Skip to main content

spectral-bridge

spectral-bridge connects private AI systems to external testing and evaluation platforms in a secure way, over a single outbound connection, without exposing them to the internet or requiring firewall and VPN changes.

spectral-bridge on GitHubView the source code and contribute.

The problem

Testing platforms need to send requests to AI systems, but private AI systems can't receive them from the outside. The usual fixes all have real costs:

  • Opening inbound firewall rules requires a security review and creates a permanent attack surface.
  • Granting VPN access to a third party means sharing credentials to your whole network, not just the AI system.
  • Deploying a public proxy means standing up and securing new infrastructure for every platform you want to use.
  • Skipping external evaluation entirely means flying blind on safety, capability, and regression testing.

How spectral-bridge works

spectral-bridge defines an open protocol that testing platforms can adopt to let users safely connect their AI system to their infrastructure. It is built around three core components, relay server, relay client, and adapter, that interplay as follows:

spectral-bridge architecture diagram

On the right side of the diagram sits the AI team's network. The AI system to be tested runs there, unreachable from the outside. On a local device (e.g., a server, a developer laptop), a member of the AI team spins up two processes:

  • a relay client that opens a single outbound WebSocket connection to the relay server on the left, hosted and operated by the testing platform
  • an adapter that translates the relay client's requests into calls the AI system understands, regardless of its interface.

When the platform's testing services send a request, the relay server forwards it down the WebSocket to the relay client. The relay client hands it to the adapter, which calls the AI system. The response travels back the same path.

The AI team runs and controls both the spectral-bridge client and the adapter. The testing platform runs and controls the relay server. Neither side needs access to the other's infrastructure.

Get started