One AI gateway, both directions
Barbacane handles AI traffic on the way out and on the way in. Route your application's LLM calls through OpenAI, Anthropic, or Ollama with provider fallback and policy routing. Expose your existing APIs to AI agents as typed MCP tools. Same gateway, same middleware, same spec.
Your OpenAPI becomes an MCP server
Enable MCP once at the spec root and your existing API is agent-callable. Authentication, rate limits, validation, and audit logging all apply to tool calls, because they are just HTTP requests in disguise.
# Enable MCP for the whole API
x-barbacane-mcp:
enabled: true
server_name: Orders API
server_version: 1.0.0
paths:
/orders/{id}:
get:
operationId: getOrder
summary: Fetch an order by id
security:
- bearerAuth: []
parameters:
- name: id
in: path
required: true
schema: { type: string }
responses:
'200':
description: Order
content:
application/json:
schema:
$ref: '#/components/schemas/Order'
/admin/orders/purge:
delete:
operationId: purgeOrders
summary: Purge archived orders
# Hide this one from agents
x-barbacane-mcp:
enabled: falseAgents discover your tools
Barbacane exposes a JSON-RPC 2.0 MCP endpoint at
/__barbacane/mcp. Each operation becomes a
typed tool, with the name taken from operationId,
the description from summary, and input and
output schemas merged from your parameters, body, and responses.
Calls run through your middleware
Tool calls are HTTP requests. They pass through authentication, authorization, rate limits, validation, transformations, and observability like any other request. No shadow stack, no drift.
Opt out what agents should not see
By default every operation is a tool. Add
x-barbacane-mcp: { enabled: false }
to any operation you want to hide, such as admin endpoints or destructive
actions.
Your app calls LLMs through one dispatcher
Route outbound LLM requests through OpenAI, Anthropic, or Ollama with provider fallback, policy-driven targets, and the same middleware chain you use for every other request.
paths:
/v1/chat/completions:
post:
operationId: chatCompletion
summary: Route LLM chat completion
x-barbacane-dispatch:
name: ai-proxy
config:
provider: openai
model: gpt-4o
api_key: "${OPENAI_API_KEY}"
# Tried in order on 5xx / timeout
fallback:
- provider: anthropic
model: claude-sonnet-4-20250514
api_key: "${ANTHROPIC_API_KEY}"
- provider: ollama
model: llama3
base_url: http://ollama:11434Clients send OpenAI format
The ai-proxy dispatcher exposes a
unified OpenAI-compatible API surface and translates per provider
internally. Pinned upstream API versions make breaking changes a
deliberate plugin upgrade, not a silent production incident.
Fallback on failure
When the primary provider returns 5xx or times out, the dispatcher tries the next target in the fallback chain. 4xx errors (content policy, invalid model) return directly to the client.
Policy-driven targets
Stack cel middleware rules to set
ai.target in context based on consumer
tier, scopes, or headers. Credentials stay in dispatcher config, never in
context.
AI governance, built in
Four middlewares compose like any other Barbacane plugin. Named profiles, CEL expressions, fail-closed on misconfiguration.
Prompt guard
PII redaction, regex allow and deny lists, shape constraints on inbound prompts. Shift-left validation at lint time.
Token limits
Token-based sliding windows per consumer, per operation, per tenant. Stop runaway agents before they cost you money.
Cost tracking
Per-operation spend observability as Prometheus metrics. Budget alerts and cost attribution across tenants and agents.
Response guard
Output scrubbing, schema re-validation, and policy checks before responses reach the agent. Fail closed on misconfiguration.
The problem with traditional API gateways
Two sources of truth
Your OpenAPI spec defines your API, but your gateway has its own configuration. They inevitably diverge, causing bugs and security issues.
Wasted time reconciling
Teams spend hours syncing gateway config with API specs, debugging mismatches, and fixing inconsistencies that shouldn't exist.
The Barbacane approach
One spec. Zero configuration drift. Automatic enforcement.
Write your API spec
Use OpenAPI or AsyncAPI with x-barbacane-* extensions
for auth, rate limiting, and routing.
Compile to an artifact
Run barbacane compile to generate an optimized
binary artifact. Validation happens at compile time.
Deploy and run
Deploy the artifact to your gateway. Routing, validation, auth — everything works exactly as specified.
One gateway for your APIs and your agents
AI-native features on top of a production-grade, spec-first gateway. Rust for speed and safety, WebAssembly plugins for extensibility.
MCP server for AI agents
Expose your API operations as AI-callable tools via the Model Context Protocol. AI agents discover and call endpoints through JSON-RPC 2.0, one extension to enable.
Request Validation
Automatic JSON Schema validation for bodies, parameters, and headers
with built-in $ref resolution. Invalid requests never reach your backend.
Authentication
Five built-in auth plugins: JWT, OIDC, OAuth2, API Key, and Basic Auth. Configured directly in your OpenAPI security schemes.
Blazing Fast
Sub-microsecond routing and validation. Built on Rust, Tokio, and Hyper for maximum performance.
Every plugin you need
A full suite of built-in WebAssembly plugins for auth, security, traffic control, transformations, and observability. Sandboxed execution means a faulty plugin cannot crash the gateway.
Observability
Prometheus metrics, OpenTelemetry traces, and structured logging. Full visibility into your API traffic.
AsyncAPI & Event Bridging
Bridge HTTP to event-driven systems. Route requests to Kafka, NATS, or AWS Lambda using AsyncAPI specs.
Control & Data Plane Split
Autonomous data planes that run independently. Zero-downtime deployments with hot-reload updates pushed from the control plane.
Web UI
Visual control plane with syntax-highlighted spec viewer, drag-and-drop uploads, build logs, data plane health monitoring, and one-click deployments.
AI prompt guard
PII redaction, regex allow and deny lists, and schema constraints on inbound prompts. Shift-left validation at lint time, fail-closed in production.
Authorization
Policy-driven access control with inline CEL expressions, Open Policy Agent integration, and consumer-based ACLs. Zero-trust at the gateway.
Request Transformation
Declarative transformations for headers, query params, paths, and JSON bodies before reaching your upstream. Variable interpolation with capture groups.
AI token limits
Token-based sliding windows per consumer, per operation, per tenant. Stop runaway agents before they cost you money.
FIPS 140-3 Ready
Built on rustls with AWS-LC, a NIST-certified FIPS 140-3 cryptographic module. Enable FIPS mode with a single feature flag — no OpenSSL dependency.
AI cost tracking
Per-operation LLM spend as Prometheus metrics. Budget alerts and cost attribution across tenants, teams, and agents.
WebSocket Proxy
Transparent WebSocket proxying with full middleware chain on the upgrade request. Authentication, rate limiting, and observability apply to WebSocket connections.
Config Provenance
Every artifact embeds a SHA-256 fingerprint and Git commit provenance. Continuous drift detection flags data planes running stale configurations.
AI response guard
Output scrubbing, schema re-validation, and policy checks before responses reach the agent. Fail closed on misconfiguration.
Enterprise-grade architecture
Separate control plane and data plane for maximum resilience and flexibility.
Control Plane
The management layer for your API gateway fleet. Handles configuration, compilation, and deployment orchestration.
- Web UI for visual management
- Plugin registry with schema validation
- Spec compilation and artifact builds
- Push deployments to data planes
- Artifact provenance and drift detection
Data Plane(s)
The runtime layer that handles actual API traffic. Fully autonomous — keeps running even if the control plane is down.
- Hot-reload without restarts
- Zero-downtime deployments
- TLS termination, mTLS, and FIPS 140-3
- Resilient to control plane outages
- Dedicated admin API for health and provenance
Built for teams who take APIs seriously
Platform Teams
Building an internal developer platform? Barbacane enforces consistent API standards and policies automatically.
- Self-service API publishing
- Automatic policy enforcement
- Centralized observability
API Product Companies
Exposing public APIs? Barbacane ensures your contracts are strictly enforced and your documentation is always accurate.
- Contract-first development
- Always-accurate documentation
- Version and lifecycle management
Enterprises Modernizing
Migrating from legacy gateways? Barbacane's spec-first approach brings order to complex API landscapes.
- Gradual migration path
- Compliance-ready logging
- Hybrid cloud support
No feature gating. No hidden enterprise tier.
Barbacane is open source under the AGPLv3. Every feature is available to everyone. Small teams and non-profits get a free commercial license. Larger organisations can purchase a commercial license — see pricing for details.
Star on GitHubReady to simplify your API gateway?
Get started in minutes. Write your spec, compile, and deploy.
# Try the playground with Docker
git clone https://github.com/barbacane-dev/playground
cd playground && docker-compose up -d
# Or install from source
cargo install barbacane
barbacane compile --spec api.yaml --manifest barbacane.yaml --output api.bca
barbacane serve --artifact api.bca