Gate is a pre-execution policy engine with bilateral receipts. Covenants declare what's allowed. Ed25519 signatures prove what happened. Every action is authorized, executed, sealed, and chained into a tamper-evident audit trail.
Gate sits between your agent and the actions it takes. Nothing executes without a covenant check, a signed authorization, and a sealed result.
YAML policy declares permit, forbid, and require_approval rules before the agent runs.
→Agent requests an action. Gate evaluates the covenant and signs an authorization receipt.
→If authorized, the action runs. If require_approval, a human callback decides first.
→Execution result is hashed and sealed into the receipt with a second Ed25519 signature.
→The sealed receipt is chained into the HMAC-SHA256 audit trail. Tamper-evident from here.
A covenant is a YAML file that declares exactly what an agent is allowed to do. Three rule types: permit, forbid, and require_approval. Add conditions with when and unless clauses.
The covenant is SHA-256 hashed, and that hash is embedded in every receipt. Change a single rule, and every subsequent receipt carries a different covenant hash. An auditor can verify exactly which policy was active for any action.
Phase 1 (Authorization): Gate checks the covenant, makes a decision, and signs the authorization with Ed25519. The payload is SHA-256 hashed - raw data never enters the receipt.
Phase 2 (Seal): After execution, the result is hashed and sealed into the same receipt with a second signature. The seal covers the authorization signature, so the entire lifecycle is cryptographically bound.
A third party can verify any receipt with just the public key. No shared secret needed. Non-repudiation built in.
Load a covenant. Authorize actions. Seal results. Verify receipts. All in standard Python.
When an orchestrator delegates to a sub-agent, the child's receipt links back to the parent via parent_receipt_id. Walk the chain from any receipt back to the root authorization.
Every receipt in the chain is independently verifiable. If a child agent misbehaves, the delegation chain shows exactly who authorized what, and when.
Pre-execution policy, cryptographic proof, human oversight, and audit-ready record-keeping in one library.
Asymmetric signing with Ed25519 for non-repudiation. Third parties verify receipts with just the public key. HMAC-SHA256 fallback when cryptography isn't installed.
YAML-based policy with permit, forbid, and require_approval rules. Supports conditional logic with when and unless clauses. SHA-256 hashed for integrity.
Two-phase proof: authorization decision + execution result in a single cryptographically bound record. Seal covers auth, auth covers covenant.
Every receipt is chained into an HMAC-SHA256 audit trail. Tamper with one record, break every record after it. Cryptographically verifiable integrity.
When a covenant rule says require_approval, Gate pauses and calls your callback. Slack, email, CLI prompt - you decide the interface. Decision is signed into the receipt.
Multi-agent workflows produce linked receipt chains. Walk from any child receipt back to the root authorization. Every hop independently verifiable.
Install from PyPI. Write a covenant. Gate your first action.
Every AI agent action should be policy-checked, signed, and audit-ready. Gate makes it happen with one import.