docs / gates

gates

what a trust gate is

a trust gate is a human approval interrupt. before any agent takes a consequential action — sending a message, publishing content, writing to a system of record — runshift stops execution and asks you to decide.

the agent has done the work: it has researched, drafted, reasoned. the gate is the moment where human judgment enters before that work becomes irreversible.

every agent declares which of its actions are reversible and which require a gate. this is set in the agent definition — not editable by the operator at runtime. the gate fires automatically when the agent reaches that step.

the two responses

when a gate fires, you have two options:

approve

the proposed action executes. the agent completes the run. the decision is written to the audit trail with the content at the time of approval.

deny

execution stops. the agent marks the run as rejected. the proposed content is logged but never executed. the audit trail records the denial.

gate policies

each agent has a gate policy that controls when gates fire. set it in the wizard when creating the agent.

always

every run fires a gate before the output is delivered. use this for agents doing sensitive or high-stakes work where you want eyes on every result.

on_error

gates fire only when the agent detects a problem or anomaly. normal runs complete without interruption. this is the default.

never

the agent runs fully autonomously. no gate fires. outputs are delivered directly. use this only for agents whose actions are low-stakes and fully reversible.

cost gates

each agent can have a cost gate — a per-agent spend threshold in USD. when the agent's cumulative cost crosses that threshold, a gate fires regardless of the gate policy.

cost gates are a hard floor on autonomous spend. even an agent with policy set to never will pause and wait for approval when its cost gate trips.

slack notifications

gates fire to Slack in addition to the dashboard. when a gate opens, runshift posts a message to your configured channel with the agent name, the proposed action, a summary, and a preview of the draft content.

the message includes approve and deny buttons that link back to the runshift dashboard. you can act on a gate from Slack without opening a browser tab — tap the button, confirm on the dashboard, done.

this means you don't have to be at your desk to stay in control. agents can run, hit a gate, and wait — and you can approve or deny from anywhere.

the audit trail

every gate decision is written to the audit trail immediately on resolution. the record includes the agent, the proposed action, the content at the moment of the gate, the decision, who made it, and when.

audit records are immutable. once written, they cannot be updated or deleted — not by the operator, not by the agent, not by runshift. the trail is a factual ledger of what was proposed and what was decided.

if an agent is deleted, its audit records remain. the foreign key is nullified, not cascaded. history survives the agent.

back to getting started →read the AMP spec →back to docs →