EU AI Act Article 12 · Record-Keeping

Every AI action.Gated. Signed. Auditable.

Gate is an AI action firewall that intercepts every tool call your agents make, checks it against policy, routes sensitive actions to humans via Slack, and signs everything with tamper-evident HMAC-SHA256 chains.

View on GitHub See How It Works

How It Works

Four steps. Every action covered.

Gate sits between your AI agent and the outside world. Nothing gets through without being checked, approved, and signed.

Intercept

Agent sends an action (email, API call, file write) to Gate's proxy endpoint.

→

Evaluate

Policy engine checks the action against rules: auto-allow, require approval, or block.

→

Approve

Sensitive actions go to Slack with Approve/Reject buttons. Humans stay in control.

→

Sign

Every event gets HMAC-SHA256 signed and chained. Tamper with one, break the whole chain.

Live Demo

See it in action

A recruiting AI agent tries to send an email, delete a record, and search a database. Gate handles each differently.

python3 demo.py

# Agent tries to search candidates (low risk)
POST /actions tool: search_candidates
✓ AUTO-ALLOWED — matched rule: allow-read-only

# Agent tries to send an email (needs approval)
POST /actions tool: send_email
● PENDING APPROVAL — sent to #ai-approvals on Slack
✓ APPROVED by jason via Slack (12s)

# Agent tries to delete a record (blocked by policy)
POST /actions tool: delete_record
✗ BLOCKED — matched rule: block-delete

# Verify the audit chain
GET /verify
✓ Chain intact — 3 events, 0 tampered, HMAC-SHA256

Human-in-the-Loop

Approvals land in Slack

When an agent tries something sensitive, Gate doesn't just log it. It pauses the action and sends a rich message to your Slack channel with full context: what agent, what action, what payload.

Your team clicks Approve or Reject. The decision is recorded in the tamper-evident chain. Regulators can verify that a human was in the loop.

Article 14 — Human Oversight

# ai-approvals

Gate 11:42 AM

Action requires approval

Agent

recruiting-agent-v2

Action

send_email

[email protected]

Capabilities

Built for compliance. Ready for production.

Everything you need to prove your AI agents are governed, auditable, and human-supervised.

🔒

HMAC-SHA256 Audit Chains

Every event is cryptographically signed and chained to the previous one. Tamper with a single entry and the entire chain breaks. Regulators can mathematically verify integrity.

Article 12

⚠️

Policy Engine

YAML-configured rules that classify every action: auto-allow safe reads, require approval for writes, block destructive operations. First-match-wins with rate limiting.

Article 9

🔔

Slack Approvals

Rich Block Kit messages with agent name, action type, full payload, and one-click Approve/Reject buttons. Every decision timestamped and signed into the chain.

Article 14

📊

Compliance Reports

Generate HTML, Markdown, or JSON reports with executive summary, action breakdown, human oversight stats, anomaly detection, and chain integrity verification.

Article 11

🚫

Anomaly Detection

Flags off-hours activity, unusual block rates, high rejection rates, and volume spikes. Surfaces patterns that indicate agents operating outside expected bounds.

Article 15

⚡

FastAPI Proxy

High-performance async proxy that sits in front of any AI agent. REST API with full CRUD on events, verification endpoints, and Slack webhook integration.

Framework Agnostic

Get Started

Running in 60 seconds

Clone, configure, run. Gate works with any AI agent that makes HTTP calls.

terminal

# Clone and install
$ git clone https://github.com/airblackbox/air-gate.git
$ cd air-gate
$ pip install -r requirements.txt

# Configure (optional: add Slack webhook for approvals)
$ cp .env.example .env
$ # edit .env with your SLACK_WEBHOOK_URL

# Start the Gate proxy
$ uvicorn gate.proxy:app --reload
INFO: Uvicorn running on http://127.0.0.1:8000

# Point your agent's API calls at Gate
$ curl -X POST http://localhost:8000/actions \
-H "Content-Type: application/json" \
-d '{"agent_id": "my-agent", "action_type": "tool_call", "tool_name": "send_email"}'