> ## Documentation Index > Fetch the complete documentation index at: https://docs.neuraltrust.ai/llms.txt > Use this file to discover all available pages before exploring further. # Overview > TrustGate is NeuralTrust's open-source, high-performance data-plane gateway for LLM and agent traffic — multi-provider routing, load balancing, policies, and MCP, in a single Go binary. **TrustGate** ([open source](https://github.com/NeuralTrust/TrustGate), Apache-2.0) is a purpose-built reverse proxy for **LLM and agent traffic**. Point any OpenAI-, Anthropic-, or Responses-API client at it and TrustGate normalizes, routes, load-balances, governs, and observes every call — without changing your application code beyond a base URL and two headers. It is built from scratch in **Go** on top of [Fiber](https://gofiber.io), tuned for low latency and high concurrency, and ships as a single static binary, a Docker image, and Kubernetes manifests. ## Why a gateway Putting TrustGate between your apps and your model providers gives you one control point for: * **Multi-provider access** — first-class adapters for OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, Google Gemini, Vertex AI, Groq, and Mistral, behind one OpenAI-compatible surface. * **Smart routing & load balancing** — round-robin, weighted, least-connections, random, and semantic strategies, with health checks and fallback chains. * **Cost & abuse control** — request and token rate limiting, request-size guards, and embedding-based **semantic caching** to cut spend on repeated prompts. * **Multi-tenancy & auth** — per-gateway consumers authenticated by API key, OAuth2, IDP JWT, or mTLS, with policies scoped globally or per consumer. * **Runtime security** — attach [TrustGuard](/trustguard/overview) to inspect prompts and responses inline for jailbreaks, PII, toxicity, and tool abuse. * **Observability** — built-in Prometheus metrics and rich per-request telemetry streamed to Kafka (and optionally TrustLens). * **Agent tooling** — a dedicated MCP plane exposes [MCP](/trustgate/mcp/overview) servers and tools to agents with full OAuth2 support. ## The building blocks You configure TrustGate through its [Admin API](/trustgate/api/overview) (or the console), then send traffic to the proxy. Six objects make up a gateway: | Object | What it is | | ---------------------------------------------- | --------------------------------------------------------------------------------------------------- | | **[Gateway](/trustgate/concepts/gateways)** | The top-level tenant, addressed by a `slug`. Owns everything below. | | **[Registry](/trustgate/concepts/registries)** | An upstream backend — an LLM provider endpoint or an MCP server. | | **[Consumer](/trustgate/concepts/consumers)** | The calling application's identity. Owns routing and credentials, addressed by a `slug` in the URL. | | **[Auth](/trustgate/concepts/auth)** | A credential (API key, OAuth2, IDP, mTLS) that authenticates as a consumer. | | **[Policy](/trustgate/policies/overview)** | A governance rule that runs at request/response stages — rate limiting, caching, CORS, and more. | | **[Role](/trustgate/concepts/roles)** | Routing config selected from IDP token claims, for identity-based routing. | ## How a request flows ```text theme={null} client ──▶ Proxy :8081 /{consumer_slug}/v1/chat/completions │ X-AG-Gateway-Slug, X-AG-API-Key ├─ resolve gateway + consumer + policies ├─ apply policies (rate limit, cache, CORS, …) ├─ load-balance across the consumer's registries (+ fallback) ├─ forward to the provider adapter (stream when supported) └─ emit telemetry → Kafka ``` A client never names a provider URL or key — it names a **model**, and the gateway resolves the registry, applies policies, and forwards. See [Architecture](/trustgate/architecture) for the full lifecycle. ## Where to go next Zero to a forwarded completion in six API calls. Planes, the request lifecycle, and infrastructure. Gateways, registries, consumers, auth, policies, roles. The full open-source REST API.