OPA for AI actions. Composable enforcement primitives that evaluate rate limits, cost caps, policy rules, and audit trails in microseconds — before your agent acts. Not a platform. Not a dashboard. Primitives.
Your agent ran for 18 hours and burned $47,000. Provider rate limits are coarse. Observability tools watch — they don't prevent. You need a gate, not a dashboard.
A single misconfigured loop can drain your inference budget in minutes. Provider limits won't save you — they're set at the account level, not the agent level.
Agents call APIs, write databases, send emails. If there's no policy layer between intent and execution, your agent is operating with root access.
Existing tools tell you what went wrong after it happens. By then, the damage is done. You need enforcement at the point of execution.
Enterprise platforms sell $100K dashboards to compliance teams. Developers need lightweight primitives they can compose into their pipeline.
Each primitive is independently deployable, pip-installable, cloud-agnostic, and auditable in an afternoon. No vendor lock-in. Runs anywhere Python runs.
Rate limiting and cooldowns for agent actions. Controls frequency, prevents runaway loops, enforces execution boundaries.
Deterministic spend governance. Cost caps, token budgets, and reserve/commit flow for both fixed and dynamic costs.
Deterministic policy enforcement. Define rules as callable predicates — block dangerous actions, enforce domain constraints, evaluate context before execution.
Compliance-grade logging. Every decision, every verdict, every override — structured, queryable, and tamper-evident with hash-chained integrity.
Install. Import. Guard. Every action passes through the gate before it executes.
from actiongate import Engine, Gate, Policy # Initialize engine = Engine() # Define a gate: 10 calls per 60-second window gate = Gate("openai", "chat", "agent:1") # Guard your agent's action @engine.guard(gate, Policy(max_calls=10, window=60)) def call_openai(prompt: str) -> str: return openai.chat(prompt) # If the agent exceeds 10 calls/min → BLOCKED # No exception. No runaway. Deterministic.
from budgetgate import Engine, Ledger, Budget from decimal import Decimal # Set a $50 budget for this agent session engine = Engine() ledger = Ledger("openai", "gpt-4", "session:42") budget = Budget(max_spend=Decimal("50.00")) @engine.guard(ledger, budget, cost=Decimal("0.03")) def call_gpt4(prompt: str) -> str: return openai.chat(model="gpt-4", prompt=prompt) # Agent hits $50? Gate closes. No overrun.
from rulegate import Engine, Rule, Ruleset, Context engine = Engine() # Rules are just callables that return bool def no_pii(ctx: Context) -> bool: return "ssn" not in str(ctx.kwargs.get("query", "")).lower() def business_hours(ctx: Context) -> bool: return 9 <= datetime.now().hour < 17 @engine.guard(Rule("api", "search"), Ruleset(predicates=(no_pii, business_hours))) def search(query: str) -> list[str]: return api.search(query) # PII detected or off-hours? Blocked before execution.
from auditgate import Engine, Trail, Verdict, Severity # Tamper-evident audit trail with hash chaining engine = Engine(recorded_by="agent:1") trail = Trail("openai", "chat", "agent:1") # Log a gate decision engine.record(trail, verdict=Verdict.ALLOW, severity=Severity.INFO, gate_type="actiongate", gate_identity="openai:chat@agent:1", detail=ag_decision.to_dict(), ) # Every entry is SHA-256 hashed and chained. # Verify integrity via CLI: # $ auditgate verify audit_log.json
Drop-in adapters for OpenAI and LangChain. All four gates evaluate on every call.
Adapters are Apache-2.0. The [all] extra includes all four gates.
Gate function/tool calls before execution. Works with both Chat Completions and Responses API.
@gated_tool decorator and GatedTool class. Raises ToolException on block — agents handle it automatically.
Four gates evaluate in sequence. Every action must pass the first three before execution. AuditGate logs the full decision chain. Click a scenario to see the pipeline in real time.
Platforms sell you a dashboard. Observability tools watch after the fact. ActionGate gives you composable enforcement primitives at the point of execution.
| Dimension | Provider Limits | Observability Tools | ActionGate |
|---|---|---|---|
| Enforcement | Account-level | None (observe only) | Per-agent, per-action |
| Timing | Provider-side | Post-execution | Pre-execution |
| Rate limiting | Account-level caps | Alerts after spike | ✓ ActionGate |
| Composable | ✗ | ✗ | ✓ Stack gates |
| Policy rules | ✗ | ✗ | ✓ RuleGate |
| Budget governance | ✗ | Alerts after spend | ✓ BudgetGate |
| Audit trail | ✗ | Vendor-locked logs | ✓ AuditGate (hash-chained) |
| Framework adapters | ✗ | Vendor SDKs | ✓ OpenAI, LangChain |
| Licensing | Proprietary | Proprietary | Apache-2.0 (all four gates) |
| Self-hosted | ✗ | Partial | ✓ All gates run on your infra |
Self-hostable. No vendor lock-in. No cloud dependency. Star the repo, install the gates, and start governing your agents today.