Features How it works SDK Contact Get started
Open Source

The AI Gateway
your team needs

Ziri is a self-hosted proxy that sits between your apps and AI providers. Govern access, control costs, and enforce policies — without changing a line of application code.

$ docker run -p 8080:8080 zstrike/ziri
Your Apps
Frontend
Backend API
AI Agent
Ziri Gateway
Authenticate
Rate limit
Evaluate policy
Track cost
AI Providers
OpenAI
Anthropic
+ more

Your team is spending thousands on AI APIs. But who's using what?

When developers use LLM APIs directly, anyone with a key can use any model, costs spiral unpredictably, there's no audit trail, and you can't enforce rules. Ziri fixes this by acting as a smart gateway every request must pass through.


Everything you need to govern AI

Centralized control over every AI API request, without changing how your applications are built.

Policy-based access control

Define who can use what, when. Cedar policies give you granular, declarative control over every AI request.

permit(principal, action == Action::"chat", resource == Model::"gpt-4o") when { context.hour >= 9 && context.hour <= 17 };

API key management

Per-user keys with automatic rotation. No more sharing raw provider keys across your team.

Per-user rate limiting

Sliding window throttling per user. Prevent runaway scripts from burning through your budget.

Cost tracking

Daily and monthly spend summaries per user and team. Set spend caps before budgets run out.

Audit logs

Full record of every authorization decision. Know who accessed which model, when, and why.

Web-based Admin UI

Manage keys, policies, users, and view usage from a browser. Bundled with the gateway — no separate install, no extra infrastructure.

Role-based access

Admin, Viewer, User Admin, Policy Admin. The right level of access for every team member.


How it works

Every AI request flows through five stages. Your apps don't change — they just point to Ziri instead of OpenAI or Anthropic directly.

Validate Key
Identify the user
Rate Limit
Check request quota
Policy Check
Evaluate Cedar rules
Forward
Send to provider
Track & Log
Record cost & decision

Deploy in minutes with Docker

Ziri ships as a single Docker image. Run it anywhere — your cloud, your datacenter, your laptop. The Admin UI is bundled, no separate setup required.

  • Single Docker image, self-hosted and fully under your control
  • Admin UI bundled — manage everything from a browser
  • OpenAI-compatible API — just change the base URL
View documentation →
$ docker run -p 8080:8080 zstrike/ziri
Gateway listening on :8080
Admin UI ready at :8080/admin
3 Cedar policies loaded
Incoming request from user-alice
Model: gpt-4o
API key validated
Rate limit: 47/100 remaining
Policy: PERMIT
Cost tracked: $0.03
→ Forwarded to OpenAI (124ms)

// Only allow GPT-4 during business hours
permit(
principal,
action == Action::"chat",
resource == Model::"gpt-4o"
) when {
context.hour >= 9 &&
context.hour <= 17
};
// Cap daily spend per user
forbid(
principal,
action,
resource
) when {
principal.dailySpend > 50.00
};

Declarative Cedar policies

Define access rules in Cedar — the same policy language used by AWS. Readable, testable, and version-controlled alongside your code.

  • Restrict models by user, team, or time of day
  • Set per-user daily and monthly spend caps
  • Block specific actions while allowing others
  • Version control policies alongside your code
Policy reference →

First-class SDK for Node.js

The @ziri/sdk npm package gives you programmatic control over keys, policies, usage, and more.

  • Manage API keys programmatically
  • Query usage and cost data
  • CRUD operations on Cedar policies
  • Full TypeScript support
SDK documentation →
import { Ziri } from '@ziri/sdk';
const ziri = new Ziri({
baseUrl: 'http://localhost:8080',
adminKey: process.env.ZIRI_ADMIN_KEY
});
// Create an API key for a user
const key = await ziri.keys.create({
userId: 'alice',
rateLimit: 100,
dailySpendCap: 50.00
});
// Check usage for a user
const usage = await ziri.usage.get({
userId: 'alice',
period: 'month'
});

Ready to take control of your AI spend?

Deploy Ziri in minutes and start governing your team's AI API usage. Open source, self-hosted, and free to get started.