ONE PRODUCT · FOUR COMPONENTS
Verosek Gateway handles it all.
AI Gateway routes every LLM call. MCP Tools execute every action under per-key access control. Shield scans every request, response, and tool output. Audit Vault signs every step. They share identity, share the trace, and ship as one binary.
Component spotlights
What each component actually ships.
Each card lists the concrete numbers, the things it does, and a sample of the endpoints it serves. Click through for the full deep-dive.
Component 01
AI Gateway
Same SDK. Any model. Any provider.
- —Twelve OpenAI endpoints + native Anthropic /v1/messages + native Gemini /v1beta
- —Cross-SDK translation: Claude through OpenAI SDK, GPT through Anthropic, etc.
- —Per-model parameter quirks normalised (max_completion_tokens, system→developer)
- —Virtual keys: budget, TTL, rotate, revoke, audit binding (vsk_… / vkr_…)
- —Weighted routing, priority fallback, 3-fail cooldown
Endpoints (sample)
- POST /v1/chat/completions
- POST /v1/messages
- POST /v1beta/models/{model}:generateContent
- POST /v1/embeddings
- PATCH /api/v1/keys/{key_ref}
- POST /api/v1/keys/{key_ref}/rotate
Component 02
MCP Tools
Tools your agents can use. Safely.
- —Postgres, MySQL, MongoDB, Redis, Elasticsearch, GitHub, GitLab, Filesystem, Slack, Stripe
- —Per-(key, connection, tool) access rules: allowlists, blocklists, max_rows, max_amount_cents
- —Argument rewriting (LIMIT injection, PII redaction) recorded as MODIFY in trace
- —LLM + tools loop OR MCP-only via /mcp (Claude Desktop / Cursor / VS Code)
- —Connection credentials encrypted with AES-256-GCM at rest
Endpoints (sample)
- POST /mcp (JSON-RPC: tools/list, tools/call)
- POST /api/v1/tool-access
- GET /api/v1/keys/{key_ref}/tools
- PATCH /api/v1/connections/{connection_id}
Component 03
Shield
Twelve checks. Every request scanned.
- —Scan points: pre-LLM, post-tool, post-LLM, session-drift
- —Modes per check: off / log_only / enforce — graduate when false-positives drop
- —fail_closed default for prompt injection; fail_open for advisory checks
- —Multilingual PII engine + 17 secret regex patterns (AWS, GitHub, Stripe, …)
- —Custom PII recognizers via POST /api/v1/security/custom-pii
Endpoints (sample)
- GET /api/v1/security/profiles
- GET /api/v1/security/policies/{profile_name}/export
- POST /api/v1/security/policies/import
- POST /api/v1/security/topics
Component 04
Audit Vault
Every step signed. Every decision explainable.
- —SessionTrace per request: ordered TraceSteps + aggregate counters + signature
- —Decision receipts for every BLOCK / MODIFY / TERMINATE / HOLD verdict
- —Offline verify with verosek-verify-receipt CLI (stdlib-only, no network)
- —NIST AI RMF + EU AI Act evidence bundles drawn from real trace data
- —Constant-time HMAC compare; canonical JSON serialisation; receipt_version tag
Endpoints (sample)
- GET /api/v1/traces
- GET /api/v1/traces/{trace_id}/verify
- GET /api/v1/security/receipts/{trace_id}
- GET /api/v1/security/compliance/{framework_id}
Capability matrix
What overlaps, what doesn’t, in one table.
Identity, the audit trace, and offline operation are universal. Per-call decisions and payload rewriting are concentrated in MCP and Shield.
| Capability | Gateway | MCP | Shield | Audit |
|---|---|---|---|---|
| Per-key identity (vsk_…) | ||||
| Per-call enforcement decision | ||||
| Argument / payload rewriting | ||||
| Writes to the signed audit trace | ||||
| Off-the-hot-path async work | ||||
| Offline / air-gap clean | ||||
| Survives gateway restart | ||||
| AES-256-GCM at rest | ||||
| HMAC-SHA256 signed | ||||
| NIST AI RMF evidence | ||||
| EU AI Act evidence |
One product. Four components. Zero integration gap.
FAIL_CLOSED by default. Every tool call scanned. Every decision signed.