agent-network/README.md
Agent Network is NetBird's access control layer for AI agents and the people who run them. It gives every agent a real identity, tied to your identity provider (IdP), and governs what it can reach — the LLM APIs and AI gateways it can call, and the internal resources it can access. Traffic flows only over the encrypted NetBird tunnel, scoped by policy, with no API keys to leak.
Beta. Agent Network is open source and can be self-hosted on your own infrastructure.
Agent Network is built on two existing NetBird capabilities:
LLM traffic is routed through the proxy's identity-aware pipeline, while internal resources (databases, internal APIs, self-hosted models) are reached directly over peer-to-peer WireGuard tunnels, governed by the same identities and access policies.
There is no separate "agent-network" service — it reuses the reverse-proxy and management components:
proxy/ — the NetBird reverse proxy that serves the agent network endpoint
and runs the per-request middleware pipeline.management/internals/modules/reverseproxy/
— the management-side control plane: providers, policies, guardrails, limits, routing,
and usage/access logs.Full documentation, architecture, and quickstart: https://docs.netbird.io/agent-network