Eve Gateway

Eve is the gateway and unified API layer for Eden. It gives applications, services, users, and agents one governed path to models, tools, APIs, and databases.

Use Eve when you want to centralize authentication, routing, endpoint credentials, policy enforcement, observability, and auditability instead of giving every client a direct path to every backend.

What Eve Does

Eve sits between callers and production systems:

text

Apps, services, agents, operators
        |
        v
Eve gateway and API
        |
        +-- Models
        +-- Tools and functions
        +-- REST APIs and webhooks
        +-- Databases and caches

For every request, Eve can attach identity, organization context, endpoint permissions, routing decisions, policy outcome, telemetry, and cost or performance metadata.

Core Capabilities

Capability	Description
Authentication	Users and robots authenticate into an organization-scoped access model.
RBAC	Eve evaluates whether the subject can configure or use a resource.
Endpoint registry	Databases, model providers, APIs, functions, and tools are configured as named endpoints.
Native gateway path	Eve can speak native database protocols where supported, including Redis, PostgreSQL, MySQL, MongoDB, and ClickHouse.
Routing	Requests can be routed to the correct model, database, API, or tool without embedding backend credentials in every client.
Command policy	Risky commands can be observed, warned, or blocked before they reach the backend.
Observability	Gateway telemetry includes request, routing, policy, latency, endpoint, and migration context.
Transactions and workflows	Eve supports higher-level operations across endpoints when the endpoint family supports them.

Endpoint Families

Eve is designed to manage different endpoint types through the same organization, authentication, RBAC, and API model.

Family	Examples	Common use
Relational databases	PostgreSQL, MySQL, SQL Server, Oracle	Operational data, transactions, SQL workloads
Document databases	MongoDB	JSON/document workloads and aggregation
Key-value stores	Redis, Valkey-compatible targets	Caches, sessions, queues, high-throughput data
Analytics systems	ClickHouse	Event analytics and operational reporting
Vector stores	Pinecone	Retrieval and semantic search
Model providers	OpenAI, Anthropic, Ollama, OpenRouter	AI inference and tool-calling routes
HTTP services	REST APIs, webhooks, internal services	External and internal service access

See Endpoints for configuration details.

Request Lifecycle

A typical Eve request follows this path:

The caller authenticates as a human user, robot, application, or agent.
Eve resolves the organization and endpoint.
Eve checks control-plane or data-plane permissions for the requested action.
Eve applies routing, policy, masking, budget, or command controls where configured.
Eve forwards the request to the backend using the endpoint's configured connection.
Eve records telemetry, audit context, and response metadata.

What Operators Configure

Operators usually configure:

Organizations and bootstrap administrators.
Human users, robot credentials, and token handling.
Endpoint definitions and credentials.
Control-plane and data-plane RBAC grants.
Interlays when traffic must pass through a native protocol listener.
Policy, observability export, rate limits, and workflow templates.

When Eve Is In The Critical Path

Eve is in the critical request path when applications, agents, or users connect to Eve instead of connecting directly to the backend. This is the model used for gateway access, native protocol proxying, command policy, request analytics, and live migrations.

Because Eve can sit in the path of production traffic, treat endpoint onboarding as an operational change:

Confirm endpoint health before moving clients.
Grant least-privilege RBAC before exposing endpoints.
Export telemetry before production rollout.
Establish rollback and emergency bypass procedures for critical systems.

Last updated: October 20, 2018