RelayOrb

RelayOrb - production-grade tool infrastructure

RelayOrb - Tool Control Plane for AI Agents

Control plane for production AI agents. Versioned tool routing, schema validation, and audit logs for teams operating dozens of agents and tools.

Open Source · Hosted demo retired · Terraform modules · Weekly module smoke CI

Public gateway - private registry - worker - SQL state

Why RelayOrb

Ad-hoc tool wiring degrades quickly in production. RelayOrb adds the control-plane guarantees needed to keep agent tool calls reliable and auditable.

Contract-first validation

JSON Schema input/output validation prevents silent payload drift.

Governance and ownership

Capability namespaces are governed with explicit ownership boundaries.

Routing and health discovery

Gateway selects healthy providers through Registry heartbeats.

Idempotency and async jobs

Retry-safe invoke behavior and async jobs in full production mode.

Metrics, traces, alerts

Prometheus metrics and OTEL traces make tool behavior observable.

Secure by default

OIDC in prod with private internals behind Cloud Run IAM.

Who this is for

RelayOrb is for teams that already operate enough agents and tools for ad-hoc wiring to become a reliability problem.

SRE / platform engineers running production AI agents

Your team is operating five or more internal agents that collectively call dozens of tools.

You need schema validation, versioning, and audit logs on every tool call. Ad-hoc wiring breaks at this scale. RelayOrb is the control plane.

Engineering leads accountable for agent reliability

You need to know which agent called which tool with which version when something fails.

You need to roll a tool version forward or back without redeploying every agent. RelayOrb gives you that pivot point.

Teams replacing in-house tool routers

You built your own gateway between agents and tools because nothing off-the-shelf existed.

Now it's tech debt. RelayOrb replaces it with versioned routing, OIDC-protected endpoints, and observable invocation state.

Who this isn't for

  • Solo developers and small teams. If you're wiring one agent to a handful of tools, ad-hoc wiring is correct. The control-plane overhead isn't worth it until you're managing many-to-many agent-to-tool relationships.
  • Anyone without production AI agents in flight. RelayOrb solves a problem you don't have yet. Come back when you do.
  • Hobbyists exploring agent frameworks. Start with the underlying frameworks (LangChain, LlamaIndex, plain MCP). RelayOrb sits one layer up; you'll feel its value only after the layer below is in active use.

How it works

  1. Agent calls Gateway with capability ID and payload.
  2. Gateway validates auth, policy, and JSON schema contract.
  3. Registry returns healthy provider candidates.
  4. Gateway forwards to Worker and validates response schema.
  5. Metrics/traces are emitted for full request lifecycle visibility.

Production behavior is published separately in the 30-day reliability report. It uses real Cloud Monitoring data and explicitly labels the traffic as synthetic control-plane load rather than public adoption.

See RelayOrb in 3D

Interactive control-plane simulation of all six platform capabilities: contracts, governance, routing, replay safety, async jobs, and observability.

Live Control Plane Simulation

Human-readable system hop view

Flow
Payload In
Identity Check
Permission Check
Provider Selection
Duplicate Protection
Async Dispatch
Trace Record
Output Out
Client
Gateway
Policy Engine
Registry
Worker
Telemetry
Wikipedia
OpenLibrary
Hacker News
Live Data Hop
Fraud Decisioning • Stage 1/6: Identity Check
Source System
Client
Payload In
Destination System
Gateway
Action: Identity Check
requestId=fraud-2026-03-05-00041 · capability=fraud.score@v2
Why this matters: Prevents unknown callers from reaching tools.
Gateway verifies signed risk request from the card authorization service.

Payload In

{
  "requestId": "fraud-2026-03-05-00041",
  "caller": {
    "agentId": "risk-bot",
    "role": "risk_engine"
  },
  "capability": "fraud.score@v2",
  "payload": {
    "txId": "txn_8F2A91",
    "amount": 842.1,
    "currency": "USD",
    "merchant": {
      "mcc": "5732",
      "country": "US"
    },
    "cardPresent": false,
    "deviceId": "dev_44ad0f",
    "ip": "172.58.12.44"
  }
}

What RelayOrb Does

Authenticates risk-bot and enforces role=risk_engine policy.

Routes to healthy risk providers with automatic failover.

Validates response schema before returning the decision.

Stores trace + replay artifact for chargeback and audit.

Output Out

{
  "status": "ok",
  "data": {
    "decision": "step_up_auth",
    "score": 0.87,
    "reasons": [
      "new_device",
      "high_amount",
      "geo_velocity"
    ],
    "nextAction": "3DS_CHALLENGE"
  }
}

Self-host the demo posture

The hosted anonymous demo has been retired. The demo module still gives you the same read-only, allowlisted, rate-limited posture in your own project. Canonical guidance stays indocs/DEMO.md.

Self-hosted demo invoke (rag.search@v1)

curl -sS -X POST "https://YOUR-DEMO-URL/v1/invoke" \
  -H "Content-Type: application/json" \
  -d '{
    "requestId": "demo-001",
    "caller": { "agentId": "anon", "role": "demo" },
    "capability": "rag.search@v1",
    "payload": { "query": "What is RelayOrb?" }
  }'

Replace YOUR-DEMO-URL with the endpoint from your own demo deployment.

Deploy with Terraform

Production and demo postures are available as Terraform Registry modules.

Prod module (OIDC-first)

Open module

khalidsaidi/relayorb/google

module "relayorb" {
  source  = "khalidsaidi/relayorb/google"
  version = "0.1.1"

  project_id     = "relayorb-prod"
  gateway_image  = "ghcr.io/khalidsaidi/relayorb-gateway:v0.1.1"
  registry_image = "ghcr.io/khalidsaidi/relayorb-registry:v0.1.1"
  worker_image   = "ghcr.io/khalidsaidi/relayorb-rag:v0.1.1"
  scraper_image  = "ghcr.io/khalidsaidi/relayorb-metrics-scraper:v0.1.1"
}

Demo module (anonymous posture)

Open module

khalidsaidi/relayorb-demo/google

module "relayorb_demo" {
  source  = "khalidsaidi/relayorb-demo/google"
  version = "0.1.0"

  project_id     = "relayorb-demo"
  gateway_image  = "ghcr.io/khalidsaidi/relayorb-gateway:v0.1.1"
  registry_image = "ghcr.io/khalidsaidi/relayorb-registry:v0.1.1"
  worker_image   = "ghcr.io/khalidsaidi/relayorb-rag:v0.1.1"
  scraper_image  = "ghcr.io/khalidsaidi/relayorb-metrics-scraper:v0.1.1"
}

Open source, production-shaped

Smokes + conformance harness validate behavior before changes ship.
Remote Terraform state and deployment verifier keep demo posture stable.
Weekly Terraform module smoke workflow catches registry/install regressions.
Runbook-driven operations with clear guardrails for public demo safety.

Agentability Report

Public machine-readiness report for relayorb.com.