Answer · Act · Audit · on infrastructure you own

Your API,
fluent in AI.

Frege turns your OpenAPI spec and docs into one AI surface that both answers questions about your API and operates it — grounded in your own docs, governed by your own access rules, audited end to end. Self-host the platform and the model, so your data never leaves your network.

Open dashboard See how it works
Self-host the platform & the model Your data & model never leave your network Grounded, cited answers from your docs OpenAPI tools, callable by AI Per-tool & per-doc access control Versioned · Audited · Air-gap-ready
Knowledge + action, one surface

Stop choosing between an "Ask AI" widget and a programmatic API.

Docs AI products like Kapa give your customers cited answers. Custom MCP servers let agents call your API. Frege does both — over the same docs, the same tools, the same access rules, with a single audit trail.

Grounded answers, with citations

Frege embeds your docs and OpenAPI descriptions, hybrid-searches them on every question, and replies with the chunks it used. No hallucinated parameters. No wrong endpoint names.

Answer, then act — in one turn

"How do refunds work?" gets a cited answer. "Refund INV-7741" calls your real API. The agent decides, the access rules decide if it's allowed, the audit log captures both.

Docs are first-class

Markdown, version-pinned, addressable, and embedded. Used by the chat for retrieval, exposed to MCP clients for direct reading, and updated through the same workflow as your spec.

Version what an agent sees

Draft, diff, publish, pin, archive, roll back. Both the tools and the docs the AI is grounded in are versioned together — clients pin to v3 and see exactly v3 forever.

Govern access precisely

Ory Keto controls which tools, which docs, and which projects every user or API key can call or read. The retrieval layer respects the same rules as the proxy.

Operate it with confidence

Every tool call, every cited source, every grant change, every webhook delivery — auditable. Project runtimes are isolated; webhooks become MCP notifications; org credentials are encrypted at rest.

How it works

Ingest your API. Ground the AI. Govern the action.

Frege turns the assets you already have — your OpenAPI spec, your markdown docs — into one hosted surface that any AI client can read, ask, and act through.

  • Ingest. Upload OpenAPI 3.0 / 3.1 specs and markdown docs. Frege turns them into a hosted, fine-grained-authorized MCP server — tools, docs, and retrieval under a single endpoint.
  • Ground. Agents call search_docs for cited answers; semantic + keyword retrieval, no hallucinated endpoints.
  • Act. The same agent calls real tools through your API, under Keto-scoped access and approval gates.
  • Govern. Immutable versions, per-key scopes, signed approvals, full audit on both retrieval and execution.
acme/payments live · v3
Q D 14
01 Ingest indexed · 2m ago
payments.openapi.yaml · 14 ops
docs/ · 8 markdown files · 47 chunks embedded
02 Ground retrieval ready
search_docs · hybrid retrieval
BM25 + vector cosine, top-K = 6
03 Act 14 tools live
4 read · 3 write · 7 admin
Keto-scoped · approval-gated writes
04 Govern v3 pinned
23 keys · 0 frozen · 4 grants active
audit log: 1,247 events / last 30d
4 stages live 14 callable tools 47 cited chunks ⊢ knowledge + action under one audit
Workspace

Ask a question. Approve the action. One transcript.

Frege chatrooms are a workspace where humans and agents share the same docs, the same tools, and the same access rules. Answers cite their sources. Writes wait for sign-off. Everything is replayable.

  • Cited, grounded answers. The agent searches your docs and OpenAPI descriptions before replying. Every fact is traceable to a chunk you can click open.
  • Approval-gated writes. The same agent can execute the action it just explained — with a human approving the irreversible step in line.
  • One audit per turn. Retrieval calls, tool calls, approvals, and replies live in one signed transcript your auditors can replay.
  • No more hallucinated endpoints. The agent only calls tools that exist in your spec and only reads docs that have been published.
Open workspace Get started
#refund-q3-2104 acme · finance-ops
Q D DP MC +2
DPdevonhuman · ops14:01
What's our refund window for duplicate charges? Then refund INV-7741 if it qualifies.
Qqwen2.5:32bagent · local14:01
Let me check the policy first.
search_docsretrieval3 hits · 18ms
{ "query": "refund window duplicate charges" }
Duplicate charges are fully refundable within 30 days; partial refunds available after.
cited: guides/refunds.md#duplicates · policy/FIN-RB-04.md
Qqwen2.5:32bagent · local14:02
Pulling INV-7741 to confirm it's in window.
invoices.getread200 · 6ms
{ "id": "INV-7741" }
Confirmed: $148.00 charged twice on Mar 14 — 7 days ago, well within window. Issuing the refund.
payments.refund write awaiting ⊢ from human · scope=write
{ "charge": "ch_3Mp...", "amount": 14800 }
1 of 1 approvers required
devon approved payments.refund · signed 0x7af3·c14e
Ddeepseek-r1:32bagent · auditor · local14:03
Logged for the Q3 audit pack. Cross-checks with the cited policy FIN-RB-04 and the guides/refunds.md chunk.
Q qwen is replying…
2 cited sources 4 tools available 1 awaiting approval ⊢ retrieval & execution both signed & auditable
Sovereignty

Self-host every layer. Limit every user. Plug in any MCP.

Frege the platform, the LLM that powers the chat, the limits each user is bound by, and the external tools the agent can call — all of it runs on your hardware, under your rules, with the keys staying in your hands.

Frege on your metal

Single Go binary plus the open dependencies you already trust — Postgres, MinIO, and Ory (Keto, Kratos, Hydra). Runs on a VM, in Kubernetes, or on an air-gapped cluster. No SaaS calls. No telemetry. No vendor in the request path.

Local LLMs, native

The chat agent speaks OpenAI-compatible APIs and Ollama out of the box. Run Qwen, Llama, DeepSeek, Mistral, or your own fine-tune on your own GPU — cited answers and tool calls without a single chunk reaching a third-party model.

Limits per user, every layer

Rate limits, max input tokens, max output tokens — set per user, per role, or per API key. Throttle a noisy integration without affecting your team. Cap a budget without blocking critical workflows. Applied uniformly to retrieval, tool calls, and chat.

Agentic chat, MCP-native

The chat inside Frege is a full agentic AI in its own right — like Claude or Manus, but yours. It can connect to any external MCP server as additional tools, so the MCPs your team already runs — internal services, Slack, GitHub, anything — show up alongside the tools generated from your OpenAPI specs.

Governed by design

Knowledge and action under the same access rules.

Most "Ask AI" widgets retrieve from a public corpus and have no concept of who's asking. Frege treats retrieval as a privileged operation — same Keto policy model as the proxy, same audit trail.

Retrieval respects the same scopes as tool calls

The agent can only retrieve doc chunks the caller is allowed to read. No leaking internal runbooks to a guest API key just because the chat happens to ask.

Row-level tenant isolation

Tenant-scoped queries run under PostgreSQL row-level security so cross-tenant leaks — in chunks, in tools, in audit — are blocked at the data layer.

Per-tool, per-doc, per-group authorization

Ory Keto decides which tools, documents, and projects each user or API key can call or read. Internal staff and external clients live under different rule sets in the same workspace.

One audit log for retrieval and execution

What the agent searched, what chunks it returned, what tool it called, who approved the write — all in one signed transcript per turn.

⊢ active project · acme/payments
tools + docs + retrieval + audit
clients
claude-desktop
cursor
internal-agent
guest-key
frege gateway
fga allowlist rag scoped ver pinned
runtime
RAGcited answers
MCPtools
HTTPtarget api
LOGaudit trail
allowed tools filtered at the edge denied key hidden from ungranted tools versioned · auditable · isolated
Why Frege

Two questions, one assistant. Three audiences, one surface.

If you've shipped a docs widget, and a custom integration layer, and a bespoke chat for your support team — you've built three things that should be one. Frege is the one.

In our department, AI cannot improvise. Frege grounds every answer in our own official guidance, with citations our compliance team can verify, and lets our agents act on our APIs under the same access rules. That is the difference between a demo and a deployment we can stand behind.
Nodir Ruzimurodov
Nodir Ruzimurodov Head of AI / ML, Ministry of Economics & Finance of Uzbekistan
We run a lot of services across the country, and we evaluate platforms by how they fit our existing operational model. Frege does — versioned per project, isolated per tenant, one audit trail per request. It reads as infrastructure, not as a black box bolted onto our stack.
Yunus Faxriddinov
Yunus Faxriddinov DevOps Specialist, Uzinfocom
AI integrations are a new attack surface for the public sector. Frege's per-resource authorization model and unified audit trail give our reviewers something they can actually approve, with the controls and visibility our regulations require. That changed how we think about adopting these tools.
Rasul Urazbayev
Rasul Urazbayev Managing Director, Ministry of Cybersecurity
Rollout paths

Start with one API. Grow to one assistant for everyone.

Self-hosted or cloud-hosted — same product. Self-host the platform and the model to keep your data on your hardware at every tier. Add docs, add tools, add scopes; everything else is incremental.

Developer
$0forever, free
Get a single project live in an afternoon — spec, docs, grounded chat, MCP endpoint. Validate tool shapes and answer quality before you commit to a rollout plan.
Read getting started
  • Upload OpenAPI & markdown docs
  • Hybrid retrieval over your corpus
  • Cited answers + tool calls in one chat
  • Connect Claude, Cursor, Codex, or Amp
Platform
$499/ month
For teams shipping the AI surface as real infrastructure: versioned, governed, embeddable, with the same access rules across retrieval and execution.
Open dashboard
  • Draft, diff, publish, rollback, and pin versions
  • Per-tool, per-doc, and per-group authorization
  • Webhook receivers + MCP notifications
  • Internal & client surfaces from one workspace
Enterprise
Customself-hosted / air-gapped
For banks, ministries, and org-scale rollouts: on-prem or air-gapped deployment, delegated access, encrypted credentials, custom auth, and one buyer-facing security narrative covering both retrieval and action.
Contact sales
  • Per-tenant SSO & OIDC providers
  • Encrypted org credentials & delegated tokens
  • One audit trail for retrieval & execution
  • Shareable connect flow for downstream onboarding