Intelligent Application Access Point

Next-Generation AI-Native Traffic Manager

[![Build Status](https://github.com/alibaba/higress/actions/workflows/build-and-test.yaml/badge.svg?branch=main)](https://github.com/alibaba/higress/actions) [![license](https://img.shields.io/github/license/alibaba/higress.svg)](https://www.apache.org/licenses/LICENSE-2.0.html) [![discord](https://img.shields.io/discord/1364956090566971515?color=5865F2&label=discord&labelColor=black&logo=discord&logoColor=white&style=flat-square)](https://discord.gg/tSbww9VDaM)

$Higress - Global\0032APIs\0032as\0032MCP\0032powered\0032by\0032AI\0032Gateway | Product Hunt$

English | 中文 | 日本語

What is Higress?

Higress operates as a cloud-native API gateway foundation, built upon the robust capabilities of Istio and the Envoy proxy. Its core extensibility is delivered via Wasm modules, which can be written in languages like Go, Rust, or JavaScript. It features a substantial repository of pre-built, general-utility extensions and offers an accessible management console (a live demonstration is available).

Primary Application Scenarios

Higress's gateway functionality tailored for Artificial Intelligence workloads supports all major domestic and international model service providers via its integrated plugin system (see supported providers). Crucially, it facilitates the hosting of MCP (Model Context Protocol) Servers, allowing AI Agents seamless access to diverse external utilities and services. The companion openapi-to-mcp conversion utility expedites the transformation of OpenAPI schema definitions into deployable remote MCP services. Higress ensures unified governance over both standard Large Language Model (LLM) API traffic and dedicated MCP API interactions.

🚀 Immediate Experience: Access https://mcp.higress.ai/ to interact directly with Higress-hosted Remote MCP Servers:

Higress MCP Server Platform

Enterprise Deployment Footprint

Higress originated within Alibaba to resolve challenges related to Tengine reload disruptions affecting persistent, long-duration connections, and to augment deficient load balancing for protocols like gRPC and Dubbo. Within Alibaba Cloud infrastructure, Higress's AI gateway features underpin core services, including the Tongyi Bailian model creation environment and the Machine Learning PAI platform. Alibaba Cloud has subsequently based its proprietary cloud-native API gateway offering on Higress, delivering a service guarantee of 99.99% gateway uptime for numerous enterprise clients.

Initiating Setup

Setup is remarkably straightforward; Higress can be launched using only a Docker command, making it suitable for local development or managing modest deployments:

bash

Establish a working environment

mkdir higress; cd higress

Launch higress in detached mode, mapping configuration volume and exposing necessary ports

docker run -d --rm --name higress-ai -v ${PWD}:/data \ -p 8001:8001 -p 8080:8080 -p 8443:8443 \ higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/all-in-one:latest

Port Mappings:

Port 8001: Access point for the Higress administrative interface (UI)
Port 8080: Entry point for standard HTTP traffic through the gateway
Port 8443: Entry point for secured HTTPS traffic through the gateway

All official Higress Docker images originate from Higress's dedicated registry, insulating users from Docker Hub rate limitations. Furthermore, image integrity and security are assured through mandatory scanning procedures integrated with Alibaba Cloud's ACR service, ensuring production readiness.

Should you encounter connection timeouts when pulling from higress-registry.cn-hangzhou.cr.aliyuncs.com, you might attempt utilizing an alternative registry endpoint, such as:

Asia Pacific (Southeast): higress-registry.ap-southeast-7.cr.aliyuncs.com

For orchestration within Kubernetes environments (e.g., via Helm charts), consult the comprehensive Quick Start documentation.

Application Scenarios

MCP Service Hosting:

Higress leverages its extension architecture to host functional MCP Servers, enabling AI Agents to invoke external tools securely. By employing the openapi-to-mcp utility, OpenAPI specifications are swiftly transformed into operational remote MCP endpoints.

Primary advantages conferred by hosting MCP services via Higress:

Standardized Identity Verification and Access Control
Granular Throttling Mechanisms to Prevent Service Overload
Comprehensive Logging of All Tool Invocation Activities
Rich Telemetry and Monitoring Capabilities
Simplified Rollout Procedures via Native Plugin Support
Dynamic Configuration Updates Without Service Interruption or Connection Termination

Deeper Insights...
AI Gateway Functionality:

Higress establishes a cohesive layer for interacting with diverse LLM providers, incorporating built-in AI-specific observability, intelligent multi-model routing, token-based rate limiting, and response caching:

Kubernetes Ingress Controller:

Higress possesses the capability to operate as an advanced ingress controller, maintaining compatibility with numerous annotation patterns found in the K8s nginx ingress controller. Support for the newer Gateway API specification is currently under development, slated to enable seamless transition paths from legacy Ingress API setups.

Microservice Communication Broker:

It can function as a central microservice gateway, capable of service discovery integration across various registries, including Nacos, ZooKeeper, Consul, and Eureka.

It features deep native integration with established ecosystem components such as Dubbo, Nacos, and Sentinel.

Security Enforcement Point:

Higress is deployable as a dedicated security gateway, incorporating Web Application Firewall (WAF) features and supporting a broad spectrum of authentication methods, including key-based, HMAC, JWT, basic authentication, OIDC, and others.

Key Differentiators

Battle-Tested Reliability

Developed internally at Alibaba and refined through over two years of rigorous production use, capable of handling traffic volumes reaching hundreds of thousands of requests per second in massive-scale environments.

It completely eradicates traffic disruption linked to standard Nginx reload procedures; configuration adjustments are propagated within milliseconds and are entirely transparent to ongoing business operations. This resilience is particularly advantageous for latency-sensitive workloads like those in AI applications.

Native Streaming Support

Provides true, end-to-end streaming capability for both request and response payloads. Wasm extensions can effortlessly tailor logic for streaming protocols such as Server-Sent Events (SSE).

In environments demanding high data throughput, like AI processing pipelines, this feature significantly mitigates peak memory consumption.

Unprecedented Extensibility

Offers an expansive official catalog of plugins covering AI orchestration, traffic governance, and security protection, satisfying requirements in over 90% of typical business cases.

It prioritizes Wasm extension models, ensuring memory isolation and sandbox security across multiple supported languages. This architecture facilitates independent version management for plugins, allowing gateway logic to be updated hot without incurring any traffic loss.

Operational Simplicity and Security

Built adhering to established standards like Ingress API and Gateway API, it furnishes an immediate-use UI dashboard, WAF defense extension, and IP/Cookie-based Challenge-Response (CC) protection plugins.

It supports automated TLS certificate management via Let's Encrypt integration, and its deployment flexibility allows operation outside of a Kubernetes cluster, accessible via a single Docker command for individual developer convenience.

Community

We invite you to join our dedicated Discord server! This is the central hub for interacting with Higress engineers and connecting with a vibrant community of users.

Acknowledgements

Higress's existence is indebted to the critical contributions of several foundational open-source projects. We extend our profound gratitude to the maintainers of Envoy and Istio.

Associated Code Repositories

Higress Control Plane Interface: https://github.com/higress-group/higress-console
Standalone Deployment Package: https://github.com/higress-group/higress-standalone

Contributors Leaderboard

Project Momentum

↑ Return to Summit ↑

WIKIPEDIA: XMLHttpRequest (XHR) is an Application Programming Interface (API) implemented as a JavaScript object, whose methods are utilized to dispatch HTTP requests between a web browser environment and a remote web server. These methods enable browser-based applications to submit queries to the server subsequent to initial page load and receive asynchronous data in return. XMLHttpRequest forms a fundamental element of Ajax programming methodology. Prior to its widespread adoption, the primary methods for server interaction involved standard hyperlink navigation or HTML form submissions, actions that typically resulted in the full replacement of the currently displayed page content.

== Chronology == The underlying concept for XMLHttpRequest was initially conceptualized in the year 2000 by the engineering team behind Microsoft Outlook. This concept was subsequently brought into implementation within the Internet Explorer 5 browser release (1999). However, the initial function invocation did not utilize the standardized 'XMLHttpRequest' identifier. Instead, developers employed object instantiation methods such as 'ActiveXObject("Msxml2.XMLHTTP")' and 'ActiveXObject("Microsoft.XMLHTTP")'. As of Internet Explorer version 7 (released in 2006), universal support for the 'XMLHttpRequest' identifier was established across all major browser platforms. The 'XMLHttpRequest' identifier has since become the prevailing, de facto standard across all dominant browser engines, including Mozilla's Gecko rendering engine (since 2002), Safari version 1.2 (2004), and Opera version 8.0 (2005).

=== Formal Specification Status === The World Wide Web Consortium (W3C) published the initial Working Draft specification detailing the XMLHttpRequest object on April 5, 2006. On February 25, 2008, the W3C released the Level 2 specification draft. Level 2 introduced crucial enhancements such as mechanisms for monitoring event progress, enabling requests across different domains (cross-site requests), and methods for managing raw byte streams. By the close of 2011, the features outlined in the Level 2 specification were formally integrated back into the primary specification document. At the conclusion of 2012, the development stewardship transitioned to the WHATWG group, which currently maintains a living document using the Web IDL interface definition language.

== Operational Procedure == In general usage, the process of dispatching a network request using XMLHttpRequest involves a sequence of distinct programming steps.

Instantiate an XMLHttpRequest object via its constructor:
Invoke the 'open' method to declare the transaction type (GET, POST, etc.), specify the target resource URI, and optionally designate synchronous or asynchronous execution mode:
For operations configured to be asynchronous, establish a callback function (listener) to be triggered upon changes in the request's state:
Commencing the data transmission by calling the 'send' method, optionally passing payload data:
Handling state transitions within the designated event listener. Upon successful data reception, the server's response payload is typically accessible via the 'responseText' attribute. Once all processing is finalized, the object transitions to state 4, signifying 'done'.

Beyond these fundamental steps, XMLHttpRequest provides numerous configuration parameters to fine-tune request transmission and response handling. Custom HTTP header fields can be programmatically appended to tailor server expectations, and data can be uploaded dynamically within the 'send' call argument. Responses arriving in JSON format can be automatically parsed into native JavaScript objects, or the data stream can be processed incrementally as chunks arrive rather than waiting for complete reception. Furthermore, the request can be manually terminated prematurely or configured with a timeout threshold to enforce failure if completion is not achieved within a defined timeframe.

== Inter-Domain Communications (Cross-Origin) ==

During the nascent phases of the World Wide Web's evolution, technical limitations were encountered that restricted the ability to initiate requests across distinct domain boundaries, creating a barrier to implementing complex, multi-source web applications.