The governance platform for AI agent harnesses
Cost control, data protection, and audit trails — without changing your code.
The problem
Teams shipping AI features hit the same wall:
- No visibility into spend. A single misconfigured agent can burn through thousands of dollars overnight. There is no AWS billing alert equivalent for LLM calls.
- Data leaks in prompts. API keys, customer PII, and internal documents end up in model context. You find out when it is too late.
- No audit trail. Regulators (EU AI Act, SOC 2, HIPAA) ask “show me every AI decision your system made” and the answer is grep through application logs.
How it works
One configuration change. Every AI request flows through the gateway. No SDK changes, no code changes.
┌──────────┐ ┌─────────────────────────────┐ ┌──────────────┐
│ │ │ Curate-Me Gateway │ │ │
│ Your App │────────▸│ │────────▸│ AI Provider │
│ │ │ ┌─ 1. Rate Limit ─────────┐ │ │ │
│ (OpenAI, │◂────────│ │ 2. Cost + Budget │ │◂────────│ (OpenAI, │
│ LangChain, │ │ 3. PII / Secrets Scan │ │ │ Anthropic, │
│ any SDK) │ │ │ 4. Security Screen │ │ │ Google, │
│ │ │ │ 5. Model Allowlist │ │ │ 50+ more) │
└──────────┘ │ │ 6. Human Approval │ │ └──────────────┘
│ └─────────────────────────┘ │
│ │
│ Response headers: │
│ X-CM-Request-Id │
│ X-CM-Governance-Time-Ms │
│ RateLimit-Remaining │
└─────────────────────────────┘
│
┌─────┴─────┐
▼ ▼
┌─────────┐ ┌───────────┐
│ Redis │ │ MongoDB │
│ (live) │ │ (audit) │
└─────────┘ └───────────┘# Before (direct to provider):
OPENAI_BASE_URL=https://api.openai.com/v1
# After (governed, tracked, auditable):
OPENAI_BASE_URL=https://api.curate-me.ai/v1/openai
X-CM-API-Key: cm_sk_xxxYour existing OpenAI, Anthropic, or LangChain code keeps working. The gateway intercepts every request, applies your governance policies, records costs, and proxies to the upstream provider. Every request gets a unique trace ID and governance timing header in the response.
Key numbers
| 51 AI providers | OpenAI, Anthropic, Google, DeepSeek, Groq, Mistral, xAI, and 44 more |
| 6-step governance chain | Rate limit, cost check, PII scan, security screen, model allowlist, human approval |
| < 60ms overhead | Governance checks add minimal latency to each request |
| $0 to start | Free tier with 1,000 requests/day. No credit card required. |
Platform at a glance
┌─────────────────────────────────────────────────────────────┐
│ Your Application │
└────────────────────────────┬────────────────────────────────┘
│ OPENAI_BASE_URL=
│ https://api.curate-me.ai/v1/openai
▼
┌─────────────────────────────────────────────────────────────┐
│ │
│ ┌─────────────────┐ ┌────────────────┐ ┌─────────────┐ │
│ │ AI Gateway │ │ Dashboard │ │ Managed │ │
│ │ │ │ │ │ Runners │ │
│ │ 51 providers │ │ Cost charts │ │ │ │
│ │ 6-step policy │ │ Request logs │ │ Sandboxed │ │
│ │ <60ms overhead │ │ Team mgmt │ │ containers │ │
│ │ Full audit log │ │ Approvals │ │ for agents │ │
│ │ │ │ API keys │ │ │ │
│ └─────────────────┘ └────────────────┘ └─────────────┘ │
│ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ SDKs: Python · TypeScript · CLI · Observer · MCP │ │
│ └─────────────────────────────────────────────────────┘ │
│ │
│ Curate-Me Platform │
└─────────────────────────────────────────────────────────────┘What you get
Cost governance — Real-time spend tracking per team, per project, per model. Set daily budgets. Get alerts before you overspend.
Data protection — Every request is scanned for PII, API keys, and secrets before it reaches the provider. Block or redact automatically.
Audit trail — Every AI interaction is logged with model, tokens, cost, latency, and policy decisions. Exportable for compliance.
Human-in-the-loop — Flag high-cost or sensitive requests for manual approval before they execute.
Managed runners — Secure sandbox environments for AI agents that need shell access, browser automation, or file operations.
Works with everything — Python, TypeScript, cURL, LangChain, CrewAI, Vercel AI SDK. If it makes HTTP calls to an LLM, it works through the gateway.
Already using an LLM provider directly? The gateway is a drop-in proxy. Swap your base URL, add your gateway key, and every existing call gets governance automatically.