Introduction

DOCUMENTATION

Gatekept is an agent governance infrastructure layer. It is a developer SDK and dashboard that sits between your AI agents and the real world.

Before any agent executes a sensitive action, moving money, deleting data, pushing code, sending bulk communications, Gatekept intercepts it. It evaluates the action against your policy rules and returns one of three verdicts: Allow, Block, or Escalate. Every decision is logged for audit.

You add one import and wrap any agent action with gk.gate(). From that point, every attempt at that action is checked against your live policy in under 200ms.

In one sentence

Gatekept is the control point and audit trail for everything your AI agents do.

THE PROBLEM

AI agents are being deployed into production systems fast. They book meetings, execute payments, push code, access customer records, and send communications, autonomously.

The people responsible for those actions have no control point and no record:

CFOs are accountable for spend an agent can trigger, with no approval gate.
Compliance officers cannot answer what controls exist over agent behaviour.
Engineering leads have no log of what an agent did, why, or who approved it.

When something goes wrong, there is no record to reconstruct. Regulators are already asking questions. Most companies have no answer. Gatekept is that answer.

HOW IT WORKS

The flow is the same for every action, in three steps.

Intercept. You wrap an agent action with gk.gate(). When the agent tries to run it, control passes to Gatekept first.
Evaluate. Gatekept checks the action and its payload against your live policy rules in under 200ms. Rules update without a redeploy.
Decide and log. Gatekept returns Allow, Block, or Escalate. The action proceeds, stops, or waits for a human. The full decision is written to the audit log.

Latency

A verdict returns in under 200ms. Allowed actions feel instant to the agent. Blocked actions never execute.

THE THREE VERDICTS

Every call to gk.gate() resolves to exactly one of three outcomes.

Allow

Action is within bounds. It proceeds instantly. The verdict is logged.

Block

Action crosses a hard limit. Execution is stopped. The agent receives a blocked result.

Escalate

Action needs a human. A ticket routes to the right person. The action waits for approval.

In code, an allowed action returns and execution continues. A blocked action raises a GatekeptBlocked exception. An escalated action pauses until a human approves or denies, then resolves to allow or block.

Get started

INSTALLATION

Early access

The published packages are coming soon. Until then, clone the repository to run the SDK locally with the in-memory engine.

Coming soon

At launch, install the SDK for your language. Python and TypeScript are supported.

Pythonpip · coming soon

pip install gatekept

TypeScript / Nodenpm · coming soon

npm install gatekept

Try it now

Clone the repo and run the example against the local engine. No account needed.

Python

git clone https://github.com/GateKeptAI/GateKept.git
cd GateKept/sdk/python
python examples/payment_agent.py

Set your key

When the hosted service launches, authenticate with your project key. Store it as an environment variable, never in source.

.env

GATEKEPT_API_KEY=gk_live_xxxxxxxxxxxxx

QUICKSTART

Wrap a sensitive action in three lines. Here a payment agent is gated before funds move.

payment_agent.pyPython

import gatekept as gk

def process_payment(amount, recipient):
    # Gatekept evaluates before the action runs
    gk.gate("transfer_funds", {
        "amount": amount,
        "recipient": recipient,
    })

    # Only reached if the verdict was Allow
    transfer_funds(amount, recipient)

If the amount is within policy, the gate returns and the transfer runs. If it crosses a threshold, the gate either blocks (raising an exception) or escalates (pausing for human approval).

Reading the verdict

If you want the verdict object instead of an exception, capture the return value.

Python

verdict = gk.gate("transfer_funds", {"amount": amount},
                  raise_on_block=False)

if verdict.allowed:
    transfer_funds(amount, recipient)
else:
    log.warning(f"Blocked: {verdict.reason}")

TYPESCRIPT

The TypeScript SDK mirrors the Python API. gate() is async and resolves to a verdict.

paymentAgent.tsTypeScript

import { gate } from "gatekept";

async function processPayment(amount: number, recipient: string) {
  const verdict = await gate("transfer_funds", {
    amount,
    recipient,
  });

  if (verdict.allowed) {
    await transferFunds(amount, recipient);
  }
}

Core concepts

POLICY RULES

A policy is a set of rules. Each rule looks at a field in the action payload and, when a condition is met, returns Block or Escalate. If no rule fires, the action is allowed.

Rules are written in plain code or in the dashboard. Your compliance officer defines the intent. Your developer implements it. Rules take effect on the next verdict, with no redeploy.

Example policy

policy.pyPython

from gatekept import Policy, rule

policy = Policy([
    # Large payments need CFO sign-off
    rule("transfer_funds", when="amount > 25000",
         verdict="escalate", to="cfo"),

    # Big PII exports are never allowed
    rule("export_records", when="pii_rows > 10000",
         verdict="block"),

    # Off-hours production deploys need review
    rule("deploy", when="env == 'production' and not in_window()",
         verdict="escalate", to="eng_lead"),
])

Rule anatomy

Field	Meaning
action	The gated action this rule applies to.
when	A condition over the payload. If true, the rule fires.
verdict	block or escalate.
to	Who the escalation routes to. Ignored for block rules.

Rule order

Rules are evaluated top to bottom. The first rule that fires decides the verdict. Put the strictest rules first.

ESCALATION

When a rule returns Escalate, Gatekept creates a ticket and routes it to the human named in the rule, via Slack, Microsoft Teams, or email. The action pauses until they respond.

The approver sees everything they need to decide:

The action and its full payload.
The exact policy rule that triggered the escalation.
The identity of the agent that attempted the action.
One control to approve or deny.

On approval, the gate resolves to Allow and the action runs. On denial, it resolves to Block. Either way, the decision and the approver are written to the audit log.

Routing

Python

rule("transfer_funds", when="amount > 25000",
     verdict="escalate",
     to="cfo",
     channel="slack",
     timeout=3600)  # auto-block after 1 hour

AUDIT LOG

Every verdict is written to an immutable audit log. Months or years later, you can reconstruct exactly what happened.

Each entry records:

Field	Description
timestamp	When the verdict was issued.
agent_id	Which agent attempted the action.
action	The gated action name.
payload	The full action arguments.
verdict	allow / block / escalate.
rule	The policy rule that decided the verdict.
approver	For escalations, who approved or denied.
hash	Tamper-evident hash chained to the prior entry.

The Gold tier exports the log in compliance-ready formats for SOC2 and ISO27001 reviews.

Try it

The live demo shows the audit log filling in real time as you fire actions through the engine.

FRAMEWORKS

Gatekept works with the major agent frameworks and with raw API agents. The integration is the same: wrap the action, get a verdict.

Framework	Integration
LangChain	Wrap tool calls with `gk.gate()` or use the Gatekept tool wrapper.
CrewAI	Gate any agent task before it executes.
AutoGen	Gate function calls inside agent conversations.
Raw API agents	Call `gk.gate()` directly before any side effect.

LangChain example

PythonLangChain

from gatekept import gated_tool

@gated_tool("send_email")
def send_email(to, subject, body):
    # Gated automatically before each call
    mailer.send(to, subject, body)

Reference

SDK REFERENCE

gk.gate(action, payload, **options)

The core function. Evaluates an action against the active policy and returns a verdict.

Parameter	Type	Description
action	str	Name of the action being gated.
payload	dict	The action arguments policy rules read.
raise_on_block	bool	If true (default), a block raises an exception.
timeout	int	Seconds to wait on an escalation before auto-blocking.

Verdict object

Property	Description
.allowed	True if the action may proceed.
.verdict	One of `allow`, `block`, `escalate`.
.reason	Human-readable explanation of the decision.
.rule	The rule that fired, or none.
.log_id	The audit log entry id for this verdict.

ERROR HANDLING

When raise_on_block is true, a blocked action raises GatekeptBlocked. Catch it to handle the case gracefully.

Python

from gatekept import gate, GatekeptBlocked

try:
    gate("transfer_funds", {"amount": amount})
    transfer_funds(amount, recipient)
except GatekeptBlocked as e:
    # e.reason explains which rule blocked it
    notify_user(f"Payment blocked: {e.reason}")

Fail mode

If Gatekept is unreachable, the SDK defaults to fail-closed: actions are blocked rather than allowed through unchecked. You can set fail-open per environment if you prefer availability over strictness.

FAQ

Does it slow my agent down?

A verdict returns in under 200ms. Allowed actions, the common case, pass through with negligible delay.

Where do policy rules live?

In code, in the dashboard, or both. Dashboard changes take effect on the next verdict with no redeploy.

What happens to an escalated action while it waits?

The gate pauses until a human responds or the timeout elapses. On timeout the action is blocked by default.

Is the audit log tamper-proof?

Each entry is chained to the prior one with a hash, so any change to history is detectable. The Gold tier adds compliance-ready exports.

How does pricing work?

You pay per verdict. The Bronze tier is free and covers 1,000 verdicts a month. Silver and Gold are unlocked with the Gatekept token; pricing will be announced at token launch. See pricing.

Can I try it without integrating?

Yes. The live demo runs the evaluation logic in your browser. Add rules, fire actions, watch the verdicts.