How Curate-Me Works

This page explains the platform in plain English.

If you are trying to answer “what does this actually do for us?” without reading backend code first, start here.

The Problem It Solves

Most teams build AI products in this order:

get the first model call working
add prompts, tools, and workflows
ship
only later discover they now need:
- budget controls
- request logs
- provider routing
- approval flows
- safer execution environments
- a way for non-engineers to see what is happening

Curate-Me is the layer you add when the AI system is useful enough that it now needs governance and operations, not just prompts.

The Simple Mental Model

Curate-Me has three jobs:

Product surface	In plain English
Gateway	Checks each AI request before it leaves your system
Managed Runners	Gives agents a safer place to run work
Dashboard	Gives humans a way to see, control, and explain what the AI system is doing

What Happens When You Use It

1. Your app sends a request

Your code still uses an LLM SDK. The main difference is that instead of talking directly to a provider, it talks to Curate-Me first.


# Before
OPENAI_BASE_URL=https://api.openai.com/v1
 
# After
OPENAI_BASE_URL=https://api.curate-me.ai/v1/openai

2. Curate-Me checks the request

Every request passes through a six-step governance chain before it reaches the provider. The chain short-circuits on the first denial — if rate limiting blocks a request, cost estimation and PII scanning never run.


┌─────────┐    ┌──────────────────────────┐    ┌──────────┐
│ Your App │───▸│   Curate-Me Gateway      │───▸│ Provider │
└─────────┘    │                          │    └──────────┘
               │ 1. Rate Limit            │
               │ 2. Cost Check + Budget   │
               │ 3. PII Scan              │
               │ 4. Security Scan         │
               │ 5. Model Control         │
               │ 6. Human Approval        │
               │                          │
               │ ⏱ <60ms overhead         │
               └──────────────────────────┘

Each step answers a specific question:

Step	Question
Rate Limit	Has this org/key exceeded its requests-per-minute quota?
Cost Check	Will this request push the org past its daily budget?
PII Scan	Does the request body contain secrets, API keys, SSNs, or other PII?
Security Scan	Does the prompt contain injection attacks, jailbreak attempts, or exfiltration patterns?
Model Control	Is this org allowed to use the requested model?
Human Approval	Does this request exceed the cost or sensitivity threshold for automatic execution?

If the request is safe and allowed, Curate-Me forwards it. If not, it blocks the request or pauses it for human approval.

3. Curate-Me records what happened

After the request finishes, Curate-Me records everything about it:


Request completes
    │
    ├──▸ Redis (real-time)          ──▸ Live cost counters, rate limit state
    │
    └──▸ MongoDB (durable audit)    ──▸ Full request log with:
                                         • model used
                                         • latency (ms)
                                         • token usage (input + output)
                                         • cost (USD)
                                         • governance decision (allow / block / escalate)
                                         • cost attribution tags
                                         • W3C trace ID

That information shows up in the dashboard for operators and other teams. Every request is queryable, exportable, and available for compliance audits.

4. Runners handle AI work that needs an environment

Some agent tasks need more than a model call. They may need files, a shell, browser automation, a sandbox, or a scheduled workflow. That is where managed runners come in.


┌──────────────────────────────────────────────────────┐
│  Managed Runner (isolated container)                  │
│                                                      │
│  ┌────────────┐  ┌────────────┐  ┌────────────────┐ │
│  │  OpenClaw   │  │  Browser   │  │  Curate-Me     │ │
│  │  Runtime    │  │  (Playwright│  │  CLI + MCP     │ │
│  │            │  │   /VNC)    │  │  (43 tools)    │ │
│  └────────────┘  └────────────┘  └────────────────┘ │
│                                                      │
│  Network phases: SETUP (on) → EXECUTION (off) → TEARDOWN (on)  │
│  Sandbox tiers:  read-only / write-restricted / write-project / full  │
│  Billing:        per-runner cost tracking + org-level rollup    │
└──────────────────────────────────────────────────────┘

A runner is a controlled execution environment for agent work. It can be:

started and stopped on demand
provisioned from a template (dev tools, browser automation, data-only, desktop)
attached to files, channels, or scheduled triggers
monitored by operators via the dashboard
billed and governed separately from gateway traffic

5. Humans stay in the loop

Curate-Me is not just for agents. It is also for the people responsible for them.

The dashboard lets teams:

inspect request logs
review approvals
watch health and provider status
track costs
manage API keys and secrets
manage runners and templates

Why Teams Buy This Instead Of Building It Themselves

Because the hard part is usually not “make one model call.”

The hard part is:

making the system safe enough for real customers
making costs understandable
giving non-engineers visibility
controlling agent execution environments
explaining failures when they happen

Curate-Me bundles those concerns into one operating layer instead of forcing teams to stitch together multiple tools and custom code.