Built by an agency, for agencies running multiple clients.
Talk to us →// THE HIERARCHY
One agency account. N isolated brands. M agents per brand. Each level cryptographically separate from the next.
Your agency account
├─ Brand A // client 1
│ ├─ Provider keys // their OpenAI, Anthropic — isolated
│ └─ Agent tokens // sdr_bot, content_writer, lead_enricher
├─ Brand B // client 2
│ ├─ Provider keys
│ └─ Agent tokens
└─ Brand C // no own keys — uses your pool
└─ Agent tokensclient_id is the identity that follows every request to the traces dashboard. Brand A's traces are physically invisible from Brand B. Brand A's spend bills to Brand A's keys. Not a configuration flag — an architectural guarantee.
// CONTROLS
Per-PAT enforcement at the gateway boundary. One bug can't bleed a whole client.
Hard USD cap per agent. Auto-resets at the brand's billing anchor. The 402 fires at the gateway boundary, before any provider gets called.
RPM (requests per minute) plus RPD (requests per day). Redis-enforced, sliding-window. Distinct from provider rate limits — these are yours.
Restrict which models a specific agent can call. SDR bot stays on the cheap pool; the research agent gets the expensive ones.
Granular per-PAT permissions. gate:chat, gate:models, gate:usage — independently grantable.
// INVITE CONTRIBUTOR
A signed 72-hour link. They paste, server-side encrypts, the key lands in their brand's vault. Slack-paste-keys is a discipline failure; this is the fix.
You invite the client (or their IT lead) via email from the dashboard.
They click the signed 72-hour link. No login required.
They paste their OpenAI / Anthropic / whatever key into a form on their browser.
Key lands encrypted in their brand's vault. Their agents route through it. Their bill goes to their card.
You never see it. They can revoke at any time. No support-ticket dance.
// PER-BRAND DASHBOARD
Five dashboard tabs per brand. Give the client a login or keep it for yourself — same surface either way.
Active agents, monthly spend, top models. The one screen a client opens first.
Date-ranged request and spend analytics. Per-agent, per-model breakdowns.
Full input + output content viewer. Show it to the client, or redact at the brand level.
That brand's agents, budgets, rate limits, model allowlists. CRUD with audit trail.
That brand's provider keys. Brand-isolated; Brand A cannot see Brand B's vault.
// VS PERSONAL ROUTERS
Side-by-side, where the line is.
When you're solo
Manifest (6.6k stars, MIT) ships task aliases and OAuth subscription auth — both features we share. For one developer with one project, it works.
When you have clients
The moment you have multiple clients, the personal-router model collapses. SpiderGate is what you would build next if you kept going.
If you're solo and just want a personal router, Manifest is great. The moment you have clients, agents, or per-team budgets to enforce — that is when SpiderGate's tenancy, delegated invite, and per-agent enforcement become the reason you switch.
// PROOF
Citable customers, attributable numbers. The math holds at production scale.
Provider keys in vault
VayaPin — directory + user-profile platform
Client brands isolated under one account
Di-Atomic Agency — the agency that built it
Cross-brand data leakage
Architectural — guarantee, not promise
Free requests/day from pooled tiers
Combined — Groq · NVIDIA NIM · Cerebras · Mistral · Google AI
"Directory and user-profile platform. ~50 LLM provider keys live in our SpiderGate vault, powering scraping + content generation across the directory. [Quote pending publication approval.]"
"The AI marketing & compliance agency that built SpiderGate. 5+ client brands isolated under one account: cognitoAI, GUNGUARD, VayaPin, Danmagi, Shippiz. [Quote pending publication approval.]"
"South-African creative + media agency running client AI work on SpiderGate's per-brand isolation. Listed on Sortlist as a verified agency. [Quote pending publication approval.]"
Per-brand pricing on application. Tell us how many agents you run, how many brands you serve, and your expected requests per month — we come back with a number within 48 hours.
Talk to us →