Built in Rust · ~30µs p50 governance · MCP + A2A native

Keep your AI agents on the level.

Plumb sits between your AI agents and every LLM provider to govern cost, cache redundant calls, and guard your data — in one line of code. Enforce budgets, cache redundant calls, and mask PII — without touching your agent logic.

agent.py
client = OpenAI(
    api_key="sk-your-provider-key",
    base_url="https://plumb.samji.in/v1",  # ← the only change
)
~30µs
governance overhead
MCP + A2A
protocol support
2 min
setup time
~30µs
p50 governance overhead
78
automated test cases
4-layer
token cost attribution
MCP + A2A
native protocol support
Integrate in 2 minutes

One line of code. No SDK.

01

Get your key

Sign in with Google or GitHub and create a Plumb key instantly.

02

Point to the gateway

Swap the base_url in your existing OpenAI-compatible client. That's it.

03

Watch it live

Real-time cost, cache savings, and security events land on your dashboard.

Why Plumb

A control plane, not just a proxy.

Your agents are in production. Now make sure a 2am recursive loop doesn't cost $10,000 — or leak a customer's data to a public API.

FinOps kill-switch

4-layer token attribution (prompt, tool, memory, response) with per-tenant daily budget caps. A runaway loop is severed in under a second — before it hits your bill.

Semantic caching

blake3-hashed request intent (messages + tools, tenant-isolated) short-circuits redundant LLM calls. You see actual spend vs. naive list-price — and the prompt-cache savings.

AgentTrust security

Inline, reversible PII redaction with an RBAC vault + audit trail, prompt-injection & tool-poisoning defense, and base64 exfiltration detection — before data leaves your walls.

Time-travel trace

Every request gets an x-trace-id with its full governance decision path, and can be deterministically replayed. Debug what your agents actually did — not what the logs claim.

Agent loop-breaker

Detects a session re-issuing the same intent repeatedly and hard-stops it with a 429 before it burns budget. Configurable window and threshold — no code changes needed.

Declarative policy rules

Block, redact, alert, or log requests matching configurable security rules. Catches credential exfil, SQL injection, and prompt-injection by default — extend with your own patterns.

Enterprise memory fabric

3-tier tenant-isolated memory (working, episodic, semantic) with sensitivity labels, clearance-gated reads, optimistic concurrency, and full version history.

Resilience & failover

Per-provider circuit breaker with automatic failover — including a local Ollama fallback for data sovereignty. SSE streaming pass-through with background token accounting.

Agent-action semantics

It reads intent, not just HTTP.

Traditional proxies only see paths and headers. When agents talk over MCP (JSON-RPC) or Agent-to-Agent, they go blind. Plumb parses the request body once and shares it across every analyzer.

  • JSON-RPC / MCP deobfuscation
    Intercepts the true intent of autonomous tool calls.
  • Memory-safe on the hot path
    Pure Rust — no GC pauses; ~30µs median governance overhead.
  • Streaming (SSE) pass-through
    Tokens and cost accounted in the background, never blocking the agent.
proxy.rs
async fn handle_proxy(req) {
  // parse the intent once, share everywhere
  let v = parse_body(&req);
  guard.analyze(&v);      // injection + PII
  loop_breaker.check(&v); // runaway cost
  if let Some(hit) = cache.get(&v) {
    return hit;         // blake3 semantic cache
  }
  stream_to_agent(upstream).await
}
Do the math

What's your runaway-loop risk?

See what a single unattended agent loop could cost — without governance.

5
100
$0.030

Normal hourly cost

$15.00

Overnight loop · 8h undetected

$120.00

Plumb severs runaway loops in under a second with per-request budget enforcement.

Built to be trusted

Your data stays yours.

Self-host or cloud

Pure-Rust binary, one Docker image. Runs in your VPC — your data never has to leave.

Reversible PII vault

Masking is reversible only via an RBAC-gated, fully-audited reveal. Logs are treated as production secrets.

No key storage

Your upstream Authorization header is passed through untouched. Plumb never stores provider keys.

Auditable by design

Every request is traced end-to-end. Full governance decisions, latency, and cost are recorded and replayable for compliance.

Put a level on your agents today.

Free for your first project. No credit card. One line of code to integrate.