in vLLM, TGI, Triton; agentgateway picks the warmest replica.
vLLMTGITriton
MCP Gateway
A control plane for the Model Context Protocol.
Discover, sign, scope and observe every tool call your agents make. Treat MCP servers like microservices — with versioning, RBAC, and audit trails out of the box.
DiscoveryRBACAudit
A2A Gateway
Bridge agents written in any framework.
agentgateway speaks the Agent-to-Agent protocol natively. Route invocations between LangChain, CrewAI, ADK and your own runtime — with identity, tracing, and replay.
LangChainCrewAIADKIdentity
Security & Observability
Per-call traces, logs, and policy decisions.
OpenTelemetry by default. Per-tool, per-agent, per-tenant counters. OPA-evaluated allow/deny on every hop, with tamper-evident audit logs.
OTELOPAAuditPII-shield
# Install the agentgateway binary
$ curl -sL https://agentgateway.dev/install | bash
# Run
$ agentgateway
# info app serving UI at http://localhost:15000/ui
# Install Gateway API CRDs
$ kubectl apply --server-side --force-conflicts \
-f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.5.0/standard-install.yaml
# Install agentgateway CRDs via Helm
$ helm upgrade -i agentgateway-crds \
oci://cr.agentgateway.dev/charts/agentgateway-crds \
--create-namespace --namespace agentgateway-system \
--version v1.3.0
# Install agentgateway via Helm
$ helm upgrade -i agentgateway \
oci://cr.agentgateway.dev/charts/agentgateway \
--namespace agentgateway-system \
--version v1.3.0
# Run agentgateway in a container
$ docker run -p 3000:3000 -p 15000:15000 \
-v $(pwd)/config.yaml:/etc/agentgateway/config.yaml \
ghcr.io/agentgateway/agentgateway:latest \
-f /etc/agentgateway/config.yaml
Quick start
Get started with agentgateway in less than 5 minutes — local-first.
MCP connectivity guide
Connect agentgateway to MCP servers with built-in discovery and auth.
Deployment options
Binary, Docker, or Kubernetes — pick what fits your stack.
Popular integrations
"The future won’t be built by standalone agents, MCP servers or LLMs — it’s shaped by their interconnection and ability to work together seamlessly. To unlock their full potential, we must apply policies, ensure control and maintain clear visibility into their interactions. This is where agentgateway plays a pivotal role — bridging not only agent-to-agent (A2A) communication but also agent-to-MCP servers, filling a critical gap in the ecosystem. I look forward to seeing the project’s continued momentum within the Linux Foundation."
global chief technology officer & chief AI officer, Dell
"One of the biggest open security problems today is how to do MCP security effectively. While there are a lot of problems in this space that the community doesn't know how to address, the agentgateway project provides a first step toward addressing some of the important issues with basic role-based access control and visibility of actions to MCP servers. I look forward to seeing how this project adapts and evolves to handle the complex, evolving threats in this space under open source governance."
Jamie Capper · published in The New York Times