Which AIR Blackbox product should I use?

Four open-source projects. All solve AI agent compliance. They sound similar because they share the same HMAC-SHA256 audit chain at the core, but they serve different integration models. Here is the plain-English decision tree.

⚡ 60-Second Decision Tree

My agent is written in Python. I want HMAC audit logs without standing up infrastructure.
→ air-trust
I have agents in multiple languages (Python + Node + Ruby) all hitting the same LLM API, and I need one audit trail for all of them.
→ gateway
My agent calls dangerous tools (file write, database ops, production APIs) and I need a human to approve each call before it executes.
→ air-gate
I want the full stack: air-trust + gateway + air-gate + episode store + policy engine + Jaeger, all pre-wired and running with one command.
→ air-platform
I am just exploring and want to see what compliance evidence looks like.
→ air-trust

If you are still not sure after reading the decision tree, the answer is pip install air-trust. It is the default for a reason.

What each one actually is

Three individual components and one complete stack that packages all of them together. All four share the same HMAC-SHA256 audit chain core. air-trust, gateway, and air-gate are the standalone pieces; air-platform is everything pre-wired.

Python library

air-trust

Import it. Wrap your LLM client. Every call is signed and logged to local SQLite. Zero dependencies.
pip install air-trust
Use when Your agent lives in a Python process. You want the lowest-friction path to a tamper-evident audit trail. You do not want to run extra services.
github.com/airblackbox/air-trust →
HTTP proxy

gateway

A reverse proxy for LLM API calls. Point your client at localhost. Every request is recorded and signed before it reaches OpenAI / Anthropic / etc.
docker run airblackbox/gateway
Use when You have agents in more than one language. You want language-agnostic auditing. You are OK running a separate service alongside your app.
github.com/airblackbox/airblackbox →
Tool approval checkpoint

air-gate

Pauses agents before they execute tool calls and requires a human approval. Same HMAC chain, but it blocks, not just logs.
pip install air-gate
Use when Your agent has access to real-world side effects (file writes, payments, API calls) and "log it after the fact" is not enough. You need prevention, not just evidence.
github.com/airblackbox/air-gate →
The full stack

air-platform

The complete AIR Blackbox stack: air-trust + gateway + air-gate + episode store + policy engine + Jaeger tracing, all pre-wired in one Compose file.
docker compose up
Use when You want everything. Library + proxy + tool gating + tracing + policy engine, all running together with shared audit chains. Enterprise deployment in under 5 minutes.
github.com/airblackbox/air-platform →
Capability comparison

A flat matrix of what each product does and does not do. Use this to sanity-check the decision tree above.

Capability air-trust gateway air-gate air-platform
What it is Python library HTTP proxy Tool approval checkpoint All three + observability, pre-wired
Includes the others? Standalone Standalone Standalone Yes (bundles air-trust + gateway + air-gate)
Language support Python only Any (HTTP client) Python only Any (via bundled gateway)
HMAC-SHA256 audit chain Yes Yes Yes Yes (unified across all components)
Human-in-the-loop approval No No Yes Yes (via bundled air-gate)
Distributed tracing (Jaeger) No No No Yes
Policy engine Basic Basic Basic Full (OPA-compatible)
Requires separate process No Yes No Yes (Docker Compose)
Install time ~30 seconds ~5 minutes ~30 seconds ~5 minutes
Works offline Yes Yes Yes Yes
CSA ATF conformance (v0.4.0+) Yes Planned Planned Yes (via bundled air-trust)
Typical user Python developer Platform engineer Agent ops team Enterprise / compliance lead
License Apache 2.0 Apache 2.0 Apache 2.0 Apache 2.0
"What should I pick if I am…"

Real situations from real developers. Find yours and copy the install command.

Solo Python dev, LangChain agent in a Jupyter notebook
You have one Python agent. You want to see what the EU AI Act evidence trail looks like. You do not want to learn Docker.
pip install air-trust. One import, three lines of code, done. You will have signed audit records on your disk in under a minute.
Startup running agents in production (Python + Node backend)
Your backend is split. Python for the agent logic, Node for the API layer. Both call OpenAI. You need ONE unified audit trail across both.
gateway. Run it as a sidecar. Point both your Python and Node clients at it. Every call from either service gets the same signed chain.
Fintech with agents that move money
Your agent can initiate transactions. Logging-after-the-fact is not enough. You need a human to approve every payment before it goes through. Regulators will ask about it.
air-gate as the approval checkpoint for the payment tool, plus air-trust for the rest of the agent's calls. They compose well.
Enterprise compliance team piloting AI governance
You want to show the security and compliance functions what "tamper-evident agent logs" look like without asking engineering to integrate a library. You need something a compliance analyst can spin up on a VM with every capability turned on.
air-platform. One docker compose up and the complete AIR Blackbox stack is live: air-trust for Python agents, gateway for non-Python services, air-gate for tool approvals, a policy engine, an episode store, and Jaeger tracing. All sharing one audit chain. Point any test agent at it and show the dashboard.
CrewAI developer exploring frameworks
You are prototyping with CrewAI. You are not sure whether CrewAI is your final framework. You want compliance evidence that will not lock you into one framework.
pip install air-trust. Its adapters cover LangChain, CrewAI, LlamaIndex, AutoGen, and 15+ others. If you switch frameworks later, the same air_trust.trust(...) call still works.
SRE adding compliance to a multi-tenant agent platform
You operate a platform where customers bring their own agents. You cannot control which libraries or languages they use, but you do control the outbound network.
gateway at the egress layer. Every tenant's LLM call passes through it. Every tenant gets the same audit guarantee whether they wrote their agent in Python, Go, or Ruby.
Answers to the confusing parts

Questions that come up on every office hours call and in every GitHub discussion.

Do I need more than one of these?

Usually no. If you need more than one, use air-platform. For individual developers, pick the single component that matches your integration model (air-trust, gateway, or air-gate) and ship. For enterprises that want multiple integration models running together with unified auditing, use air-platform; it bundles all three plus a policy engine and tracing, so you get the full picture without wiring three separate installs together.

Why did you build four projects instead of one?

Honest answer: the audit chain is the same core, but the three integration models serve very different users. A Python developer does not want to run Docker. A platform engineer does not want to import a library into every service. A compliance lead does not want to write code at all. One tool cannot be the right shape for all three, but an enterprise deployment often needs all three running side-by-side. That is what air-platform is for: it is not a fourth product, it is the complete stack that bundles air-trust, gateway, and air-gate together with shared auditing, an episode store, a policy engine, and Jaeger tracing.

Can I migrate from one to another later?

Yes. The audit record format is identical across all four. An air-trust SQLite database can be imported into a gateway deployment, and vice versa. Your historical evidence does not get stranded if you change integration models.

Which one gets the most updates?

air-trust is the current focus. It just shipped v0.7.0 with CSA Agentic Trust Framework conformance, and it is the package most actively developed. The others receive backports of the shared audit chain logic but do not get new features as quickly.

Is any of this certified for EU AI Act?

No. None of these tools certify anything. The EU AI Act does not have a certification scheme for compliance tooling. Certification applies to the AI system itself. AIR Blackbox products produce the evidence (Article 12 record-keeping, Article 11 technical documentation) that regulators or auditors will ask for. The certification decision remains with the operator of the AI system.

What about the August 2, 2026 deadline?

That is when general-purpose AI model obligations under the EU AI Act become enforceable. If you are deploying agents in or serving users in the EU, Articles 11 and 12 apply to you on that date. All four AIR Blackbox products are designed to produce the evidence trail those articles require. Start with air-trust this week. Graduate to the others only if you hit a limitation.

Start with the default. Graduate later.

If you are still not sure, install air-trust. It is one command, zero dependencies, and takes 30 seconds. You can switch to gateway, air-gate, or air-platform any time. Your audit records come with you.

pip install air-trust