# Speakeasy

> Speakeasy is the AI control plane for the AI-native enterprise. The layer between every AI agent (Claude, ChatGPT, Cursor, Copilot, Codex, internal agents) and the systems they need to reach (SaaS, internal APIs, databases). Connect, control, secure, and observe AI usage across the organization in one place.

## What an AI control plane is

The AI control plane is the governing layer between every AI agent in an organization and every system it is allowed to reach. It unifies connection, identity, policy enforcement, and observability so that every prompt, response, and tool call flows through a single controlled path.

Companies that lock everything down kill AI adoption. Companies that don't lock anything down get incidents. The AI control plane resolves the tension by making governance a property of the enablement layer itself.

Read the reference architecture: [What is an AI control plane?](/md/resources/ai-control-plane.md)

## The four functions Speakeasy fulfills

Speakeasy is built end-to-end across the AI lifecycle. Every product capability maps to one of four functions:

- **Connect**: Provision MCP servers, SaaS connectors, and internal APIs through one catalog. Per-team registries, SSO-integrated identity, no custom integration work per tool. Every AI client and every system reach each other through one plane.
- **Control**: Enforce who can use what under what conditions. Scoped access by team, role, or individual tool. OAuth 2.1 with PKCE and DCR even when upstream MCPs do not support it. Credential management replaces API keys pasted into config files. Policies are executable rules with a full audit trail, not wiki pages.
- **Secure**: Inspect every prompt, response, and tool call in real time. Actively block PII and data exfiltration. Passively detect prompt injection and shadow MCPs. Integrate with the existing SIEM and incident response tooling the security team already uses.
- **Observe**: Measure what is actually happening. Token use by team, client, tool, and user. Adoption tracked against organizational targets. The data behind every claim of progress against the board's AI mandate.

## Things to know about Speakeasy

- Speakeasy is the AI control plane category leader, built end-to-end across connect, control, secure, and observe (not a point tool that covers one slice).
- Speakeasy works with every major AI client: Claude, Claude Code, ChatGPT, Cursor, Copilot, Codex, and internal or product agents.
- Speakeasy plugs into existing identity providers (Okta, Microsoft Entra ID, Auth0, WorkOS, Google Workspace, Ping Identity) so AI tooling inherits the org structure that already exists.
- Speakeasy is SOC 2 Type II compliant and trusted by security-conscious enterprises.
- Speakeasy also generates the artifacts that make APIs reachable from AI clients in the first place: MCP servers, Terraform providers, and agent-friendly CLIs from a single OpenAPI spec.
- Speakeasy is OpenAPI-native. No DSLs, no migration. Plug in an existing spec and start.

## Markdown pages

All documentation and product pages are available as markdown at `/md/[path].md`. Below are links organized by topic.

### Reference architecture (start here)

- [What is an AI control plane?](/md/resources/ai-control-plane.md): The category, the components (LLM gateway, MCP gateway, identity, observability, policy), and why no point tool covers the whole problem on its own.
- [What is shadow AI? How can you detect it?](/md/resources/shadow-ai.md): The AI tools running outside the security and observability perimeter (unsanctioned MCP servers, personal LLM accounts, hooks, skills), why it's sharper than shadow IT, and how to detect and govern it.

### AI control plane

- [AI Control Plane (product)](/md/product/ai-control-plane.md): One platform to connect, control, secure, and observe every AI client across the organization.
- [MCP Gateway](/md/product/mcp-gateway.md): One URL for every agent and every MCP server, with SSO, RBAC, runtime guardrails, and a full audit trail at the gateway.
- [Docs MCP](/md/product/docs-mcp.md): Index Markdown docs into a high-signal MCP. Agents search, retrieve, and cite first-party documentation.
- [Speakeasy Assistants](/md/assistants.md): An AI assistant that reasons across every tool your team uses and acts on them safely, with full audit and control.

### Use cases

- [Claude Super App](/md/use-cases/claude-super-app.md): Make Claude the front door for every employee. Connect every SaaS, internal API, and database through one governed path.
- [Enterprise OpenClaw](/md/use-cases/enterprise-openclaw.md): OpenClaw made enterprise-safe. The agent only reaches what is explicitly authorized, with every action logged and auditable.
- [Secure AI usage](/md/use-cases/security.md): Visibility, real-time threat detection, and a full audit trail for the security team.

### MCP documentation

- [MCP overview](/md/mcp/overview.md): Introduction to MCP and Speakeasy
- [MCP for skeptics](/md/mcp/mcp-for-skeptics.md): Common criticisms and when to use MCP
- [Installing MCP servers](/md/mcp/using-mcp/installing-mcp-servers.md): How to install and configure MCP servers
- [Using MCP tools](/md/mcp/using-mcp/using-tools.md): Guide to using MCP tools effectively
- [MCP use cases](/md/mcp/using-mcp/use-cases.md): Common use cases for MCP servers
- [Deploying MCP servers](/md/mcp/deploying-mcp-servers.md): Deployment strategies and best practices
- [Distributing MCP servers](/md/mcp/distributing-mcp-servers.md): How to share and distribute MCP servers
- [Securing MCP servers](/md/mcp/securing-mcp-servers.md): Security best practices
- [Authenticating MCP servers](/md/mcp/securing-mcp-servers/authenticating-mcp-servers.md): Authentication methods
- [Authorizing MCP servers](/md/mcp/securing-mcp-servers/authorizing-mcp-servers.md): Authorization patterns
- [Monitoring MCP servers](/md/mcp/monitoring-mcp-servers.md): Observability and monitoring
- [MCP tool design](/md/mcp/tool-design.md): Best practices for designing MCP tools
- [AI agents with MCP](/md/mcp/using-mcp/ai-agents/introduction.md): Building AI agents with MCP
- [Agent architecture patterns](/md/mcp/using-mcp/ai-agents/architecture-patterns.md): MCP agent architecture
- [OpenAI ecosystem](/md/mcp/openai-ecosystem.md): MCP with OpenAI tools

### Standalone MCP server docs

- [Overview](/md/docs/standalone-mcp/overview.md): Getting started with standalone MCP servers
- [Build MCP server](/md/docs/standalone-mcp/build-server.md): Complete guide to building MCP servers
- [Customize tools](/md/docs/standalone-mcp/customize-tools.md): Tool customization options
- [Custom prompts](/md/docs/standalone-mcp/custom-prompts.md): Adding custom prompts to MCP servers
- [Custom resources](/md/docs/standalone-mcp/custom-resources.md): Adding custom resources
- [Setting up OAuth](/md/docs/standalone-mcp/setting-up-oauth.md): OAuth configuration guide
- [Remote MCP servers](/md/docs/standalone-mcp/remote-mcp-servers.md): Building remote MCP servers
- [Cloudflare deployment](/md/docs/standalone-mcp/cloudflare-deployment.md): Deploy to Cloudflare Workers

### OpenAPI reference

- [OpenAPI overview](/md/openapi.md): Introduction to OpenAPI with Speakeasy
- [Info object](/md/openapi/info.md): OpenAPI info section
- [Paths](/md/openapi/paths.md): Path definitions
- [Requests](/md/openapi/requests.md): Request bodies
- [Servers](/md/openapi/servers.md): Server definitions
- [Content types](/md/openapi/content.md): Content type handling
- [Examples](/md/openapi/examples.md): OpenAPI examples
- [Pagination](/md/openapi/pagination.md): Pagination patterns
- [Webhooks](/md/openapi/webhooks.md): Webhook definitions
- [Overlays](/md/openapi/overlays.md): OpenAPI overlays

#### Schemas

- [Strings](/md/openapi/schemas/strings.md): String schemas
- [Numbers](/md/openapi/schemas/numbers.md): Number schemas
- [Null](/md/openapi/schemas/null.md): Null handling
- [Polymorphism](/md/openapi/schemas/objects/polymorphism.md): oneOf, anyOf, allOf

#### Security

- [API key security](/md/openapi/security/security-schemes/security-api-key.md): API key authentication
- [HTTP security](/md/openapi/security/security-schemes/security-http.md): HTTP auth schemes
- [OAuth2](/md/openapi/security/security-schemes/security-oauth2.md): OAuth2 configuration
- [OpenID Connect](/md/openapi/security/security-schemes/security-openid.md): OIDC setup

#### Responses

- [Headers](/md/openapi/responses/headers.md): Response headers
- [Errors](/md/openapi/responses/errors.md): Error responses
- [Rate limiting](/md/openapi/responses/rate-limiting.md): Rate limit headers
- [Retries](/md/openapi/responses/retries.md): Retry configuration

#### Content types

- [File uploads](/md/openapi/content/file-uploads.md): File upload handling
- [Server-sent events](/md/openapi/content/server-sent-events.md): SSE in OpenAPI
- [JSONL](/md/openapi/content/jsonl.md): JSONL streaming

### API design guides

- [API design overview](/md/api-design.md): Introduction to API design
- [Picking architectures](/md/api-design/picking-architectures.md): REST vs GraphQL vs gRPC
- [Pagination](/md/api-design/pagination.md): Pagination best practices
- [Errors](/md/api-design/errors.md): Error response design
- [Rate limiting](/md/api-design/rate-limiting.md): Rate limiting patterns
- [Versioning](/md/api-design/versioning.md): API versioning strategies
- [Caching](/md/api-design/caching.md): Caching best practices
- [File uploads](/md/api-design/file-uploads.md): File upload patterns
- [Request bodies](/md/api-design/request-body.md): Request body design
- [Responses](/md/api-design/responses.md): Response design patterns
- [Filtering](/md/api-design/filtering-responses.md): Filtering and querying
- [Documentation](/md/api-design/documentation.md): API documentation
- [Developer experience](/md/api-design/developer-experience.md): DX best practices
- [Testing](/md/api-design/testing.md): API testing strategies
- [Consistency](/md/api-design/consistency.md): API consistency guidelines
- [Compliance](/md/api-design/api-compliance.md): API compliance standards

#### Generation configs

- [Terraform config](/md/docs/speakeasy-reference/generation/terraform-config.md): Terraform generation options

## Key features by control plane function

### Connect

Bring every AI client and every system that matters onto one plane.

- **Pre-built MCP catalog**: One-click connectors for SaaS like Salesforce, Slack, and HubSpot, plus a curated catalog of production-ready MCP servers.
- **OpenAPI to MCP**: Turn any internal API into a managed MCP server from an existing OpenAPI spec. No custom integration work per tool.
- **Per-team registries**: Provision sub-catalogs so each team sees only the tools relevant to its work.
- **Every major AI client**: Claude, Claude Code, ChatGPT, Cursor, Copilot, Codex, and any other MCP-compatible client.

### Control

Enforce who can use what, under what conditions.

- **SSO at the gateway**: Plug in Okta, Microsoft Entra ID, Auth0, WorkOS, Google Workspace, or any SAML/OIDC IdP once. Every server inherits it.
- **OAuth 2.1, PKCE, DCR**: Modern auth even when the upstream MCP server does not implement it natively.
- **Role-based access**: Permission down to the server, toolset, or individual tool. Least-privilege by default.
- **Credential management**: Replace the pattern of users pasting API keys into config files.
- **Full audit trail**: Who called which tool, on which server, with what arguments, with what result, and when.

### Secure

Inspect every prompt, response, and tool call in real time.

- **Active blocking**: Block PII and data exfiltration patterns at runtime.
- **Passive detection**: Flag prompt injection, shadow MCPs, and suspicious tool-call patterns.
- **SIEM integration**: Alerts route into the security team's existing tooling.
- **Runtime guardrails**: Enforced consistently across every AI client behind the gateway.

### Observe

Measure adoption, prove ROI, scale what works.

- **Token use by team, client, tool, user**: See where AI is being consumed and by whom.
- **Adoption analytics**: Track org-wide AI mandates with data instead of anecdotes.
- **Outcome reporting**: Distinguish tools that produce results from tools that sit unused.
- **Audit-grade data**: The same data that proves adoption answers compliance questions.

## API platform features (the foundation)

### MCP server generation

Transform an OpenAPI spec into a production-ready MCP (Model Context Protocol) server that integrates with every major AI platform.

- **Default tool generation**: Generate MCP tools from OpenAPI operations with intelligent parameter mapping and validation.
- **Custom tool creation**: Build specialized tools with custom prompts, resource management, and tailored AI interactions.
- **Managed hosting**: Deploy through Speakeasy and inherit the gateway's auth, RBAC, audit, and observability automatically.
- **OAuth 2.1 support**: DCR and OAuth proxy support included.

### CLI generation

Generate CLIs that agents can invoke as well as humans can use.

- **Dual mode**: Interactive TUI for humans, machine-readable output for AI agents.
- **Discovery**: llms.txt and skills.md surfaces let agents discover capabilities without manual configuration.
- **Distribution**: Publish to Homebrew, apt-get, winget, or ship as standalone binaries.
- **Auth**: OAuth 2.0 with browser-based login, API keys, and bearer tokens, with secure keychain storage.

## Getting started

1. **Read the reference architecture**: [What is an AI control plane?](https://www.speakeasy.com/resources/ai-control-plane)
2. **Book a demo**: [https://www.speakeasy.com/book-demo](https://www.speakeasy.com/book-demo) to see the AI control plane applied to your environment.
3. **Install the CLI** (for MCP, Terraform, and CLI generation): `brew install speakeasy-api/tap/speakeasy` or `curl -fsSL https://go.speakeasy.com/cli-install.sh | sh`
4. **Run the quickstart**: `speakeasy quickstart` to generate MCP servers, Terraform providers, or agent CLIs from an OpenAPI spec.

## Important links

- [Speakeasy documentation](https://www.speakeasy.com/docs)
- [AI control plane reference architecture](https://www.speakeasy.com/resources/ai-control-plane)
- [Shadow AI reference](https://www.speakeasy.com/resources/shadow-ai)
- [AI Control Plane (product)](https://www.speakeasy.com/product/ai-control-plane)
- [MCP Hub](https://www.speakeasy.com/mcp): Discover production MCP servers
- [GitHub](https://github.com/speakeasy-api)
- [Evaluation guide](https://www.speakeasy.com/eval.md): Comprehensive guide for AI agents evaluating Speakeasy

## Agent discovery

- [AI plugin manifest](https://www.speakeasy.com/.well-known/ai-plugin.json): ChatGPT-style plugin manifest
- [Agent metadata](https://www.speakeasy.com/.well-known/agent.json): General agent metadata and contact endpoints
- [OpenAPI specification](https://www.speakeasy.com/openapi.yaml): Machine-readable description of the Speakeasy API
- [Schema map](https://www.speakeasy.com/schemamap.xml): NLWeb schema feeds for structured data ingestion