Enforced locally · zero added latency

Control what your agents do.
Not just what they say.

Guardrails stop at the prompt. Hexgate governs what your agents actually do — every tool call and resource access, allowed, denied, or held for approval. The policy is enforced locally from a signed bundle, so fine-grained control costs you nothing on the critical path.

$ pip install hexgate

Book a demo

MIT licensed● No per-call round-trips● Ed25519 signed bundles

PolicyEnforcer.decide(role, tool, args) live

every decision streamed to the audit log

Wraps the agent you already built

OpenAI Agents

LangChain / LangGraph

Google ADK

Pydantic AI+ any native runtime

The control plane for agentic systems

Authorization that travels with every tool call.

Capable agents are only as safe as the boundary around them. Hexgate is that boundary — four primitives, one enforcement seam.

Policy enforcement

Deny-by-default. Every tool call returns a typed Decision— allow, deny, or approval-required — evaluated against the caller's role at call time.

Signed bundles, local speed

The signed WASM bundle is fetched once per runand enforced in-process — no security service on the hot path, no round-trip per decision. Fast by design, verified before it's trusted.

Per-request user scope

Biscuit tokens carry who is calling; role policies decide what they can do. One wrapped agent serves every user, scoped per request.

Audit trail

Every decision streams to the audit log — who acted, which tool, the verdict, and the exact constraint that allowed or blocked it. Answerable, not hand-wavy.

Quickstart

Wrap your agent in one line. Ship enforcement on day one.

No rewrite, no config object. Set a key, wrap the runner, and the same agent code gates every tool boundary.

agent.py

from hexgate.adapters.openai import HexgateRunner
from hexgate.runtime import User

# picks up HEXGATE_KEY from env — no rewrite
runner = HexgateRunner()

await runner.run(
    my_agent,
    "refund order 30",
    user=User(user_id="alice", role="billing"),
)
# ↳ every tool call now routes through policy

policies/billing.yaml

version: 1
inherits: [read_only]

default_policy:
  mode: deny

tools:
  refund_order:
    mode: allow
    constraints:
      - args.amount <= 500
      - args.currency == "USD"
  wire_transfer:
    mode: approval_required

✓ Identical decisions in dev (in-process) and prod (signed WASM) — proven by a parity test suite.

01 / WRAP

Keep your agent

OpenAI, LangChain, Google ADK, or Pydantic AI — wrap it once. Your original object is left untouched.

02 / DECIDE

Gate every call

Each tool invocation resolves the caller's role and returns allow, deny, or approval-required — recoverable, never a crash.

03 / PROVE

Audit it all

Decisions stream to the log with the exact constraint behind each verdict. Hot-reload policy without a restart.

Get started

Let your agents do more —
because nothing they do is unchecked.

Install the SDK and gate your first agent in minutes, or book a walkthrough of the platform, audit log, and signed-bundle workflow.