This page shows the full Decision Gate system as it will function at commercial launch — owner verification, team management, four response modes, and a complete audit trail for every agent action in your organization.
Every AI agent action in your organization passes through both gates before it touches the real world. Gate 1 checks the intent. Gate 2 checks what the agent actually produced. The snowball never gets to roll.
A team member, the owner, or an automated system asks an AI agent to perform an action. The request is intercepted before the agent processes it.
The request is scored across six dimensions. Who asked? What scope? What impact? Is this within their authority? The system knows who sent it and what tier they are on.
APPROVED CAUTION — confirm firstIf Gate 1 clears, the agent works. It reads documents, drafts content, queries systems, and produces an output or proposed action.
The agent's output is compared against the original request. Did it stay within scope? Does the content match the intent? Did the agent drift? The owner sees the full picture.
ESCALATE — owner approves HOLD — human required BLOCK — action stoppedEvery evaluation — pass or block — generates a complete case record. Who, when, what was requested, what the agent produced, why it was blocked, and what the owner was notified.
Escalated requests wait in the owner's approval queue. One click to approve or deny. The agent executes only after the owner confirms. Full audit trail preserved either way.
Decision Gate responds intelligently based on who is asking, what tier the account is on, and how severe the risk is. The right response for a solo operator is different from a team member at an enterprise.
All six dimensions cleared. The action is within scope, authorized, proportionate, and safe. The agent executes immediately. No friction for clean requests.
APPROVEDThe request is within acceptable range but the system detects ambiguity. The user must confirm before the agent executes. Used most often for solo operators and borderline scope.
CAUTIONAn automated pipeline — no human present — triggered an action with elevated risk. The agent waits. A human must manually release it before any execution occurs.
HOLDA non-owner team member submitted a request that exceeds their authorization level. The request is held and the owner is notified with the full case — who, what, and why — before any action is taken.
ESCALATEThe prototype uses a shared password. At commercial launch, every account has a verified owner identity that cannot be spoofed or assumed by a team member — no matter what credentials they hold.
The owner creates an account with a business email address. Cloudflare sends a confirmation link. The account does not activate until that link is clicked from the owner's inbox.
Email verification requiredAn API key for running evaluations — shareable with team members. And a separate owner token required for all governance actions. A team member with the API key cannot perform owner actions without the owner token.
Dual credential systemThe owner issues individual API keys to each team member from the owner dashboard. Each key is tied to a name and role. Keys can be revoked instantly with one click.
Per-member key managementAll ESCALATE decisions appear in the owner's approval queue. The owner sees the complete case — who requested it, what they asked, what the agent produced — before deciding to approve or deny.
One-click approve or denyAny governance action — changing permissions, approving high-value escalations, modifying account settings — requires a second factor. Closes the insider threat gap completely.
MFA on governance actionsDecision Gate is priced by evaluation volume and account complexity. Every tier includes both gates, all six dimensions, and the full case record.
Decision Gate is in active evaluation. The working prototype demonstrates both gates with live Claude API scoring. Request access to run your own evaluations.