CRP-SPEC-043: The Gateway as Runtime Product & The Visual Console¶
Document: CRP-SPEC-043
Title: Context Relay Protocol (CRP) - CRP Gateway as the Full Runtime Product: Subscription Service, Complete Capability Access, and the Low-Code/No-Code Console
Version: 1.0.0
Status: Foundational - Product Definition
Author: Constantinos Vidiniotis, AutoCyber AI Pty Ltd
Date: 2026-06-01
License: CC BY 4.0
Extends: CRP-SPEC-016 (Gateway service contract)
Prerequisites: CRP-SPEC-016, 031, 032, 037, 040
Abstract¶
SPEC-016 specifies the Gateway as a service contract; the Gateway Blueprint specifies its internals. Neither defines it as a product with a clear purpose, customer, and the full-capability surface it must expose. This document does. The CRP Gateway is the runtime product: a managed, hosted subscription service where a customer points their application at the Gateway and receives, on every LLM call, full CRP governance (safety, provenance, compliance signals) plus the complete context-management capability suite (CDR, CDGR, CSO, STL, knowledge, sessions, tools) - accessed both through the API and, critically, through a low-code/no-code visual console that lets non-developers and developers alike configure and operate governed AI pipelines without writing code. The Gateway answers one question: how do I run governed, context-managed AI in production, without building any of it myself? This specification defines its purpose, its boundary against CRP Comply and CRP Scan, its full capability surface, the visual console that is currently missing, and its subscription model.
1. What the Gateway Is - Purpose and Boundary¶
1.1 The One-Sentence Purpose¶
The Gateway is the managed runtime: point your application at it and every AI call is governed and context-managed, configurable by API or visual console, on a rolling subscription - so you never build context management, safety, or compliance instrumentation yourself.
1.2 The Clean Boundary (Gateway vs Comply vs Scan)¶
The three products form one pipeline with no overlap:
┌────────────────────────────────────────────────────────────────┐
│ CRP SCAN - "FIND" │
│ Discovers ungoverned AI calls in your codebase. │
│ Routes findings + remediations onward. │
├────────────────────────────────────────────────────────────────┤
│ CRP GATEWAY - "RUN" ◀── THIS DOCUMENT │
│ The runtime. Governs every call. Provides the full context │
│ capability suite. API + visual console. Rolling subscription. │
│ Produces the tamper-evident runtime evidence. │
├────────────────────────────────────────────────────────────────┤
│ CRP COMPLY - "PROVE" │
│ Consumes the Gateway's runtime evidence. Adds artefacts + │
│ the expert agent. Produces audit-ready deliverables & packs. │
│ NOT a runtime - it proves what the runtime did. │
└────────────────────────────────────────────────────────────────┘
The remediation CRP Scan recommends and CRP Comply tracks IS:
"route this call through the Gateway." The Gateway is the fix.
The Gateway's output is the evidence Comply packages.
This boundary resolves the blur: the Gateway is the only runtime. Comply does not run a parallel proxy (SPEC-042 retires it); Comply consumes the Gateway. Scan finds what isn't yet on the Gateway. One runtime, one compliance layer, one scanner.
1.3 Who Buys It¶
| Customer | Why |
|---|---|
| Developers shipping AI features | governance + quality without building it |
| Companies running AI in production | managed, compliant, no infra |
| Teams with weak/local models | the context capability that lifts output quality |
| Non-technical AI builders | the visual console - governed AI without code |
2. The Full Capability Surface¶
The Gateway must expose CRP's entire capability suite, not just governance. This is what "all their LLM calls governed but also have at their disposal the various context strategies" means.
2.1 Governance (always on)¶
Every call, automatically: DPE risk scoring (SPEC-005), Safety Policy enforcement + halt (SPEC-006), HMAC provenance chain (SPEC-011), compliance classification (SPEC-010), all emitted as headers (SPEC-002). This is the baseline - the reason to route through the Gateway at all.
2.2 Context Capability (at the customer's disposal)¶
The full context-management suite, available on demand:
| Capability | Spec | What the customer gets |
|---|---|---|
| Knowledge (CKF) | 009 | ingest documents → grounded answers |
| Coverage-Differential Retrieval | 024 | quality that holds at any output length |
| Graph retrieval (CDGR) | 025 | multi-hop, connector-aware grounding |
| Cognitive State relay (CSO) | 030 | coherent long/multi-step work |
| Semantic Task Layer (STL) | 031 | positioning - focused, token-efficient |
| Multi-horizon context | 028 | conversation + document + tool context |
| Tool/agentic support | 029 | governed tool use, tool provenance |
| Storage backends | 038 | bring-your-own-store, locatable, sovereign |
2.3 Safety Control (self-service)¶
The Safety Control Plane (SPEC-033): tune grounding, halt levels, PII handling, add custom rules, define checkpoints - visually, no code. Shared with Comply (same control plane, same config, SPEC-037).
2.4 Amplification (opt-in)¶
For weak/local models on async tasks: AIR/CQR/CLD/ROS via PEF (SPEC-018–022), governed by the opt-in boundary (SPEC-023). Off by default; available when wanted.
3. The Visual Console - Low-Code/No-Code (the missing surface)¶
3.1 Why This Is the Key Missing Piece¶
The Gateway today is API-only. The customer's stated need: "the various context strategies via an API or even better something graphical / low-code-no-code." A visual console turns the Gateway from a developer tool into a product anyone can operate - and it is the single biggest expansion of the Gateway's addressable market.
3.2 What the Console Provides¶
┌─ CRP GATEWAY CONSOLE ─────────────────────────────────────────┐
│ Pipelines Knowledge Safety Playground Analytics │
│ │
│ ┌─ BUILD A GOVERNED AI PIPELINE (no code) ─────────────────┐ │
│ │ │ │
│ │ [Input] → [Knowledge: my-docs ▾] → [Depth: thorough ▾] │ │
│ │ → [Safety: strict ▾] → [Checkpoint: >$1M ▾] │ │
│ │ → [Model: gpt-4o ▾] → [Output] │ │
│ │ │ │
│ │ Drag blocks to compose. Each block is a CRP capability. │ │
│ │ [ Test ] [ Deploy as endpoint ] [ Export as code ] │ │
│ └───────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────┘
3.3 Console Surfaces¶
| Surface | What it does (no code) |
|---|---|
| Pipelines | visually compose governed AI flows - drag capability blocks (knowledge, depth, safety, checkpoints, tools, model), connect them, deploy as a live endpoint |
| Knowledge | upload/manage documents, see the CKF, browse what the AI knows, set storage location (SPEC-038) |
| Safety | the visual Safety Control Plane (SPEC-033) - sliders, toggles, checkpoint builder |
| Playground | test prompts against the configured pipeline, see governance signals live (risk, grounding, sources) |
| Analytics | the observability dashboard - calls, quality trends, fabrications caught, token savings, cost |
3.4 The Three Operating Modes¶
The console serves all skill levels: - No-code: compose pipelines visually, deploy endpoints, never see code. - Low-code: visual composition + small custom expressions (a checkpoint condition, a custom rule). - Code: "Export as code" generates the SDK/config (SPEC-032/037) for developers who want to take the visual pipeline into their codebase. The console and code are the same underlying config (SPEC-037) - visual edits and code edits are interchangeable.
3.5 Deploy-as-Endpoint¶
A pipeline built in the console deploys as a live, governed API endpoint the customer's app calls - the visual flow becomes production infrastructure. This is the no-code payoff: build a governed AI pipeline by dragging blocks, click deploy, get a production endpoint, no code written.
4. The Subscription Model¶
Rolling subscription, usage-based, distinct from Comply's compliance tiers:
| Tier | For | Includes |
|---|---|---|
| Free | trial, hobby | governance on N calls/mo, basic console, community |
| Developer | individual devs | higher quota, full context suite, API + console, code export |
| Team | scale-ups | shared pipelines, more knowledge, analytics, SSO |
| Business/Enterprise | production at scale | high volume, data residency, dedicated capacity, SLAs, on-prem option |
The Gateway monetises runtime (calls governed, capability used). Comply monetises compliance (deliverables, evidence, audit-readiness). A customer may subscribe to one or both: the Gateway to run governed AI, Comply to prove it. They compose but are sold separately.
5. The Relationship to Comply and Scan (operational)¶
5.1 Gateway → Comply (evidence flow)¶
A Gateway customer who also needs compliance connects their Gateway to Comply. The Gateway's runtime evidence (the HMAC audit chain, risk scores, checkpoint resolutions) streams into Comply's Layer 3 (SPEC-040 §5, SPEC-042). The customer runs on the Gateway; Comply turns that runtime into audit-ready evidence. No duplicate instrumentation.
5.2 Scan → Gateway (the remediation target)¶
When CRP Scan finds an ungoverned call, the remediation (SPEC-036) is "route it through the Gateway" - the diff swaps the base_url to the Gateway endpoint. The Gateway is literally the fix Scan recommends. Scan finds; the Gateway governs; Comply proves.
5.3 One Config Across All Three¶
The unified config (SPEC-037) is shared: the safety settings a customer sets in the Gateway console are the same settings Comply reads for evidence and Scan checks against. One source of truth across the ecosystem.
6. Honest Status & Limits¶
The Gateway's runtime (SPEC-016 + Blueprint) is the foundation; this document adds the product framing and the visual console. The console is substantial frontend engineering - a visual pipeline builder, knowledge manager, safety UI, playground, and analytics. It should be built after the runtime is solid, starting with the playground (test a configured pipeline) and the safety UI (the highest-value no-code surfaces), then the full pipeline builder.
The no-code pipeline builder must compile to the same config/SDK as code (SPEC-037) - if the visual and code paths diverge, the "export as code" promise breaks. This is an engineering discipline requirement: one config model, two editing surfaces.
"Deploy as endpoint" means the Gateway hosts customer-defined pipelines - a multi-tenant execution concern (isolation, quota, abuse prevention) that the Gateway architecture (Blueprint §2) must enforce per deployed pipeline.
The boundary with Comply must be held: the Gateway is the runtime, Comply consumes it. If Comply is allowed to keep its own parallel runtime, the blur returns. SPEC-042's retirement of the bespoke proxy is a prerequisite for this clean separation.
7. References¶
- CRP-SPEC-016 - Gateway Service (the contract this productises)
- CRP-SPEC-031 - STL (a console capability block)
- CRP-SPEC-032 - Developer Experience (code export target)
- CRP-SPEC-033 - Safety Control Plane (the console Safety surface)
- CRP-SPEC-037 - Unified Config (the shared source of truth)
- CRP-SPEC-040/042 - Comply (the compliance consumer of Gateway evidence)
Copyright © 2025–2026 AutoCyber AI Pty Ltd. Licensed under CC BY 4.0. CRP™ is a trademark of AutoCyber AI Pty Ltd.