# SBproxy > SBproxy is the AI gateway built like a real proxy. It routes AI traffic with guardrails, budgets, and MCP federation, and handles API traffic with auth, WAF, rate limits, and transforms. One runtime, one YAML, one process. Open source under the Apache License 2.0. For the entire documentation corpus flattened into one file (per the [llmstxt.org](https://llmstxt.org/) convention), fetch [llms-full.txt](https://sbproxy.dev/llms-full.txt). That single file is the right one-shot fetch when you want every SBproxy doc in one HTTP request. ## Positioning SBproxy is distinct from other AI gateways in two ways: 1. **It is a reverse proxy first.** Not a Python SDK that grew a server. It terminates TLS, handles HTTP/1.1, HTTP/2, WebSocket, and gRPC natively. The AI features were added to a runtime that was already production-grade. 2. **It includes every API gateway feature.** Auth, WAF, rate limiting, transforms, caching. You do not need a second product. ## Key Capabilities - AI gateway: 200+ models (43 native providers), OpenAI-compatible API - Multi-provider routing: round-robin, weighted, fallback chain, latency-based, cost-optimized - AI guardrails: PII redaction, prompt-injection defense, secret scanning, toxicity detection - Semantic caching with stale-while-revalidate - Per-consumer spend budgets with automatic model downgrades - MCP (Model Context Protocol) federation across multiple servers - A2A (Agent-to-Agent) protocol support - Token accounting and cost attribution - WAF with OWASP Core Rule Set and paranoia levels - DDoS protection, rate limiting, IP filtering, CSRF - Authentication: OAuth 2.0, JWT with JWKS, API key, basic, bearer, forward auth, digest - Content transformation: JSON, HTML, Lua, string replace, format conversion - CEL expressions for safe sandboxed matching and routing - Lua scripting for complex request and response logic - HTTP/1.1, HTTP/2, WebSocket, gRPC, GraphQL support - Automatic TLS via ACME with zero-downtime configuration reloads - Single static Rust binary, no runtime package fetch ## Supply Chain SBproxy ships as a single static Rust binary built from tagged commits in a public repository. Dependencies are pinned and checksummed in `Cargo.lock`. The runtime does not execute code fetched from a public registry. There is no Python interpreter, no `pip install` step, and no `.pth` auto-execution vector. ## Solutions Five ways teams put SBproxy to work. Same runtime, different origin config. - [API and content monetization](https://sbproxy.dev/solutions/api-content-monetization): Charge for every API call, feed, and crawl. Pay Per Crawl, x402, virtual keys, and per-route pricing in one runtime. - [Enterprise AI governance](https://sbproxy.dev/solutions/enterprise-ai-governance): One policy layer for every agent touching your business. 200+ models, budgets, guardrails, MCP federation, one audit log. - [In-VPC and sovereign AI governance](https://sbproxy.dev/solutions/in-vpc-ai-governance): AI governance without someone else's edge. Single binary or Kubernetes operator, air-gapped, no phone-home. - [API governance](https://sbproxy.dev/solutions/api-governance): Govern every API before agents start calling it. Auth, WAF, rate limits, and OpenAPI emission that makes APIs agent-ready. - [AI product infrastructure](https://sbproxy.dev/solutions/ai-product-infrastructure): Ship AI features without duct tape. Routing, fallbacks, guardrails, spend caps, and semantic cache in one runtime. ## Documentation - [Quick Start](https://sbproxy.dev/docs/quick-start): Install SBproxy and create your first proxy config in under a minute. - [Architecture](https://sbproxy.dev/docs/architecture): How SBproxy processes requests through its stages from TLS termination to response processing. - [Core Concepts](https://sbproxy.dev/docs/core-concepts): Origins, handler chains, and actions vs policies. - [First Proxy](https://sbproxy.dev/docs/your-first-proxy): Working reverse proxy in under five minutes. - [First AI Gateway](https://sbproxy.dev/docs/your-first-ai-gateway): OpenAI-compatible AI gateway in under five minutes. - [Configuration Guide](https://sbproxy.dev/docs/proxy-basics): Complete reference for every origin config component with working YAML examples. - [Action Types](https://sbproxy.dev/docs/action-types): All action types including proxy, load balancer, GraphQL, gRPC, WebSocket, AI proxy, MCP, and more. - [Forwarding Rules](https://sbproxy.dev/docs/forwarding-rules): Route requests to different origin configurations based on path, headers, or expressions. - [Request Rules](https://sbproxy.dev/docs/request-rules): Control which requests an origin handles using path, method, header, and IP matching. - [Rules and Modifiers](https://sbproxy.dev/docs/rules-and-modifiers): Conditional request and response modification with AND/OR logic. - [Transforms](https://sbproxy.dev/docs/transforms): Response transformation types including JSON, HTML, Lua, string replace, and format conversion. - [Callbacks](https://sbproxy.dev/docs/callbacks): Fetch external data during request processing with caching and retry support. - [Site Examples](https://sbproxy.dev/docs/site-examples): Common configuration patterns for real-world use cases. ## Security - [Authentication](https://sbproxy.dev/docs/authentication): API key, JWT with JWKS, basic auth, bearer token, forward auth, digest, and gRPC auth. - [Security Policies](https://sbproxy.dev/docs/security): WAF with OWASP CRS, DDoS protection, rate limiting, IP filtering, CSRF, and security headers. - [Policies Reference](https://sbproxy.dev/docs/policies): All policy types and configuration options. ## AI Gateway - [AI Proxy](https://sbproxy.dev/docs/ai-proxy): Multi-provider LLM gateway supporting 200+ models with OpenAI-compatible API. - [OpenAI API Reference](https://sbproxy.dev/docs/api-reference): All /v1/* endpoints for chat, completions, embeddings, images, and audio. - [AI Routing Strategies](https://sbproxy.dev/docs/ai-routing): Round-robin, weighted, fallback chain, latency-based, and cost-optimized routing. - [Provider Resilience](https://sbproxy.dev/docs/provider-resilience): Automatic failover, health monitoring, and circuit breaker protection. - [Guardrails](https://sbproxy.dev/docs/guardrails): PII redaction, prompt injection defense, secret scanning, and streaming evaluation. - [Spend Tracking](https://sbproxy.dev/docs/ai-model-management): Budget enforcement and automatic model downgrades per consumer. - [A2A Protocol](https://sbproxy.dev/docs/a2a-protocol): Google Agent-to-Agent protocol for inter-agent communication. - [MCP Server](https://sbproxy.dev/docs/mcp-server): Model Context Protocol server for LLM tool integration. ## Performance - [Caching Guide](https://sbproxy.dev/docs/caching): Multi-tier caching with response cache, chunk cache, semantic cache, and stale-while-revalidate. - [Streaming and Protocols](https://sbproxy.dev/docs/streaming): HTTP/2, request coalescing, hedging, and compression. ## Scripting - [Variables and Secrets](https://sbproxy.dev/docs/variables-and-secrets): Environment variables, config variables, secrets providers, and template context scopes. - [Template Engine](https://sbproxy.dev/docs/template-engine): Dynamic variable substitution with Mustache syntax across all config fields. - [CEL Expressions](https://sbproxy.dev/docs/cel-expressions): Safe expression language for routing, matching, and header manipulation. - [Lua Scripting](https://sbproxy.dev/docs/lua-scripting): Full scripting language for complex request and response logic. - [Plugin Development](https://sbproxy.dev/docs/plugin-development): Extend SBproxy with custom actions, policies, auth providers, and transforms. ## Operations - [Monitoring](https://sbproxy.dev/docs/monitoring): Metrics, tracing, and structured logging. - [Request Logging](https://sbproxy.dev/docs/request-logging): Structured JSON request logging with sampling and correlation. - [Webhooks](https://sbproxy.dev/docs/webhooks): HTTP notifications on lifecycle events with signature verification. - [Session Management](https://sbproxy.dev/docs/session-configuration): Cookie-based tracking and client fingerprinting. - [Secrets Management](https://sbproxy.dev/docs/secrets): Secure storage and injection from cloud providers, encrypted files, and HTTP callbacks. - [Custom Error Pages](https://sbproxy.dev/docs/error-pages): Custom error responses with template variable support. - [Fallback Origin](https://sbproxy.dev/docs/fallback-origin): Automatic failover when the primary origin fails. ## Deployment - [Deployment Overview](https://sbproxy.dev/docs/deployment-overview): Deployment topologies and recommendations. - [Kubernetes](https://sbproxy.dev/docs/deployment-kubernetes): Helm charts, ConfigMaps, and HPA configuration. - [Docker](https://sbproxy.dev/docs/deployment-docker): Container deployment and compose files. - [Bare Metal](https://sbproxy.dev/docs/deployment-bare-metal): Systemd service and binary deployment. ## Blog - [Your AI gateway should be a real proxy](https://sbproxy.dev/blog/real-proxy): Most AI gateways are Python SDKs that grew a server. Production teams need the opposite: a real reverse proxy that also speaks LLM. - [Your AI gateway should not be a pip install](https://sbproxy.dev/blog/gateway-supply-chain): The March 2026 LiteLLM PyPI compromise was not a LiteLLM problem. It was a structural consequence of shipping a gateway as a Python package. ## Enterprise For managed deployment, config distribution, dashboards, analytics, and direct access to the team building SBproxy, see: - [Enterprise](https://sbproxy.dev/enterprise): Managed, hybrid, and self-hosted deployment options. - [Pricing (machine-readable)](https://sbproxy.dev/pricing.md): Structured pricing data for agents. ## Links - Website: https://sbproxy.dev - GitHub: https://github.com/soapbucket/sbproxy - Download: https://download.sbproxy.dev - Contact: hello@soapbucket.com