The infrastructure layer for production AI agents.
Brutor turns any agent — built with LangChain, CrewAI, AutoGen, or your own code — into a governed, observable, interoperable service. Native A2A and MCP support means your agents talk to each other and to your tools without bespoke glue.
Agents are easy to prototype. Production is where they stall.
Three blockers stand between a working demo and a deployed agent. Brutor removes all three at the gateway layer, not the framework layer — so your agent code stays framework-agnostic.
Govern
Tenant auth, RBAC, and resource-group isolation on every agent call. The same governance rails apply to humans and agents alike.
- Resource-group isolation per agent
- Three-state HITL approval (enabled / approval-required / disabled)
- Policy-as-Code with versioned YAML bundles, validate → dry-run → apply → rollback
- Per-team cost caps enforced in real time
- Guardrails before any prompt reaches a model
Connect
Native protocols, not bespoke glue. Your agents discover and call each other, bring their own tools, and reach every modality — all without per-vendor SDKs.
- Native A2A protocol — agents discover and call agents
- MCP-native — bring any MCP server you trust
- Every modality — text, image, voice, and video models behind one endpoint
- One OpenAI-compatible endpoint for every LLM provider
- Move agents between providers with no rewrites
Observe
Every invocation logged, tagged, and costed back to its calling team. Latency, errors, tool calls, and token spend — queryable in one place.
- Full audit trail for every agent invocation
- Proxy logs with full request / response bodies
- Cost attribution by user, team, agent, and tool
- Filterable by user, model, server, or date range
A2A, first-class — not bolted on.
Most platforms tack agent-to-agent communication on as an afterthought. Brutor implements the A2A v1.0 specification natively in the Gateway, so every A2A call inherits the same governance and observability as a regular LLM call.
Discovery
Your agent advertises its capabilities at /.well-known/agent-card/{tenant}/{name}. Brutor signs and serves the Agent Card with Ed25519 JWS, RBAC-filtered per caller.
Streaming & delegation
SSE token streaming, full task lifecycle (SUBMITTED → WORKING → COMPLETED), push notifications, and HMAC-signed delegation chains across multi-hop calls — all per the A2A v1.0 spec, no vendor extensions.
Same governance
A2A traffic is governed identically to LLM traffic: same auth, same cost ceilings, same audit trail. No second control plane to operate.
One config away
Turn any existing agent into an A2A-compliant endpoint other agents can call. The Gateway handles the protocol surface — no SDK rewrite.
Versioned workflows any client can call.
Skills are the Brutor abstraction for composable agent workflows — model + MCP tools + scripts + templates, packaged as a single callable unit. Publish once, run from any AI client; every skill is exposed as an MCP tool, so an agent invokes it identically to any other tool.
Versioned and immutable. Every skill ships with semantic versioning and moves through a DRAFT → VALIDATED → PUBLISHED lifecycle. Once published, a version is immutable — changes require a new version, so callers always know exactly what they’re running.
Same orchestrator, every caller. Whether a skill is invoked from the User Portal, a custom client, or another agent, it converges on the same orchestration pipeline at the Gateway. Approvals, audit, and resource-group rules apply identically.
Built by IT, called everywhere. Skills are typically authored by IT or a platform team and made available via resource-group scoping. Marketing’s Skills surface in the Marketing workspace; Engineering’s surface in the Engineering workspace — the same workspace abstraction the User Portal exposes to end-users.
# Invoke a skill from any MCP-aware client POST /v1/proxy/mcp/system-agent-skill-server Authorization: Bearer sk_brutor_... { "jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "skill__triage-ticket", "arguments": { "ticket_id": "7421" } } } # Same call works from User Portal, custom UI, or another agent. # RBAC, HITL, audit, cost cap apply identically.
Your agents bring their own tools.
Brutor is MCP-native at the Gateway. Connect any MCP server you trust — once at the resource-group level — and every agent in that group inherits scoped access through RBAC. Tool calls are guardrailed, audited, and rate-limited at the Gateway, so you don’t have to re-implement any of that per agent.
One ingress. Full governance. Zero lock-in.
Every agent call — to an LLM, to an MCP tool, or to another A2A agent — flows through the same Brutor Gateway. That’s where auth happens, where budgets are enforced, where logs are written. Your agent code never knows which provider it’s talking to.
Six entry points to build on the Gateway.
From a one-line LLM swap to a full A2A agent network: unified LLM API, MCP proxy, Skills, Portal API, your own A2A agent, and the Knowledge Base. Plus drop-in guides for Claude Code, Goose, LangChain & LangGraph, and Open WebUI — all under the same governance, observability, and audit.
Ship your first governed agent this week.
Spin up a Brutor trial, point your agent at the Gateway, and watch the cost, audit, and RBAC light up — no code changes required.