Every request makes its case.
Policy decides in real time.
D3 Edge runs autonomous agents at your traffic’s first hop — reading intent, checking policy, and acting in milliseconds. No queue, no ticket, no human in the loop.
watching live · checkout-abuse.policy · region: iad1
Four steps, no waiting room.
Every request passes through the same sequence, whether it’s cleared in an instant or held up for a closer look.
Traffic lands at the edge
Every request arrives at the nearest node already carrying its context — origin, headers, history, behavior. Nothing waits for a round trip to origin.
An agent reads it against policy
Not a static rule table. A running agent interprets your policy against this specific request, in light of what it's seen in the last few seconds.
The agent reaches a verdict
Allow, throttle, reroute, or block — with a reason attached. Ambiguous cases get judgment, not a default-deny or a shrug.
The verdict executes immediately
Enforcement happens at the same hop, before the request reaches your origin. Your backend only ever sees traffic that was already cleared.
Built for traffic that doesn’t wait.
D3 Edge replaces static allow-lists and brittle rule chains with agents that reason about each request as it arrives.
Agents, not rule tables
Policy is interpreted fresh for every request, so the edge cases that would normally need their own line item just get handled.
Policy as code
Write policy the way you write everything else that matters — reviewed in a pull request, tested against traffic samples, rolled back in seconds.
A full decision trail
Every verdict is logged with the reasoning behind it. When someone asks why a request was blocked, the answer is a query, not a guess.
Runs at the edge, not after it
Decisions happen at the first hop your traffic touches. Your origin only sees what's already been cleared to reach it.
Describe what should happen.
The agent handles when.
Policy reads like the outcome you want, not a list of conditions to keep patching. Agents evaluate it against live signals on every request — nothing here comes from a cached list re-checked on a cron job.
Version it, review it, and roll it back exactly like the rest of your stack.
// re-evaluated on every request, never cached
policy "checkout-abuse" {
when traffic.path startswith "/checkout"
and agent.signal("velocity") > baseline * 4
then throttle(rate: "10/min", reason: "velocity spike")
else allow()
}Put an agent between your traffic and your risk.
Setup takes an afternoon. The first policy can watch, before it ever blocks.