Back to home

Help center

Frequently asked questions

Everything developers, compliance teams, and AI agents need to know about Gateplex.

Getting started

What is Gateplex?

Gateplex is a real-time governance firewall for autonomous AI agents. It intercepts every agent action before it executes, evaluates it against deterministic rules, and returns a verdict before the action completes.

How is Gateplex different from logging tools like Langsmith?

Langsmith and similar tools focus on developer-side tracing and debugging. Gateplex sits in the runtime path of your agents and actively enforces governance rules (block/flag financial actions, mask PII, prevent prompt injection), in addition to producing a regulator-ready audit trail.

How long does it take to integrate?

Most teams ship a first intercept in under 10 minutes - a single POST request from your agent to /api/public/intercepts with your API key.

Do I need to change my existing agent code?

Only the smallest possible change: one HTTP call (or one SDK function call) per intercept. You don't have to restructure your agent or move to a new framework.

What LLMs and frameworks does Gateplex support?

Anything that runs in your stack: OpenAI, Anthropic, Vertex AI, AWS Bedrock, plus orchestration frameworks like LangChain, CrewAI, and AutoGen. Gateplex is model- and framework-agnostic - if your code can make an HTTP call, it can use Gateplex.

API and technical

What is the API endpoint?

POST https://gateplex.ai/api/public/intercepts

How do I authenticate?

Send your project API key as either Authorization: Bearer gplx_... or X-Gateplex-Api-Key: gplx_.... Generate keys in Dashboard → Settings → API Keys.

What fields are required in the intercept payload?

Only event_type is required. Optional: agent_id (uuid), input, output, model, latency_ms, flagged, metadata.

What does a successful response look like?

A JSON object: { "ok": true, "intercept": { "id": "...", "created_at": "...", "event_type": "...", "flagged": false } } with HTTP 200.

What error codes can I expect?

400 invalid payload, 401 missing/invalid API key, 429 rate limit exceeded, 500 internal error. All errors return JSON with an `error` field.

Does Gateplex work with streaming responses?

Yes. Log a single intercept after the stream completes with the assembled output, or log per-chunk if you need fine-grained tracking.

Is there an SDK?

Yes - gateplex-python on PyPI. A TypeScript SDK is on the roadmap. You can also call the REST API directly from any language.

What is the MCP server and how do I use it?

Gateplex exposes an MCP server at https://gateplex.ai/mcp with three tools: log_intercept, get_feed, check_guardrails. Install via Smithery or point your MCP client at the endpoint with your Gateplex API key as a bearer token.

How do I test my integration?

Send a test intercept with event_type 'llm_call' from curl, then check the live feed in your dashboard. You should see it appear within a second.

What does the Python SDK return for a blocked action?

The SDK response includes a verdict field returning ALLOW, FLAG, BLOCK, or PENDING_APPROVAL. It also returns reasoning, triggered_rules, pii_types_detected, and transaction_amount. Convenience properties include is_blocked, is_allowed, is_flagged, and is_pending_approval.

Guardrails and governance

What is a guardrail?

A guardrail is a rule that evaluates every intercept in real time and decides whether to ALLOW, FLAG, or BLOCK the action.

What is the Human-in-the-Loop Approval Queue?

When a FLAG rule has requires_approval enabled, the governance engine returns a PENDING_APPROVAL verdict instead of FLAG. The agent action is held until a named human reviewer approves or rejects it in the Gateplex dashboard. Every decision is recorded with the reviewer email and timestamp. The Python SDK supports automatic polling via client.wait_for_approval(intercept_id).

What is the Rule Change Audit Log?

Every change to guardrail rules is logged automatically with the admin email, timestamp, and full before and after state. The log uses SHA-256 hash chaining for tamper evidence. It is visible on the Audit Log page and exportable as CSV.

Can I create custom guardrails?

Yes. Define rule_type, configuration (thresholds, regex, allow/deny lists), and whether the rule flags or blocks. Custom rules run alongside built-ins.

What happens when a guardrail is triggered?

The intercept is recorded with the matching rule, the verdict is returned to your agent, and (if configured) an alert is sent to your team. Blocked actions stop before execution.

What is the difference between BLOCK and FLAG?

BLOCK stops the action from executing - your agent should treat the response as a denial. FLAG allows the action but marks it for review in the audit trail.

Are guardrails enforced in real time?

Yes. Evaluation happens synchronously as part of the intercept request, before your agent receives a verdict.

How fast does a block execute?

Gateplex performs server-side governance evaluation with no LLM in the evaluation path. The verdict is returned in the same HTTP response as the intercept ack.

What rule types does Gateplex support?

Gateplex supports eight rule types: Keyword Block, Keyword Flag, Rate Limiter, API Scope Control, Regex Pattern Match, Output Length Limit, Prompt Injection Detector, and Repetition Detector. Three compliance packs are available that add multiple pre-configured rules at once: EU AI Act Article 12 Pack, HIPAA Safety Pack, and Financial Services Pack.

What happens when an action is flagged?

Flagged actions can be configured to require human approval before the agent action executes. When requires_approval is enabled on a rule, the action is held in the approval queue. A named reviewer must approve or reject it. Every decision is logged with the reviewer email and timestamp.

What is PENDING_APPROVAL?

When a FLAG rule has requires_approval enabled, the governance engine returns PENDING_APPROVAL instead of FLAG. The agent action is held until a human reviewer approves or rejects it in the Gateplex dashboard. The Python SDK supports automatic polling with client.wait_for_approval(intercept_id).

Privacy and security

Does Gateplex store my prompts and agent outputs?

Only if you send them. Input/output fields are optional. If sent, they are stored encrypted and retained according to your plan's retention policy.

Who can see my intercept data?

Only members of your organization with the appropriate role. Row-level security enforces project isolation at the database layer.

How is my data encrypted?

TLS 1.3 in transit, AES-256 at rest. API keys are stored hashed.

Can I delete my data?

Yes. You can delete individual intercepts, entire projects, or your whole account from the dashboard. Deletion is permanent within 30 days.

Is Gateplex SOC 2 compliant?

Gateplex follows SOC 2 security controls including encryption at rest and in transit, access control, and audit logging. A formal SOC 2 certification is on our roadmap. We can share our current security posture document on request. Email security@gateplex.ai.

Does Gateplex comply with GDPR?

Yes. We act as a processor for customer data, support DSAR fulfillment, and offer an EU data residency option on Enterprise plans.

Does Gateplex comply with the EU AI Act?

Gateplex is designed to help you comply with EU AI Act obligations around logging, transparency, and human oversight for high-risk AI systems. Our audit trail and compliance exports map to Article 12 and Article 14 requirements.

Is VPC deployment available?

Yes. Gateplex VPC Edition runs the governance engine entirely inside your own AWS or Azure environment. No agent payload data leaves your perimeter. Available on Enterprise plans on request.

Billing and plans

What is included in the free tier?

3 agents, 1 project, 5,000 intercepts/month, 7-day retention, built-in guardrails, community support.

What is included in the Pro plan?

15 agents, 3 projects, 50,000 intercepts/month, 90-day retention, custom guardrails, compliance PDF exports, email support.

How does the intercept limit work?

Every successful POST to /api/public/intercepts counts as one intercept. The counter resets on the first of each calendar month UTC.

What happens if I exceed my monthly intercept limit?

On the free tier, additional intercepts return 429 until the next reset. On Pro, overage is billed at $0.001 per intercept.

How do I upgrade to Pro?

Dashboard → Settings → Billing → Upgrade. Takes effect immediately and you're billed pro-rata for the rest of the month.

How do I cancel?

Dashboard → Settings → Billing → Cancel plan. You'll keep Pro access until the end of the current billing period and then drop to the free tier.

Do you offer refunds?

Within 14 days of your first paid charge, no questions asked. After that, refunds are handled case-by-case for service-level issues.

Is there an Enterprise plan?

Enterprise plans are designed for regulated industry deployments requiring custom compliance controls, VPC or on-premises deployment, SSO, and dedicated support. Pricing is based on your deployment scope and compliance requirements. Contact sales@gateplex.ai for a deployment assessment.

Performance and reliability

Does Gateplex add latency to my agents?

Evaluation happens synchronously within the intercept request lifecycle. Verdict is returned before the action executes.

What is the uptime SLA?

99.9% on Pro, 99.95% on Enterprise with credits for missed SLOs.

What happens if Gateplex goes down?

Our SDKs and recommended integration pattern fail open by default - your agent continues to function and intercepts are queued for replay. Fail-closed mode is available for strict-compliance workloads.

Can Gateplex handle high volume agents?

Yes. The API is built on edge infrastructure and scales horizontally. Customers run sustained loads above 1k req/s on Pro.

Is there a rate limit on the API?

Free: 60 req/min per project. Pro: 600 req/min per project, burstable. Enterprise: custom.

Compliance and audit

What is the audit trail?

An append-only, hash-chained log of every intercept and every guardrail verdict. Records cannot be modified or deleted without breaking the chain.

What is a compliance PDF export?

A signed PDF summarizing all intercepts, guardrail events, and verdicts for a given project and date range - formatted for auditors and regulators.

How do I generate a compliance report?

Dashboard → Compliance → Export → choose project and date range → Generate PDF. Reports are also available via API on Enterprise.

What regulations does the compliance export help with?

EU AI Act (Articles 12, 14), NIST AI RMF, ISO/IEC 42001, GDPR processor obligations, and internal SOC 2 evidence collection.

How long is audit data retained?

Free: 7 days. Pro: 90 days. Enterprise: custom (1–7 years).

Can I see a history of rule changes?

Yes. The Rule Change Audit Log records every rule creation, edit, enable, disable, and deletion with the admin email, timestamp, and full before and after state. The log uses SHA-256 hash chaining for tamper evidence.