A Scalable Platform Built on top of Kubernetes to Provide Secure Remote Access, Deployment, Dynamic Routing, Unified Identity and User Management as well as L7-aware Access Control and Visibility for all your AI Agents to APIs, LLMs and MCP Servers, Databases, SSH Servers Wherever They are Whether Internal Servers Behind NAT(e.g. Private Clouds, Containers, IoT, Your own Laptop) as well as to Publicly Protected SaaS Resources

Identity-based, Context-aware, L7-aware Access Control via ABAC and Policy-as-Code using CEL and Open Policy Agent (OPA) on a per-Request basis that Controls Access based on HTTP Request Headers, Paths, and Serialized JSON Body Content

Apply your Own Custom Identity-based, Context-aware Request/Response Manipulation, Guardrails, Semantic Caching, Rate Limiting and Call External APIs with Dynamic Lua Scripts and Envoy ExtProc Compliant Servers

A Unified Scalable Architecture on top of Kubernetes to Provide both Zero-Config Client-based Access over WireGuard/QUIC with Centralized Private DNS as well as Public Clientless BeyondCorp and even Anonymous Access

A PaaS-like Platform to Effortlessly Deploy, Scale and Secure Access to Containerized Applications of any Kind, Including Self-hosted LLMs and Streamable-HTTP MCP Servers.

Unified, Stable Access for your Workloads written in any Programming Language to all your APIs via Standard OAuth2 Client-Credentials Flow without having to use Special SDKs

Instantly integrate any OpenID Connect and SAML 2.0 SSO Identity Provider and Control Access for your Team. Force Strong MFA via FIDO2 Phishing Resistant Authenticators into Access Control to Sensitive Resources.

OpenTelemetry-ready Layer-7 Aware, Real-Time Visibility and Auditing to Your Log Management and SIEM Providers. Audit your HTTP Request/Response Headers and Serialized Body Content, SSH Recordings and Database Queries.

Designed to be Administered like Kubernetes via DevOps/GitOps-friendly Centralized and Declarative Way. Fully Programmable over gRPC for More Control.