Architecture & what's deployed
Every AI call below flows through one gateway: it authenticates the caller, routes by the
model in the body, talks to backends on your behalf, and records token usage — the "service mesh of the AI era."
❶ LLM Gateway pillar
❷ MCP Gateway pillar
❸ Agent Gateway pillar
Deployed resources
Intelligent Loan Advisor
A 4-step chain — Understand Intent → Query Data → Calculate Risk → Generate Proposal. Every LLM hop goes through the gateway as a normal OpenAI call.
Agent E2E — the full tool-calling loop
The model never opens a socket — it only emits a tool_call. The
orchestrator runs the tool via the MCP gateway and feeds the result back.
All four hops go through the gateway.
Agent Gateway — A2A agent via Private DNS
A live A2A agent (Agent-to-Agent, JSON-RPC 2.0) is published behind the gateway.
The /agent/ route forwards to a Private DNS service — Kong resolves
loan-agent.agentgw.local through the PrivateDNS service source at request time, so
there is no hardcoded backend IP. The agent itself runs an LLM + MCP loop.
Governance capabilities
Live proof of what the gateway enforces: authentication, unified multi-model access, model allowlisting, observability, and control-plane config.
Data Masking — live gateway probe
The Tencent AI Gateway can redact PII with its
Forwarding Masking plugin — sensitive fields are replaced with placeholders
(e.g. [手机号]) before the prompt reaches the LLM. This page does
not mask anything itself: it sends raw PII through the
loan-chat Model API and asks the model to echo it back verbatim.
Whatever returns is exactly what the gateway forwarded — so it proves whether Tencent's masking
is on.
PII categories the gateway can mask
These built-in types live in the Data Masking plugin on the Model API in the TSE console. The probe below highlights any of these it finds in your prompt.
MCP Gateway — REST→MCP
The gateway turns a plain REST API (api.frankfurter.app) into an MCP tool.
The client speaks pure MCP (JSON-RPC over StreamableHttp) — no SDK on the backend side.