Frequently asked questions

Gateplex is a non-custodial AI governance and observability firewall for autonomous AI agents. It intercepts every agent action, applies guardrails in real time, and gives you a tamper-evident audit trail for compliance.

Langsmith and similar tools focus on developer-side tracing and debugging. Gateplex sits in the runtime path of your agents and actively enforces governance rules (block/flag financial actions, mask PII, prevent prompt injection), in addition to producing a regulator-ready audit trail.

Most teams ship a first intercept in under 10 minutes — a single POST request from your agent to /api/public/intercepts with your API key.

Only the smallest possible change: one HTTP call (or one SDK function call) per intercept. You don't have to restructure your agent or move to a new framework.

Anything that runs in your stack: OpenAI, Anthropic, Vertex AI, AWS Bedrock, plus orchestration frameworks like LangChain, CrewAI, and AutoGen. Gateplex is model- and framework-agnostic — if your code can make an HTTP call, it can use Gateplex.

Send your project API key as either Authorization: Bearer gplx_... or X-Gateplex-Api-Key: gplx_.... Generate keys in Dashboard → Settings → API Keys.

Only event_type is required. Optional: agent_id (uuid), input, output, model, latency_ms, flagged, metadata.

A JSON object: { "ok": true, "intercept": { "id": "...", "created_at": "...", "event_type": "...", "flagged": false } } with HTTP 200.

400 invalid payload, 401 missing/invalid API key, 429 rate limit exceeded, 500 internal error. All errors return JSON with an `error` field.

Yes. Log a single intercept after the stream completes with the assembled output, or log per-chunk if you need fine-grained tracking.

Yes — gateplex-python on PyPI. A TypeScript SDK is on the roadmap. You can also call the REST API directly from any language.

Gateplex exposes an MCP server at https://gateplex.ai/mcp with three tools: log_intercept, get_feed, check_guardrails. Install via Smithery or point your MCP client at the endpoint with your Gateplex API key as a bearer token.

Send a test intercept with event_type 'llm_call' from curl, then check the live feed in your dashboard. You should see it appear within a second.

A guardrail is a rule that evaluates every intercept in real time and decides whether to ALLOW, FLAG, or BLOCK the action.

The Golden Rule blocks any agent action that would move more than a configured dollar amount without explicit human-in-the-loop approval. It's the default protection against runaway spend or unauthorized payouts.

PII Shield scans inputs and outputs for personally identifiable information (emails, phone numbers, SSNs, credit cards) and either masks them inline or blocks the action depending on your configuration.

Yes. Define rule_type, configuration (thresholds, regex, allow/deny lists), and whether the rule flags or blocks. Custom rules run alongside built-ins.

The intercept is recorded with the matching rule, the verdict is returned to your agent, and (if configured) an alert is sent to your team. Blocked actions stop before execution.

BLOCK stops the action from executing — your agent should treat the response as a denial. FLAG allows the action but marks it for review in the audit trail.

Yes. Evaluation happens synchronously as part of the intercept request, before your agent receives a verdict.

Typical p50 evaluation latency is under 25ms. The verdict is returned in the same HTTP response as the intercept ack.

Only if you send them. Input/output fields are optional. If sent, they are stored encrypted and retained according to your plan's retention policy.

Only members of your organization with the appropriate role. Row-level security enforces project isolation at the database layer.

TLS 1.3 in transit, AES-256 at rest. API keys are stored hashed.

Yes. You can delete individual intercepts, entire projects, or your whole account from the dashboard. Deletion is permanent within 30 days.

SOC 2 Type II audit is in progress. We follow SOC 2 controls today and can share our security posture document on request.

Yes. We act as a processor for customer data, support DSAR fulfillment, and offer an EU data residency option on Enterprise plans.

Gateplex is designed to help you comply with EU AI Act obligations around logging, transparency, and human oversight for high-risk AI systems. Our audit trail and compliance exports map to Article 12 and Article 14 requirements.

10,000 intercepts/month, 1 project, 7-day retention, built-in guardrails, community support.

1,000,000 intercepts/month, unlimited projects, 90-day retention, custom guardrails, compliance PDF exports, email support.

Every successful POST to /api/public/intercepts counts as one intercept. The counter resets on the first of each calendar month UTC.

On the free tier, additional intercepts return 429 until the next reset. On Pro, overage is billed at $0.001 per intercept.

Dashboard → Settings → Billing → Upgrade. Takes effect immediately and you're billed pro-rata for the rest of the month.

Dashboard → Settings → Billing → Cancel plan. You'll keep Pro access until the end of the current billing period and then drop to the free tier.

Within 14 days of your first paid charge, no questions asked. After that, refunds are handled case-by-case for service-level issues.

Yes — unlimited intercepts, custom retention, SSO, EU data residency, dedicated support, and a signed BAA/DPA. Contact sales@gateplex.ai.

Median overhead is under 25ms when intercepts are sent synchronously. Use fire-and-forget mode for zero blocking latency when you don't need a verdict.

99.9% on Pro, 99.95% on Enterprise with credits for missed SLOs.

Our SDKs and recommended integration pattern fail open by default — your agent continues to function and intercepts are queued for replay. Fail-closed mode is available for strict-compliance workloads.

Yes. The API is built on edge infrastructure and scales horizontally. Customers run sustained loads above 1k req/s on Pro.

Free: 60 req/min per project. Pro: 600 req/min per project, burstable. Enterprise: custom.

An append-only, hash-chained log of every intercept and every guardrail verdict. Records cannot be modified or deleted without breaking the chain.

A signed PDF summarizing all intercepts, guardrail events, and verdicts for a given project and date range — formatted for auditors and regulators.

Dashboard → Compliance → Export → choose project and date range → Generate PDF. Reports are also available via API on Enterprise.

EU AI Act (Articles 12, 14), NIST AI RMF, ISO/IEC 42001, GDPR processor obligations, and internal SOC 2 evidence collection.

Free: 7 days. Pro: 90 days. Enterprise: custom (1–7 years).