The Permission Layer for AI Agents Trust without compromise.
The governance layer between AI reasoning and real-world execution. Trust Gateway puts a verified, auditable approval layer between your AI and your business systems — so every action is authorized, logged, and reversible before it counts.
Every tool call. Every decision. Every approval. On the record.
Your AI proposes. You decide.
When an AI agent attempts a sensitive task — issuing a large refund, modifying an account, triggering a payment — Trust Gateway intercepts it before execution. Your team sees exactly what will happen, in plain language, and approves or rejects with a single tap.
No more discovering what the AI did after the fact. No more costly mistakes that "seemed like the right call."
- Plain-language previews of every proposed change — no technical jargon
- Automatic escalation for high-risk tasks based on your own rules
- Role-based approvals — only authorized managers sign off on critical actions
- Temporary, scoped execution grants — the AI gets access only for what was approved, nothing more
- Mobile-ready approvals via Telegram — authorize from anywhere, instantly
Know exactly what your AI did — and why.
Most AI platforms give you an answer and hide the reasoning. Trust Gateway gives you a complete, step-by-step replay of every decision: what the agent intended, what the policy engine evaluated, what was allowed or blocked, and who approved it.
When something goes wrong — or unexpectedly right — you can trace it back in seconds.
- Full chronological history of every tool invocation and outcome
- Instantly answer: "Why did the AI do that?"
- Clear accountability trail for compliance and audit requirements
- Real-time activity feed — no polling, no refresh, no lag
Set boundaries in plain English. No code required.
Define what your AI is allowed to do without writing a single line of policy code. Auto-approve small refunds. Require a manager for anything over €500. Block certain actions entirely. Test your rules safely in a dry-run simulator before they touch real data.
Your business logic. Your thresholds. Your control.
- Human-language rule creation — accessible to non-technical operators
- Tiered policy engine: Allow / Require Approval / Require Proof / Deny
- Amount-aware rules — automatically extract monetary values from any tool payload
- Built-in dry-run simulator — test policies safely before going live
Teach your AI new skills in minutes.
Trust Gateway is built on an open integration model. Connect standard MCP tools, OAuth2-authenticated business applications, or define entirely new capabilities using simple skills.md blueprint files — no SDK, no deployment pipeline.
Every tool, regardless of origin, passes through the same policy engine. One gateway. One audit trail. Zero exceptions.
- Dynamic Skilling: Define new AI capabilities with plain-text skill blueprints
- MCP Compatible: Works with the growing ecosystem of standard MCP tools out of the box
- OAuth2 Integrations: Google Calendar, Stripe, Shopify, and more — with scoped, audited access
- Uncompromised Safety: No tool executes without passing your Trust Gateway policy — ever
Secure, Military-Grade Collaboration for Autonomous Teams.
Our proprietary Professional and Enterprise tiers introduce military-grade OpenMLS (Messaging Layer Security) end-to-end encryption. Agents, operators, and tools can collaborate within dynamically orchestrated, cryptographically isolated group chats.
Coupled with our decentralized Twin Mediator nodes, all message traffic, state synchronizations, and tool proposals transit privately over peer-to-peer DIDComm routes. No central host can read your messages or audit logs.
- OpenMLS Cryptography: Perfect forward secrecy and post-compromise security for all team and agent communication.
- Twin Mediator Transit: Pairwise, zero-trust peer-to-peer peering network routing that bypasses public bridge infrastructure.
- High-Density Unified Inbox: Sleek, highly compacted WhatsApp-style interface for rapid, multi-agent orchestrations.
- Decentralized DID Resolution: Self-sovereign pairwise identity directories with zero external dependencies.
Built on a principle, not a feature flag.
"No side-effects without an Execution Grant."
Every action in Trust Gateway — whether triggered by a human, an AI agent, or an automated schedule — requires a cryptographically signed, short-lived Execution Grant before it reaches your systems. Grants are bound to a specific tool, specific arguments, and a specific moment in time. They cannot be reused, replayed, or forged.
This isn't a governance layer bolted on top. It's the foundation everything else is built on.
Works with Claude. Works with any MCP agent.
The governance layer is at the infrastructure level, not the agent level.
Ready to run AI you can actually trust?
Give your AI agents access to business tools — with a complete approval layer, audit trail, and policy engine built in from the start.
Start using Trust GatewayPublic Preview Early Access
May 2026⚠️ Public Preview — Not recommended for production workloads without review
What is this release?
This is the first public preview of Trust Gateway — an execution control plane and approval layer for AI agents operating in business systems.
We are opening early access to gather real-world feedback, build community, and validate the architecture with developers and teams who are actively building with AI agents. This is not a stable release. APIs, configuration formats, and data schemas may change.
What's included
Community Edition (CE) — Open Core
- ✓ Trust Gateway Core: Central policy engine with centralized action classification and inference.
- ✓ Unified Executor Host: Consolidated binary runtime orchestrating native tools (OS-bound process isolation) and connectors.
- ✓ JWT Cryptographic Contracts: Strict signature validation preventing claims bypasses and blocking
alg=none. - ✓ Normalized JetStream Store: Collision-proof,
_-delimited KV keys for double-execution prevention. - ✓ WebAuthn / Passkey RP: Built-in biometric console for admin actions and logins.
- ✓ Smart Approval Center: Real-time approval prompts and out-of-band mobile alerts.
- ✓ Telegram Transport: Fast mobile alerts and approval triggers routed via NATS.
- ✓ Model Context Protocol: Native support for Claude Desktop and custom MCP swarms.
- ✓ OAuth2 Stub & Reverse Proxy: Gateway fallback routing for external identity services.
Professional & Enterprise (PE)
- ✓ Wasm Capability-Gated Sandbox: Strict process, fuel, and memory isolation for untrusted third-party tool execution (Relocated to PE).
- ✓ Role-Based Skill Governance: Progressive authorization policies for skill packs (Explorer, Analyst, Senior Analyst).
- ✓ OpenMLS Messaging: End-to-end encrypted group identities and communication loops.
- ✓ Twin Mediator & Resolver: Pairwise peering network nodes and decentralized DidComm transit inbox routing.
- ✓ Managed OAuth2 Connector Hub: External authorization flows and credential vaulting for MCP clients.
- ✓ Multi-Tenant Provider: Scaled multi-tenant directories and federated user management.
- ✓ B2B Infrastructure: Managed agent-as-a-service tenant routing and custom integrations.
- ✓ B2B Agent Daemon: Isolated agent runner supporting Verifiable Presentation (VP) & OAuth2 authentication.
- ✓ Semantic DLP Shield: Automatic LLM input/output data redaction and sanitization.
- ✓ Event Webhooks & Cron: Automated policy execution schedules and web triggers.
- ○ EntraID Connector: Enterprise directory integration (Coming soon).
Known limitations
Runs skill scripts as isolated OS processes. Not sufficient for untrusted third-party code without containerization.
Uses LLMs to filter output. We recommend additional structural validators for high-sensitivity data.
Migration to formal policy languages (OPA/Cedar) is planned for a future release.
How to get involved
Trust Gateway is the execution control plane for operational AI.
Built with the principle: No side-effects without an Execution Grant.