Suez
A single control plane between your applications and every LLM, MCP tool, and autonomous agent behind them — policy enforcement, identity, quotas, and tamper-evident audit in one gateway.
What Suez does
As organisations add AI features — a customer-facing assistant, an internal data tool, an autonomous agent that can take actions — each addition creates a new path from application to model. Without a control plane, policy, identity, and audit trail behind each path separately. In practice, they lag behind the deployments they're supposed to govern.
Suez closes that gap architecturally. Every LLM call, every MCP tool invocation, every agent action goes through a single gateway. The gateway checks identity, evaluates the applicable OPA policy, enforces quotas and rate limits, and logs everything — before the request reaches the model or tool.
The result is a system where adding a new AI capability doesn't require a separate governance project. The governance is already there, in the gateway. Engineers wire new capabilities to Suez; policy teams update OPA rules; compliance teams query the audit log. Each group works in their own layer without stepping on the others.
Core capabilities
Universal AI traffic control
All LLM API calls, MCP tool invocations, and agent actions route through Suez. No side channels, no direct model access without gateway authorisation.
OPA-backed policy enforcement
Open Policy Agent rules govern every request. Policies are version-controlled and testable outside the gateway, so updates can be reviewed and audited independently of deployment cycles.
Identity, quotas & rate limits
Per-application, per-user, and per-model token quotas with configurable rate limits. Quota exhaustion triggers configured fallbacks rather than silent failures.
Multi-provider model support
Route traffic to any supported LLM provider through a unified interface. Provider-specific configuration is managed in Suez — applications don't need to know which model is behind each route.
Agent and tool governance
Suez governs not just model API calls but the tools agents are permitted to invoke and the policies that apply to agent-generated actions — stopping autonomous behaviour from escaping policy scope.
Tamper-evident audit log
Per-environment database isolation. Every policy input and decision is recorded with the policy version that applied. Records are protected from after-the-fact modification.
How it works
-
Request enters the gateway
An application submits an LLM call, tool invocation, or agent action to Suez. The application authenticates using its configured identity mechanism — API key, JWT, or service account.
-
Identity resolution and enrichment
Suez resolves the caller identity and enriches the request context with workspace, role, and permission data needed for policy evaluation.
-
OPA policy evaluation
The enriched request context is evaluated against the applicable Open Policy Agent ruleset. The policy decision — allow, deny, or modify — is returned with the rule identifier that produced it.
-
Quota and rate limit check
If the policy permits the request, quota consumption and rate limit state are checked. Requests that would exceed configured limits receive a structured denial response with retry-after information.
-
Proxied execution and response handling
Permitted requests are proxied to the target model provider or tool. Responses are inspected and can be subject to output policies before being returned to the caller.
-
Audit log write
Every request — permitted or denied — is written to the tamper-evident audit log with full context: caller identity, request summary, policy decision, rule identifier, response summary, and latency.
Technical specification
| Component | Details |
|---|---|
| Policy engine | Open Policy Agent (OPA); policies in Rego, version-controlled |
| Identity | API key, JWT (RS256/HS256), and service-account credential support |
| Model providers | Configurable multi-provider routing; provider keys stored encrypted |
| Tool / MCP support | MCP protocol tool invocation governance; agent action policies |
| Audit storage | Per-environment database isolation; append-only schema with hash chaining |
| Latency target | Minimal added latency; gateway overhead separated from model inference time in metrics |
Get the Suez white paper
Gateway architecture, OPA policy model, identity integration, audit log design, and deployment guide — available on request.