Step 1
Request intercepted
Every agent action reaches the governed MCP gateway before tool execution. The request is normalized, attributed to an agent identity, and held at the runtime boundary.
Agent identityTool + actionTarget context
Govern AI agents acting on production systems.
z-gateway sits between MCP-connected agents and production tools, enforcing policy at runtime, logging every decision, and blocking unauthorized access before it executes.
Free to start. No credit card required.
Runtime flow
Monitor → EnforceGateway eventdb.query.write
codex-devrequests repository write access
1
Intercepted request
GitHub and Postgres MCP tool calls are routed through the gateway first.
2
Policy evaluated
Explicit rules decide whether the action should simulate, allow, or block.
3
Scoped execution
Connector actions execute server-side and land in one runtime timeline.
Scoped token
Short-lived access
Issued only after policy passes.
Audit record
Decision persisted
Actor, tool, outcome remain reviewable.
Compatible withOpenAI CodexClaudeCursorGitHubPostgres
Every agent action passes through policy.
The runtime path is designed to be clear before it is dramatic: request interception, policy evaluation, and scoped execution with auditability built in at every stage.
Step 2
Policy evaluated
The gateway evaluates runtime policy, connector constraints, and rollout mode. Teams can observe would-block decisions first in monitor mode before switching to enforcement.
Allow / denyMonitor modeScoped policy match
Step 3
Decision logged and scoped execution allowed
If a request is approved, the gateway issues short-lived scoped access for execution and persists the decision trail. Allowed or denied, every outcome remains auditable.
Short-lived tokenExecution outcomeAudit trail
Awaiting policy
Incoming callgithub.create_pr
Agent: codex-dev
Target: repo:openai/z-gateway
Rollout: Governed path
Runtime state
Request intercepted
Policy evaluated
Decision logged and scoped execution allowed
Audit streamQueued for evaluation
Request interceptedactive
Policy evaluatedpending
Decision logged and scoped execution allowedpending
Awaiting policy
Incoming callgithub.create_pr
Agent: codex-dev
Target: repo:openai/z-gateway
Rollout: Governed path
Runtime state
Request intercepted
Policy evaluated
Decision logged and scoped execution allowed
Audit streamQueued for evaluation
Request interceptedactive
Policy evaluatedpending
Decision logged and scoped execution allowedpending
Step 1
Request intercepted
Every agent action reaches the governed MCP gateway before tool execution. The request is normalized, attributed to an agent identity, and held at the runtime boundary.
Agent identityTool + actionTarget context
Step 2
Policy evaluated
The gateway evaluates runtime policy, connector constraints, and rollout mode. Teams can observe would-block decisions first in monitor mode before switching to enforcement.
Allow / denyMonitor modeScoped policy match
Step 3
Decision logged and scoped execution allowed
If a request is approved, the gateway issues short-lived scoped access for execution and persists the decision trail. Allowed or denied, every outcome remains auditable.
Short-lived tokenExecution outcomeAudit trail
Built for teams running AI agents in production.
From the first intercepted call to full enforcement, z-gateway governs what agents can do and surfaces the evidence your team needs to trust the rollout.
Runtime authorization
Every tool call from every agent passes through the gateway before execution. No action escapes evaluation, regardless of how it was triggered.
Works with any MCP-connected agent: Codex, Claude, Cursor, and others.
Policy engine
Write allow/deny rules scoped to agents, repositories, and environments. Policy sets evolve as your agent fleet grows without redeploying your tools.
Enforce at the tool-call level with per-agent and per-connector granularity.
Runtime sessions
Group related GitHub and database actions into one agent execution timeline with detailed evidence.
Monitor Mode
Observe what would be blocked before turning on enforcement. Ship without risk.
GitHub + Postgres connectors
Route actions through governed connectors. No raw credentials handed to agents.
Approvals
Require human review for high-risk database actions before connector execution.
Every runtime decision leaves an audit trail.
Review the agent identity, requested tool action, target context, policy result, rollout mode, and execution outcome from one control plane. Auditability is part of the runtime path, not a separate add-on.
Recorded
Actor, tool, target
Explained
Policy decision + reason
Correlated
Runtime evidence and logs
Roll out safely, then enforce with confidence.
Observe what would be blocked before changing runtime behavior. Once your team trusts the policy set, switch to enforcement for tighter production control without losing the audit trail.
Rollout path
safer migrationMonitorEnforce
Connect your coding agents through a governed MCP gateway.
Put a runtime authorization layer between agents and tools, issue short-lived scoped access only after policy checks, and keep every decision observable from one control plane.