Product Deep-Dive
Aieges Smart Gateway
Two-layer MCP intercept: instant pattern matching inline, deep inference analysis after the fact.
The Smart Gateway sits between your AI clients (Claude, Gemini, Codex, Grok) and your MCP servers. Layer 1: every tools/call request hits the Aho-Corasick engine — 147+ threat patterns matched at <2ms. Requests flow through. Layer 2: our Llama inference model scans every request after it passes, building breadcrumb trails. When a trail is marked malicious, the pattern is blocked from returning.
Performance at a Glance
<2ms
Aho-Corasick Latency
Inline pattern matching per request
Streamable HTTP
Protocol
MCP-native transport
147+
Inline Patterns
Aho-Corasick threat rules
Zero
Cloud Dependency
100% offline capable
MCP Protocol Interception
The Model Context Protocol (MCP) defines how AI models call external tools. The Smart Gateway intercepts at the Streamable HTTP transport layer with two distinct processing modes:
Inline: Aho-Corasick Engine
Every tools/call, tools/list, and resources/read request hits 147+ threat patterns instantly. Known-bad payloads are blocked in <2ms. Everything else passes through and is logged.
• Regex + blocklist matching
• Prompt injection signatures
• PII pattern detection
Async: Llama Inference Model
After requests pass through, the inference model scans them in batch. It builds breadcrumb trails across call chains — if anything is flagged ambiguous or risky by the classifier, the LLM chases the pattern backwards through the waterfall of related calls. Once a trail is marked bad, it's blocked from returning.
• Retroactive trail analysis
• Multi-turn attack detection
• Adaptive blocklist generation
Streamable HTTP Transport
The Gateway uses MCP's Streamable HTTP transport for bidirectional communication. Inline Aho-Corasick matching runs synchronously; the Llama inference model processes asynchronously behind the scenes.
Client (Claude/Gemini/Codex)
│
▼ Streamable HTTP
┌─────────────────────────────────┐
│ AIEGES Smart Gateway │
│ ┌───────────────────────────┐ │
│ │ Aho-Corasick (inline) │ │ ← 147+ patterns, <2ms
│ │ Breadcrumb Logger │ │ ← Every call logged
│ │ Policy Engine │ │ ← Evaluate rules
│ └───────────────────────────┘ │
└─────────────────────────────────┘
│ │
▼ Streamable HTTP ▼ Async batch
MCP Server (upstream) Llama Inference
┌──────────────┐
│ Trail Scanner │
│ Bad? → Block │
└──────────────┘147 Patterns + Llama Inference
The Aho-Corasick engine catches known threats instantly. But novel attacks slip past static patterns — that's where the Llama inference model comes in. It's always running behind the scenes, scanning processed requests for malicious patterns the rules engine missed. Think of it as a security analyst reviewing the breadcrumb trail after every shift: if something looks wrong, that pattern gets added to the blocklist before it can return.
Routing Prefixes
Tool calls are routed based on their name prefix. This allows the Gateway to segment traffic and apply different policies per operation type.
memory_*Memory operations routed to MNEMON or compatible memory backends.
plan_*Planning and orchestration tool calls routed to the planner service.
hybrid_*Operations requiring both memory and planning, fanned out to multiple upstreams.
Model-Agnostic Multiplexer
The Smart Gateway is model-agnostic. It works with any AI client that speaks MCP, regardless of the underlying model:
Claude
Gemini
Codex
Grok
Multiple AI clients can connect simultaneously. The Gateway multiplexes requests across upstream MCP servers while maintaining per-client audit trails and policy enforcement.
Ready to get started?
Install the Smart Gateway in minutes with Docker or a native Rust build.
AIEGES Quickstart →