Active Directory
for AI agents.
Every agent needs an identity, a budget, and a kill switch. BrainstormRouter is the governance runtime for autonomous AI workforces — and the intelligence layer that makes Brainstorm CLI smarter with every request.
“An AI gateway is a security appliance, not an infrastructure tool.”
80% of the Fortune 500 run AI agents in production. Fewer than 22% govern them.
The threat model isn't hypothetical. Semantic Lateral Movement: a compromised agent uses legitimate credentials to instruct peer agents to execute malicious actions. Traditional firewalls can't see it. API gateways can't stop it. You need intent inspection on the semantic layer.
BrainstormRouter applies the Cloudflare playbook to the semantic layer — developer adoption through easy integration (OpenAI-compatible), CISO control through governance enforcement (identity, authorization, evidence). Every request inspected. Every decision recorded. Every agent accountable.
Identity
SPIFFE Ephemeral Certificates
Every agent gets a unique mTLS cert that expires in 5 minutes. No static API keys. No shared secrets. Cryptographic proof of identity on every request.
Authorization
Semantic RBAC
Policies compiled from natural-language job descriptions into crypto-bound enforcement rules. What the agent is allowed to do — enforced at the token level.
Evidence
Cryptographic Audit Trail
Every decision signed and stored. Full reconstructability per agent at any point in time. Export to CEF/ECS JSON for compliance.
The only gateway that inspects content mid-flight.
Every other AI gateway inspects content after the full response arrives. By then, the PII is already on the client. The injection has already executed. BrainstormRouter inspects every token as it streams — and can redact, replace, or terminate the stream before sensitive data ever reaches the wire.
Unique in market — no other gateway offers streaming content guardrails
PII Detection
Regex + pluggable scanner. SSN, credit cards, emails, phone numbers — redacted token-by-token before they stream to the client.
Prompt Injection
7+ detection patterns. Identifies injection attempts in both prompts and model outputs. Blocks before execution.
Jailbreak Defense
Pattern-based jailbreak detection across known attack vectors. Updates from community threat intelligence.
Content Filtering
Toxicity scoring, keyword + LLM-based content filtering. Configurable thresholds per agent, per use case.
Synthetic Refusal
On violation, injects a natural refusal into the stream. The client sees a coherent decline, not an error.
Tool Call Firewall
Semantic intent analysis on every tool call. Blocks malicious tool usage even when the tool name looks legitimate.
Post-quantum ready. Today.
The Brainstorm ecosystem uses AES-256-GCM for symmetric encryption and Argon2id for key derivation — both quantum-resistant. The CLI's encrypted vault protects secrets locally. The Router's SPIFFE CA issues certificates with cryptographic agility built in — ready for NIST post-quantum standards.
The evidence ledger uses cryptographic signatures that can be verified independently. Every routing decision, every guardrail trigger, every budget action — signed and immutable. Not for theater. For compliance teams that need to prove what happened and when.
CLI Vault
AES-256-GCM + Argon2id
Local secret encryption with 1Password bridge
Agent Identity
SPIFFE mTLS (X.509)
5-min ephemeral certs, crypto-agile for PQC migration
Evidence Ledger
Cryptographic signatures
Tamper-proof audit trail, exportable to CEF/ECS
Semantic Cache
pgvector cosine similarity
Embedding-based dedup at 90% threshold
Trust Degradation
6-signal reputation score
Full Trust → Degraded → Restricted → Quarantined
13 production-wired systems that learn, adapt, and enforce. Every request flows through the full pipeline in under 5 milliseconds. Each system feeds data to the others — and to BrainstormLLM for trajectory-based learning.
Thompson Sampling
UCB1 for cold-start, Gaussian Thompson for steady state. 7-day rolling Welford accumulators learn optimal model per task.
Semantic Cache
pgvector + in-memory hybrid. 90% cosine similarity threshold. Saves redundant API calls — you pay once, hit cache forever.
Budget Forecasting
Predicts spend depletion ETA. 5-level degradation ladder auto-reduces quality before limits are breached.
Streaming Guardrails
Token-by-token inspection during streaming. PII redaction, injection defense, toxicity filtering — all mid-flight.
Semantic Tool Firewall
Deep intent inspection on every tool call. Analyzes what the tool actually does, not just its name. Blocks lateral movement.
SPIFFE Identity
5-minute ephemeral mTLS certificates per agent. No static API keys. Unique cryptographic identity. Post-quantum ready.
Quality Scoring
Tier 1 heuristic (100% requests) + Tier 2 LLM judge (10% sampled). Tool call success tracking. Context utilization scoring.
Circuit Breaker
Isolates failing provider endpoints. Auto-recovers when health returns. Prevents cascade failures across 30+ providers.
Evidence Ledger
Cryptographically signed record of every decision. Who acted, what policy, what cost. Full reconstructability.
4-Block Memory (RMM)
Core facts, archival, sleep-time extraction, semantic retrieval. Postgres-backed with pgvector. Persistent across sessions.
Cost-Quality Frontier
Finds the Pareto-optimal price/quality tradeoff per task type. Visualized in dashboard. Auto-selects the sweet spot.
Pattern Fingerprinting
Classifies requests into ~500 patterns. Per-pattern × model performance tracking. Feeds into Thompson reward signal.
Agent Reputation
6-signal scoring drives rate limits, timeouts, and trust level. Full Trust → Degraded → Restricted → Quarantined.
Every agent in every platform runs through the Router.
Brainstorm CLI is Router's first and best client. Every task routed. Every outcome tracked. Every trajectory captured for BrainstormLLM training. The production platforms are the proof.
BrainstormMSP
37 agents
Autonomous MDR. Every security decision routed, governed, and evidence-logged.
Brainstorm-GTM
70 agents
Autonomous go-to-market. Budget-controlled per campaign. Degradation ladder prevents overspend.
Peer10
35 services
Youth sports platform. CLI routes all code tasks through Router intelligence.
Lead Network
33 domains
Autonomous acquisition. Router handles model selection for 7 different vertical contexts.
OpenAI-Compatible API
Drop-in replacement. Change your base URL and you're done. Works with LangChain, LlamaIndex, CrewAI, Vercel AI SDK, and any OpenAI-compatible client. Every response includes intelligence headers: quality score, route reason, cache status, guardrail summary.
// Just change the base URL
const client = new OpenAI({
baseURL: 'https://api.brainstormrouter.com/v1',
apiKey: process.env.BR_API_KEY,
});
// Response includes intelligence headers:
// X-BR-Quality-Score: 0.87
// X-BR-Route-Reason: thompson-sampling
// X-BR-Cache: miss
// X-BR-Guardrail-Summary: pass
// X-BR-Actual-Cost: 0.0034
MCP Gateway
65 MCP tools for agent-native discovery. Routing, memory, governance, budget, security, approvals, and admin — all accessible through the Model Context Protocol. Your agents can query their own reputation, check their budget, and request permission escalation.
SDKs
npm install @brainstormrouter/sdk— TypeScriptpip install brainstormrouter— Pythonnpm install @brainstormrouter/cli— CLI
Integrates with LangChain, LlamaIndex, CrewAI, Vercel AI SDK, and any OpenAI-compatible client.
Every request makes the system smarter.
Governance Runtime
Govern every agent. Ship with confidence.
Start free. No credit card required. All 13 intelligence systems, streaming guardrails, and SPIFFE identity included.