How it works

Bridgekeeper runs with your existing gateway — it does not replace it. It sits in front of your proxy and inspects what crosses, in either direction, entirely in-process. No external calls; provider-agnostic; works fully air-gapped with local Ollama.

  1. User
  2. Bridgekeeper
  3. Your proxy (LiteLLM / Ollama / Bifrost)
  4. Model
Provenance tracking
Tool authorization
Outbound control
Untrusted-content isolation

In-process. No external calls. Provider-agnostic. [TEAM: confirm exact GuardLLM control set with Michael Coen before launch.]

In-process containment

Provenance tracking, tool/function-call authorization, outbound/exfiltration controls, replay resistance, and untrusted-content isolation — structural defenses classifier-style detection can't provide.

The plugin model

Shipped as a Docker image with a Kubernetes update path, as a drop-in for LiteLLM, Ollama, and Bifrost. More proxies to follow.