About
Built for the governance gap
z-gateway was built because AI agents needed runtime governance, not just better prompts. We're two engineers who saw the governance gap opening up in real codebases and decided to close it at the right layer: the API boundary.
z-gateway is a product owned and operated by Black Diamond Labs Inc.
Team
The founders
Context
Why we built this
AI coding agents like Claude Code and Cursor were being handed GitHub and database access with no policy layer between them and production. The tools were capable, the frameworks were improving, but access control was being solved at the wrong layer—in prompts, in wrapper scripts, in hope.
z-gateway is an independent governance layer that helps teams apply access control at runtime, regardless of which AI model or framework is in use. Policy lives at the API boundary, not in the agent. That means your security posture doesn't depend on prompt engineering or model behavior—it depends on enforcement infrastructure you control.
See how it works
The docs cover MCP setup, policy configuration, GitHub and Postgres connectors, runtime sessions, and approvals—everything you need to evaluate z-gateway against your existing access control requirements.