Enforcement Gates
Policy enforcement at every access point
A gate sits between an agent and a protected resource. It verifies identity, checks permissions against a published catalog, evaluates constraints, and makes a real-time enforcement decision — all before the action executes.
API Gateways Weren't Built for Agents
API gateways enforce rate limits and auth tokens, but they can't answer the questions that matter for autonomous agents: Is this specific agent model authorized? Is it within its spend budget for this task? Does it have permission from its delegating agent? Has its credential been revoked since it started this session?
These are governance questions, not traffic management questions.
Gates Publish What's Allowed — Before Agents Try
Every gate publishes a permission catalog — a versioned, immutable document that describes what permissions exist, what constraints apply, and what trust level is required. Agents can query the catalog before making requests.
When a credential is issued, it's pinned to a specific catalog version. If the gate operator changes policies, existing credentials keep their original terms until re-issued. This is the bait-and-switch prevention mechanism.
Constraint Expressions
Spend limits, rate limits, time windows, domain allowlists, trust tier requirements, approval thresholds — all structured constraints in the catalog. Versioned, signed, pinned to credentials.
Predictive Simulation
Before taking an action, an agent can ask the gate: "Would this be allowed?" Full verification logic in a side-effect-free mode. Returns structured suggestions for how to modify a denied request.
Catalog Version Pinning
Credentials reference a specific catalog snapshot. Policy changes publish a new version. Existing credentials aren’t affected. Migration happens deliberately.
Session Grants
Time-limited, scope-limited tokens for high-throughput scenarios. Skip full credential verification on every call. Performance without sacrificing governance.
Anonymous Access Control
Define what unauthenticated agents can do (read-only, rate-limited) vs. what requires a credential. Machine-readable upgrade hints for agents that need more.
Multi-Gate Credentials
A single agent can hold credentials pinned to multiple gates, each with its own catalog and version pin. Universal constraint vocabulary for cross-gate reasoning.
Related