What ENES can help you do
Pick a starting point. ENES opens a conversation, reads your tenant first, and walks you through it — proposing every change for your approval.
{{ g.label }}
{{ g.tagline }}On the name
Anas · أنس
“ENES — named for Anas ibn Malik, who served faithfully for ten years and was never once reproached, and who carried what he was given, word for word, all his life. The name means companionship: the comfort of not facing the hard work alone.”
What ENES holds to
Draft a Portkey gateway config
Describe, in plain words, what you want your AI gateway to do — provider routing, fallback, load-balancing, caching, or a Prisma AIRS scan on the traffic. ENES writes a valid config, grounded in the Portkey schema, for you to copy. Nothing is created in your tenant.
Creates the config above in your account. Add your Prisma AIRS guardrail ID to scan its traffic; the key is used once and never stored.
{{ pdSnippet }}
Test a profile with a sample prompt
Like Postman for Prisma AIRS: send a real prompt through a security profile and see whether it is allowed or blocked, and which detectors fire. ENES sends the scan for real. Your API key is used for this one call only — never stored.
Each prompt is sent as its own separate scan. Keys are masked as <your-api-key> in every “API call we sent” box — drop yours in to replay any of them.
Build custom-topic guardrails
Describe your assistant and what to keep in or out of bounds. ENES drafts proper AIRS custom topics — inside every official limit — then creates them in your tenant, attaches them to a profile as allowed or blocked, and can test a prompt against it. Nothing is claimed the tenant didn’t actually save.
This tenant's management credentials — used once for this push, never stored.
{{ tgNotes }}
{{ tgJson }}
Stress / volumetric test
Fire a controlled burst of scans through a profile to see how it holds up under load — throughput, latency percentiles, and rate-limit behavior — so you know the real numbers before a customer does.
Advanced · concurrency
“{{ confirmTitle }}” will be permanently removed. This can’t be undone.
What should I call you?
So I can address you properly. Just your first name is perfect.
Connect the systems ENES helps you secure. Credentials are encrypted at rest and never kept in your browser.
{{ connectBlurb }}
{{ connectErr }}
Gateway guardrail bench
Fire an attack corpus through your live Portkey gateway and see, prompt by prompt, what an AIRS-guarded config actually blocks — and what a baseline config lets through. Real gateway calls; ENES reports exactly what comes back.
Results
latency p50 {{ l.p50 }} · p90 {{ l.p90 }} · p99 {{ l.p99 }}
Portkey Workbench
A Postman-style console for your Portkey gateway. Compose any request — method, URL, headers, query params, raw body — fire it live, and inspect the raw response, with the served model, token usage, and guardrail checks called out. Your key stays in the headers you set, used per call, never stored.
Migrate a gateway → Portkey
Bring a LiteLLM or Kong AI Gateway config into Portkey. ENES translates it into a Portkey Config plus a dependency-ordered create-plan — and, above all, an honest report of what maps cleanly, what’s approximate, and what has no Portkey equivalent. Nothing is written to Portkey and no secret is read — credentials become placeholders you fill in at push time.
config.yamlIt’s the file you start the proxy with — you almost certainly already have it:
litellm --config config.yaml # or the CONFIG_FILE_PATH env var
Running in a container or cluster? Read it straight out:
docker exec <container> cat /app/config.yaml kubectl get configmap <litellm-config> -o yaml # on Kubernetes
config.yaml it booted from still migrates your routing, caching, retry and guardrail settings — and the Report below flags the database-only pieces as gaps so nothing is silently dropped.kong.ymlExport the declarative config with decK — this works for self-managed Kong and Konnect alike:
deck gateway dump -o kong.yml # older decK: deck dump
Or just use the kong.yml you already deploy from.
{{ mgLiveIntro }}
{{ mgConnectHint }}
{{ mgUploadHint }}
{{ mgCfgSlug }}{{ mgCfgText }}
What ENES would create in Portkey, in dependency order. Nothing here runs yet — the push stage will, and the Portkey target (base URL + admin key) is entered then, per run, never hardcoded.
Push this migration into a Portkey tenant you own. The target — base URL + Admin API key — is entered here, used once per call, and never stored. ENES diffs against what already exists (idempotent by name/slug); nothing is created until you press Apply.
{{ k.name }}{{ k.value }}Fleet posture board
Pull your live Koi fleet — every enrolled device and the agentic surface on it (extensions, MCPs, skills, packages) — into one board, each item risk-scored critical → low. Read-only.
Scan a Hugging Face model
Paste a Hugging Face model repo — or several — and Prisma AIRS Model Scanning checks each one for supply-chain threats (unsafe pickles, embedded executables, and more) under our scanning policy, then hands you a go / no-go verdict. Nothing to set up: scanning runs on our tenant, so there are no keys or logins for you to manage.
{{ r.rawJson }}Size a self-hosted gateway
Portkey publishes no sizing table — so this measures the real per-pod RPS ceiling from the gateway's /metrics under load (or you supply it), then computes replicas, CPU/memory, nodes, log storage, and a latency budget. Every number is tagged by where it came from.
/metrics, or ~10–20 ms.:8787/metrics), the base URL probe traffic hits (:8787/v1), and a config id routing to a cheap model so calls actually flow./metrics each step, ramping until p95 crosses your SLO, event-loop lag climbs, or errors rise. Air-gapped gateway? Run the probe locally and use Supply it.Recommended topology
“{{ disconnectLabel }}” will be removed and its stored credentials destroyed. You can reconnect it later.