Community
Free
Yashigani Community
Apache 2.0 open-source. Up to 20 agents, 5 users, 2 admins, 1 organisation. Local auth only.
Every call inspected. Every policy enforced. Every action audited. Every cost accounted for. Yashigani sits between MCPs, AI agents and the tools they use — nothing crosses the boundary without being authenticated, authorised, accounted and inspected.
v2.24.4
Yashigani is a security enforcement gateway purpose-built for Model Context Protocol (MCP) servers and agentic AI systems. It operates as a proxy, sitting between MCP's, AI agents — even human and non-human clients — and the upstream MCP, API, tools or servers they call.
An LLM or AI Agent that can call tools is an potential threat that can be manipulated. MCP defines the protocol, not the security, data privacy or costs envelope around it. Yashigani fills that gap.
Agentic AI systems are not just chat interfaces. They call real tools, manipulate real data, and execute real operations.
Traditional API gateways and bolt-on AI wrappers were not designed for this.
Bidirectional inspection of every prompt and response. ML pre-filter (under 5ms) plus configurable LLM deep inspection. Fail-closed by default.
One unified identity model for humans, agents, services, and integrations.
Same RBAC, same audit, same trail - full compliance.
Three-tier budget enforcement - organisation / group / user - when the cap hits Yashigani routes to local inference — it never rejects requests.
Three-layer sensitivity pipeline. Run as many open-soource models as you can. CONFIDENTIAL / SENSITIVE data routes to local models only — no override, no bypass. PII detection on both directions.
Deterministic P1–P9 routing with a full reasoning trail. Every decision is reproducible and audited.
Yashigani is the identity broker. Native OIDC and SAML v2. No external Keycloak. One fewer attack surface.
Container-per-identity. No shared filesystems, no shared context. Isolation is not a toggle — it's an architectural invariant.
The Pool Manager replaces broken containers from a warm pool before the user notices. Forensic evidence is preserved before cleanup.
Per-control compliance evidence published under docs/compliance/. PASS / PARTIAL / FAIL / N/A verdicts with file:line evidence. Coverage includes OWASP ASVS v5 L3 (all chapters), OWASP API Security, and the OWASP Agentic AI / LLM Top 10.
From a single developer on a laptop to a multi-region enterprise deployment. Every tier ships from the same single branch — features are gated by signed licence, not by separate builds.
Open-source, plus free verified non-profit and education licences.
Apache 2.0 open-source. Up to 20 agents, 5 users, 2 admins, 1 organisation. Local auth only.
Free for verified non-profits and educational institutions. Unlimited agents, users, admins, IdPs. SAML, OIDC, SCIM included.
From 6 friends in a garage to a full scale up or medium businesses growing from pilot to production.
All plans billed annualy
Up to 200 agents, 50 users, 5 admins. 1 OIDC identity provider. For pilots and small production deployments.
Up to 400 agents, 100 users, 10 admins. 1 OIDC IdP.
Expand with up to 5x 50-user bundles at £150/month each.
Up to 2,000 agents, 500 users, 25 admins. 1 OIDC + 1 SAML IdP. SCIM provisioning. Bundles available.
For multi-org, multi-region, large-scale deployments.
Dedicated partner support and training.
Support Packages billed separatly and taylored to your needs
Up to 16,000 agents, 4,000 users, 100 admins, 5 IdPs, 5 orgs. Partial multi-tenant isolation.
Bundles of 250 users available.
Unlimited everything. Full multi-tenant isolation. Unlimited IdPs and orgs.
For independent and isolated multinational deployments at scale.
Prices exclude VAT. Need help choosing? Talk to us. Or read the full README on GitHub.
A 30-minute demo, no sales pressure. We'll show you the inspection pipeline, the routing engine, and the audit trail.
Request a demo →