Innovate on AI and API with Envoy®
A community-driven marketplace for Envoy extensions, powered by 
Discover, run, and build custom filters with zero friction.
Get Started
curl -sL https://builtonenvoy.io/install.sh | shThen run your first extension:
boe run --extension example-go --local ./my-extensionDiscover
Discover the community extensions you can start using today.
boe list NAME VERSION TYPE coraza-waf 0.3.0 go ip-restriction 1.2.0 rust
Run
Start Envoy with extensions in a single command.
boe run --extension example-go ✓ Starting Envoy 1.37.0...
Proxy: http://localhost:10000
Admin: http://localhost:9901
Build
Easily bootstrap and create your own extension.
boe create my-extension ./my-extension/Makefile ./my-extension/manifest.yaml ./my-extension/plugin.go
Featured Extensions
A curated collection of extensions to enhance your Envoy deployment
azure-content-safety
Azure AI Content Safety integration for LLM prompt protection and content moderation
bedrock-guardrails
Apply AWS Bedrock Guardrails for LLM prompt protection and content moderation.
cedar-auth
Inline Cedar policy evaluation for HTTP request authorization
chat-completions-decoder
Decodes OpenAI Chat Completion requests and responses and exposes structured metadata for downstream filters
coraza-waf
Web Application Firewall (WAF) for HTTP traffic using Coraza
ip-restriction
IP-based access control using allowlists or denylists
jwe-decrypt
Decrypt JWE tokens and recover the inner JWT for Envoy to process
opa
Inline OPA policy evaluation for HTTP request authorization
openapi-validator
Validate HTTP requests against an OpenAPI specification
saml
SAML 2.0 Service Provider authentication for Envoy HTTP traffic
token-exchange
OAuth2 token exchange for Envoy HTTP traffic
See it in Action
Watch how easy it is to discover, run, and build Envoy extensions
Complete CLI Toolkit
For
Users
Discover
boe list Browse available extensions
Run
boe run --extension name Start Envoy with extensions
Generate Config
boe gen-config --extension name Export Envoy configuration
For
Devs
Scaffold
boe create name Create new extension template
Test Locally
boe run --local ./path Build and run local extensions
Test in Docker
boe run --docker --local ./path Build and run local extensions in Docker
What People Are Saying
To date, writing extensions for Envoy has been a laborious process that involves writing C++ and compiling a fully custom build of the entire proxy. The rise of dynamic modules, and allowing either Go or Rust to be used for extensions, is going to unlock Envoy extensibility to way more people. I'm really excited about the Built on Envoy effort making it super easy for everyone to get started with Envoy extensions and I'm looking forward to using it to build Rust Envoy extensions for use at bitdrift.
Envoy is powerful, but it can be complicated and tricky to configure and extend. Built-on-Envoy makes it extremely easy to extend Envoy using Go and Rust, and the developer experience is simple enough for our non-power users who don't know Envoy's internals.
Envoy has become one of the most high velocity and impactful open source projects in the cloud native ecosystem. When contributing organizations like Tetrate step forward to lower the barriers to adoption, they create pathways for more developers to contribute, that kind of leadership strengthens the entire ecosystem.