Free · Kyde Gateway Starter

Your agents are acting.
See what they're doing.

Deploy the KYDE Gateway via Docker Compose, then point your agent at it with one environment variable. Within minutes, every agent call in your environment appears on a dashboard, attributed, hash-chained, and observable. An independent witness for every agent action.

FIG.0 · What you download The dashboard · Fleet Status view
kyde.intranet/dashboard/topology

Fleet Status

System health and active threat overview

Last 24 hours ↓

Fleet Health Score

78

/100

Stable across 12 active agents
Critical At risk Healthy
Security 84
Integrity 74
Reliability 80
Economics 87
Compliance 76
Breach 1 critical incident in progress
View incident →

Active Agents

12

Open Alerts

34

Blocked Chains (24h)

1

Data Integrity

✓ Verified

The Fleet Status view of the dashboard that ships in the box: one health score across your fleet, every agent, alert, and incident in one place.

What you'll see

The dashboard shows everything your agents are doing, in real time.

Most organizations deploying AI agents have no consolidated view of what those agents actually do. Which endpoints they call. How often. With what data.

The Starter edition makes that visible. Every call intercepted by the Gateway appears in the dashboard, attributed to an agent, hash-chained, and timestamped.

Agent activity feed

Every call, tool use and API interaction, in real time.

Agent identity

Which agent or service account performed each action.

Provider breakdown

Calls across OpenAI, Anthropic, Gemini, and local models in one view.

Coverage indicator

Share of observable agent traffic passing through the Gateway.

DLP alerts

Post-hoc detection when sensitive data patterns appear in responses.

Hash-chained ledger

Append-only record; tampering with any entry breaks every hash after it.

FIG.1 · Fleet view
crm-sales-04
agent:crm-sales-04 Flagged
Action export:all_contacts
Policy dlp-standard · detect
Ledger #a4d1…9f2c · chained
View in ledger →
01 · Deploy
01

Clone and start the Gateway

Clone the repo, set one password, run Docker Compose. The Gateway, ledger, and dashboard start together.

02

Set one environment variable

Point any agent or LLM client at the Gateway. Works with OpenAI- and Anthropic-style clients. No code changes in your agents.

03

Open the dashboard

Agent calls appear immediately. Coverage, identity, and hash-chained events, visible from the first request.

terminal

# Step 1, clone and start the Gateway

$ git clone https://github.com/kydehq/gateway.git && cd gateway

$ cp .env.sandbox.example .env.sandbox # set POSTGRES_PASSWORD

$ docker compose --env-file .env.sandbox \

-f docker-compose.yml -f docker-compose.prod.yml up -d

✓ Gateway healthy · Proxy at http://localhost:4000

✓ Ledger initialized · Dashboard at http://localhost:8080

# Step 2, point your agent at the Gateway

$ export OPENAI_BASE_URL=http://localhost:4000/v1

# Anthropic-style clients: export ANTHROPIC_BASE_URL=http://localhost:4000

# Step 3, run your agent as usual

$ python run_agent.py

✓ 1 new event · agent:default · crm.query · chained

✓ 2 new events · agent:default · slack.send · chained

# Open http://localhost:8080 to see the dashboard

Requires: Docker · Docker Compose · An agent that calls an LLM API

Full quickstart and docs on GitHub →

Starter vs. Enterprise

Kyde Gateway Starter

Free

An independent witness for every agent action:

  • Dashboard, agent activity in real time
  • Hash-chained, append-only ledger
  • Coverage indicator
  • DLP alerts (post-hoc, detect only)
  • Compliance PDF exports
  • All LLM providers
  • Self-hosted, prompts and payloads stay in your network
  • No SLA · No support commitment

Kyde Gateway Enterprise

Paid

Everything in Starter, plus the guard that blocks what must not happen:

  • Inline enforcement, block out-of-policy actions before execution
  • Ed25519-signed ledger, hardware-rootable keys (PKCS#11 / HSM)
  • Agent identity and role scoping (deny-by-default)
  • MCP per-tool policy
  • RBAC across agents and teams
  • Trust Score™ with Coverage Report
  • Managed signing infrastructure and key management
  • SLA and support
  • Air-gapped deployment option

Common questions

Does the Starter edition send any data to KYDE?

No, not unless you turn it on. Prompts, responses and payload content always remain on your infrastructure, stored in your local ledger. Telemetry is opt-in and disabled by default; when enabled, it transmits only pseudonymized aggregate counts (event volumes, model and endpoint categories), never message content. A fully air-gapped deployment is available in the Enterprise tier.

Does it work with any LLM provider?

Yes. One Gateway instance proxies all supported providers simultaneously: OpenAI, Anthropic, Gemini, Copilot, Azure OpenAI, Mistral, and local models via Ollama, vLLM, or LMStudio. The upstream is auto-detected from the request path; auth headers pass through untouched. MCP-routed calls are also supported.

Do my agents need to be modified?

No. Set one environment variable pointing the agent's base URL to the Gateway. The agent continues to operate as before, the Gateway intercepts transparently.

Is Starter the same Gateway as Enterprise?

The underlying Gateway is the same. The Starter edition runs the observe layer only, it records every event into a hash-chained ledger, but does not block. Ed25519 signing and enforcement (blocking out-of-policy actions) require the Enterprise tier.

What happens when Starter is not enough?

Contact us. We'll discuss your use case and can provision an Enterprise trial with enforcement enabled.

Questions? Ready for Enterprise?

Whether something didn't work, you need enforcement, or you want to discuss a production deployment, we're one message away.

hello@kyde.com →