Skip to content

LatchGate Documentation

LatchGate is an open-source execution boundary for AI agents. It sits between an agent tool call and a real-world side effect, making that transition explicit, controlled, and auditable.

Assume the model is compromised and design the system so that it does not matter. The model never holds credentials. It never has network access. Every side effect goes through a deterministic, fail-closed pipeline — or it doesn’t happen.

Start with the 5-minute overview to understand what LatchGate does and why. Then pick your path:

You want to…Start here
Try LatchGate in 60 secondsGetting Started
Connect an IDE or terminal agentMCP Adapter — how actions become MCP tools
Set up and manage the gateOperator TUI — the primary interface for day-to-day operation
Deploy to productionProduction Quickstart
Sandbox an agent processAgent Sandbox
Understand the architectureCore Concepts => Architecture
Review the threat modelSecurity Model — for the broader context, see the agent-execution threat model on latchgate.ai
Integrate with an IDE / frameworkIntegrations
Review a specific actionlatchgate actions <action_id>

Getting started

Understanding LatchGate

  • Core Concepts — actions, grants, receipts, the execution pipeline
  • Architecture — system layers, security invariants, crate boundaries
  • Security Model — threat model, trust boundaries, non-goals

Guides

Reference

IDE agents: Claude Code · Cursor · OpenCode · Claude Desktop · Codex CLI · Cline · Windsurf

Frameworks: LangChain · CrewAI · Vercel AI SDK · OpenAI Agents · Pydantic AI

Other: Custom Agent