Gateway

Optional. Powerful. Never a Bottleneck.

FORG works without a gateway — agent observability is fully out-of-band by default. When you need hard enforcement (blocking requests before they reach the model), flip on the gateway. One command. Same rules. Same pricing.

< 8ms
added latency
99.99%
uptime SLA
Per-tier
rate limits
$0
usage billing
Get started Architecture docs

Two modes, one platform

Both modes share the same rules engine, dashboards, and pricing. The only difference is when enforcement fires.

Mode A — Default

Out-of-band metadata

Agent calls LLM directly. FORG receives telemetry in parallel — zero latency added to the hot path.

┌──────────────┐
Agent / Tool
└──────┬───────┘
│ direct call
┌──────▼───────┐
LLM Provider
└──────────────┘
↘ FORG metadata (async)
  • Zero latency impact
  • Alerts + notifications for rule violations
  • Adapter kill-switch for soft enforcement
  • Full observability dashboard
Mode B — Gateway Enabled

Inline enforcement

All API calls route through forg.pro/gateway/v1/. Rules evaluated synchronously before the model sees the request.

┌──────────────┐
Agent / Tool
└──────┬───────┘
│ proxied call
┌──────▼─────────────┐
FORG Gateway ← enforce │
└──────┬─────────────┘
│ forwarded
┌──────▼───────┐
LLM Provider
└──────────────┘
  • Hard block before tokens leave
  • HTTP 429 on budget/rule violation
  • Full audit trail with request IDs
  • < 8ms median added latency

When the gateway earns its keep

Most teams start without it. These are the three scenarios where inline enforcement matters.

Hard enforcement

block-first

You need requests blocked before they reach the model — not just alerted after the fact. Budget overruns, disallowed models, or blocked patterns return HTTP 429 in real time.

  • Automated pipelines with strict caps
  • Budget overrun = immediate stop
  • No advisory-only leakage

Compliance

audit-trail

Your compliance team requires all AI traffic routed through an audited control point. Gateway provides an immutable log of every request with timestamps, model IDs, token counts, and error codes.

  • All traffic through audited path
  • Immutable request log
  • ISO 27001 / SOC 2 ready

Enterprise data residency

legal

Legal requires proof that AI calls stayed within your approved regions or never touched unapproved endpoints. Gateway's single ingress point makes this attestable and auditable.

  • Single approved ingress
  • Region-locked routing
  • Attestable for legal review

Per-tier daily token limits

Included in your seat. No token-based billing. Gateway billing is always $0 beyond the seat price.

TierDaily token limitHard stopBurst allowanceOverride
Solo500KYes1.5× / 5 min
Professional2MYes2× / 5 minSnooze 1h
Team10MYes3× / 5 minAdmin override
Business50MConfigurable5× / 5 minPolicy-based
EnterpriseCustomCustomCustomFull control

Enable in one command

No adapter changes required. Your existing rules apply immediately once the gateway is active.

Terminal
$ forg gateway enable
✓ Gateway registered at forg.pro/gateway/v1/
✓ Seat token: [redacted]

$ forg gateway status
Gateway:  active
Endpoint: forg.pro/gateway/v1/
Latency:  ~6ms (p50)
Limits:   Professional — 2M tokens/day
Rules:    7 active
Adapter proxy headers (auto-set)
POST forg.pro/gateway/v1/v1/messages
Authorization: Bearer sk-ant-...
X-Forg-Session:   sess_abc123
X-Forg-Project:   proj_xyz789
X-Forg-User:      user_def456
Content-Type:     application/json

# 429 on rule violation:
{"error": "budget_exceeded",
  "limit": 2000000,
  "used":  2001337 }

What FORG sees — and doesn't

Payload logging is OFF by default. FORG is a signal layer, not a content layer.

Stored by gateway

  • +timestamp
  • +model_id
  • +tokens_in / tokens_out
  • +latency_ms
  • +cost_usd (estimated)
  • +user_id / project_id / session_id
  • +error_code (if any)
  • +rule_ids triggered

Never stored (default)

  • prompt content
  • response content
  • system prompt text
  • tool call arguments
  • file contents
  • PII of any kind
  • API keys / credentials
  • raw request/response bodies
Payload logging can be enabled per-project for compliance teams with E2E encryption at rest.

Before vs. after gateway

Both modes give you full observability. Gateway adds real-time enforcement on top.

Without gateway
  • Budget alerts are advisory
    Developers see the warning — and can keep spending anyway.
  • Overspend discovered post-hoc
    You learn about the breach after tokens have been billed.
  • No request-level blocking
    Rules fire notifications; they cannot stop the API call.
  • Adapter kill-switch only
    Soft stop via agent adapter — bypassable in raw API calls.
With gateway enabled
  • Hard stops before tokens leave
    HTTP 429 returned; request never forwarded to the LLM.
  • Real-time enforcement
    Budget, model blocklist, and custom rules checked inline.
  • Full audit trail
    Every request logged with ID, timestamps, and rule outcomes.
  • Bypasses impossible
    All traffic must route through forg.pro/gateway/v1/.
Two-minute setup

Enable gateway in one command

Your rules carry over. Your seat price stays the same. You get hard enforcement instead of advisory alerts.

$ forg gateway enable
Get started at $19/month Read the docs