Zero Trust Networking for AI

Hanzo ZT - Zero Trust
Overlay Networking

Zero-trust overlay networking with ZAP transport. NAT traversal, mTLS encryption, billing enforcement. SDKs for Rust, Go, TypeScript, Python, C++, and C.

Get StartedView on GitHub
architecture
App --> ZAP Client --> ZT Transport --> ZT Fabric --> ZT Service
            |                        |
      Cap'n Proto RPC         x509 mTLS overlay
      (zero-copy binary)      (NAT traversal built-in)

Hanzo ZT provides zero-trust networking with built-in billing enforcement and mTLS encryption for every connection.

Zero Trust Architecture

  • x509 mTLS overlay network with certificate pinning
  • NAT traversal built-in, no open ports required
  • Identity-first connections, never trust the network
  • Controller-managed certificate lifecycle and rotation

ZAP Transport

Cap'n Proto RPC over ZT fabric with 4-byte length-prefix framing and zero-copy message passing for maximum throughput.

// ZAP over ZT transport
let transport = ZtTransport::new(
    zt_network_id,
    zt_node_id,
    ZtConfig { mTLS: true }
)?;
let client = ZapClient::connect(transport)?;

Hanzo IAM Auth

JWT authentication via hanzo.id with external JWT auth support through the ZT controller.

hanzo.id JWT

Native auth

External JWT

BYO identity

mTLS certs

Mutual auth

API keys

Service-to-service

Billing Enforcement

No free tier. Balance check before dial, usage recording after every session. Built into the transport layer.

// Billing is enforced at the transport layer
// 1. Check balance before connection
// 2. Meter bytes transferred
// 3. Record usage after session close
dial -> balance_check -> connect -> meter -> close -> record

6 Language SDKs

🦀Rust🐹Go📜TypeScript🐍PythonC++🔧C

MCP + ZAP Integration

ZAP transport trait implementation with zt:// URL scheme and seamless gateway integration.

// Connect via ZT URL scheme
let client = mcp::connect("zt://network-id/node-id")?;

// ZAP transport is automatic
let tools = client.list_tools().await?;

ZT Controller

Centralized network management with decentralized data plane. Manage identities, networks, and policies.

  • Network provisioning and membership
  • Certificate authority and rotation
  • Policy-based access control
  • Usage metering and billing hooks

Quick Start

Rust

cargo add hanzo-zt

Go

go get github.com/hanzozt/sdk-golang

TypeScript

npm install @hanzo/zt

Python

pip install hanzo-zt

C++

# CMakeLists.txt
FetchContent_Declare(
  hanzo_zt
  GIT_REPOSITORY
    github.com/hanzozt/zt-sdk-cpp
  GIT_TAG main
)

C

# Link with ZT libraries
cc -o app app.c -lzt -lzt_zap

Ready to Build?

Secure your AI infrastructure with zero-trust networking. Hanzo ZT provides the overlay network, authentication, and billing enforcement your services need.

Read the DocsGitHub