Warded Identity Access Gateway
Protect AI Agent management surfaces with an identity-aware HTTPS ingress.
Warded gives OpenClaw Control UI, Hermes Agent Dashboard, and similar tools a protected HTTPS entrypoint with browser login, Ingress Access Tokens, TLS termination, and a local reverse proxy.
Product model
- An Ingress is one Organization-owned protection boundary.
- One Ingress maps to one domain and one local upstream port.
- An Ingress consumes Organization quota; pricing and subscriptions belong to the Organization plan.
- A Node is the enrolled machine that creates and runs the Ingress runtime.
Warded is not a tunnel, NAT traversal service, traffic relay, or general multi-service API gateway. Customer traffic goes directly to the Warded process on your server.
Direct creation
The machine is enrolled once, then the CLI creates the Ingress directly:
warded node enroll
warded ingress new --commit
warded ingress proxy runThere is no draft, browser claim, trial activation, or per-Ingress purchase step.