Invariant Gateway — a transparent proxy for agent observability and security
A single URL change captures every LLM call, tool invocation, and computer interaction into a navigable trace. The infrastructure piece that makes runtime security enforcement practical.
Invariant released Invariant Gateway in March 2025. It's a transparent proxy between the agent and its LLM provider: one URL change in the client configuration, and all agent traffic is captured into structured traces in Explorer. No code changes. No SDK swap. No instrumentation work.
The architecture problem it solves
Debugging a traditional API service is straightforward: structured logs, request IDs, error codes. Debugging an agent session is different in kind. A session might involve dozens of LLM calls, tool invocations, computer interactions, and branching decision paths. A failure at step 23 might be caused by something the agent did — or failed to do — at step 7.
The information exists in the raw logs. Getting it into a form where a developer can navigate to step 7 and understand what happened is the hard part. Gateway makes this automatic.
How it works
One configuration change:
client = openai.OpenAI(
api_key="...",
base_url="https://gateway.invariantlabs.ai/api/v1/openai",
default_headers={"Invariant-Authorization": f"Bearer {INVARIANT_API_KEY}"}
)All agent traffic routes through Gateway. Gateway forwards it with minimal latency, captures the full exchange (prompts, completions, tool calls, computer interactions), and stores it in Explorer. The agent continues to work exactly as before.
Two deployment patterns
Organisation-wide security monitoring. A platform team deploys Gateway as shared infrastructure. All agents route through it. The security team gets a centralised view of what every agent is doing — essential for anomaly detection, audit compliance, and incident response. A spike in cross-tenant message attempts, an agent calling unusual tool sequences, an unexpected outbound URL — all visible in one place.
Individual developer debugging. Route local sessions through Gateway during development. Step through traces, annotate decision points, share a trace link in a GitHub issue. The recipient opens it in Explorer with full context, without needing to set up their own environment.
The relationship to Guardrails
Gateway is the transport layer. Guardrails is the policy layer. Once traffic flows through Gateway, adding Guardrails is a configuration change that activates rule evaluation on every message. The combination gives you observability (what happened), security enforcement (what was blocked), and audit capability (why decisions were made) in one stack.
In Genie, the equivalent is the OpenTelemetry instrumentation in pkg/observability/ combined with the CompositePolicy on the bus. Every policy decision produces a span. Every agent invocation produces a span. The security team reads the dashboard to see denial rates by policy type, cross-tenant attempts, and below-tier dispatch attempts — the six SLIs that matter for the security posture.
Source: Invariant Labs — Invariant Gateway · Open source: GitHub