RelayOrb - production-grade tool infrastructure

RelayOrb - Tool Control Plane for AI Agents

Route agent calls to versioned capabilities with contracts, governance, and observability.

Try the Anonymous Demo Deploy with Terraform View on GitHub

Open Source · Anonymous demo (read-only, rate-limited) · Terraform modules · Weekly module smoke CI

Gateway - Registry - Worker

Why RelayOrb

Ad-hoc tool wiring degrades quickly in production. RelayOrb adds the control-plane guarantees needed to keep agent tool calls reliable and auditable.

Contract-first validation

JSON Schema input/output validation prevents silent payload drift.

Governance and ownership

Capability namespaces are governed with explicit ownership boundaries.

Routing and health discovery

Gateway selects healthy providers through Registry heartbeats.

Idempotency and async jobs

Retry-safe invoke behavior and async jobs in full production mode.

Metrics, traces, alerts

Prometheus metrics and OTEL traces make tool behavior observable.

Secure by default

OIDC in prod with private internals behind Cloud Run IAM.

How it works

Agent calls Gateway with capability ID and payload.
Gateway validates auth, policy, and JSON schema contract.
Registry returns healthy provider candidates.
Gateway forwards to Worker and validates response schema.
Metrics/traces are emitted for full request lifecycle visibility.

See RelayOrb in 3D

Interactive control-plane simulation of all six platform capabilities: contracts, governance, routing, replay safety, async jobs, and observability.

Live Control Plane Simulation

Human-readable system hop view

Flow

Payload In→

Identity Check→

Permission Check→

Provider Selection→

Duplicate Protection→

Async Dispatch→

Trace Record→

Output Out

Client

Gateway

Policy Engine

Registry

Worker

Telemetry

Wikipedia

OpenLibrary

Hacker News

Live Data Hop

Fraud Decisioning • Stage 1/6: Identity Check

Source System

Client

Payload In

→

Destination System

Gateway

Action: Identity Check

requestId=fraud-2026-03-05-00041 · capability=fraud.score@v2

Why this matters: Prevents unknown callers from reaching tools.

Gateway verifies signed risk request from the card authorization service.

Payload In

{
  "requestId": "fraud-2026-03-05-00041",
  "caller": {
    "agentId": "risk-bot",
    "role": "risk_engine"
  },
  "capability": "fraud.score@v2",
  "payload": {
    "txId": "txn_8F2A91",
    "amount": 842.1,
    "currency": "USD",
    "merchant": {
      "mcc": "5732",
      "country": "US"
    },
    "cardPresent": false,
    "deviceId": "dev_44ad0f",
    "ip": "172.58.12.44"
  }
}

What RelayOrb Does

Authenticates risk-bot and enforces role=risk_engine policy.

Routes to healthy risk providers with automatic failover.

Validates response schema before returning the decision.

Stores trace + replay artifact for chargeback and audit.

Output Out

{
  "status": "ok",
  "data": {
    "decision": "step_up_auth",
    "score": 0.87,
    "reasons": [
      "new_device",
      "high_amount",
      "geo_velocity"
    ],
    "nextAction": "3DS_CHALLENGE"
  }
}

Try it in 30 seconds

The anonymous demo is intentionally constrained: read-only, allowlisted, and rate-limited. Canonical demo guidance stays indocs/DEMO.md.

Demo invoke (rag.search@v1)

curl -sS -X POST "http://34.8.48.11/v1/invoke" \
  -H "Content-Type: application/json" \
  -d '{
    "requestId": "demo-001",
    "caller": { "agentId": "anon", "role": "demo" },
    "capability": "rag.search@v1",
    "payload": { "query": "What is RelayOrb?" }
  }'

Demo endpoint may change; canonical URL and examples stay in GitHub docs.

Deploy with Terraform

Production and demo postures are available as Terraform Registry modules.

Prod module (OIDC-first)

Open module

khalidsaidi/relayorb/google

module "relayorb" {
  source  = "khalidsaidi/relayorb/google"
  version = "0.1.1"

  project_id     = "relayorb-prod"
  gateway_image  = "ghcr.io/khalidsaidi/relayorb-gateway:v0.1.1"
  registry_image = "ghcr.io/khalidsaidi/relayorb-registry:v0.1.1"
  worker_image   = "ghcr.io/khalidsaidi/relayorb-rag:v0.1.1"
  scraper_image  = "ghcr.io/khalidsaidi/relayorb-metrics-scraper:v0.1.1"
}

Demo module (anonymous posture)

Open module

khalidsaidi/relayorb-demo/google

module "relayorb_demo" {
  source  = "khalidsaidi/relayorb-demo/google"
  version = "0.1.0"

  project_id     = "relayorb-demo"
  gateway_image  = "ghcr.io/khalidsaidi/relayorb-gateway:v0.1.1"
  registry_image = "ghcr.io/khalidsaidi/relayorb-registry:v0.1.1"
  worker_image   = "ghcr.io/khalidsaidi/relayorb-rag:v0.1.1"
  scraper_image  = "ghcr.io/khalidsaidi/relayorb-metrics-scraper:v0.1.1"
}

Open source, production-shaped

Smokes + conformance harness validate behavior before changes ship.

Remote Terraform state and deployment verifier keep demo posture stable.

Weekly Terraform module smoke workflow catches registry/install regressions.

Runbook-driven operations with clear guardrails for public demo safety.

Agentability Report

Public machine-readiness report for relayorb.com.