LatchGate Documentation
LatchGate is an open-source execution boundary for AI agents. It sits between an agent tool call and a real-world side effect, making that transition explicit, controlled, and auditable.
Assume the model is compromised and design the system so that it does not matter. The model never holds credentials. It never has network access. Every side effect goes through a deterministic, fail-closed pipeline — or it doesn’t happen.
New here?
Section titled “New here?”Start with the 5-minute overview to understand what LatchGate does and why. Then pick your path:
| You want to… | Start here |
|---|---|
| Try LatchGate in 60 seconds | Getting Started |
| Connect an IDE or terminal agent | MCP Adapter — how actions become MCP tools |
| Set up and manage the gate | Operator TUI — the primary interface for day-to-day operation |
| Deploy to production | Production Quickstart |
| Sandbox an agent process | Agent Sandbox |
| Understand the architecture | Core Concepts => Architecture |
| Review the threat model | Security Model — for the broader context, see the agent-execution threat model on latchgate.ai |
| Integrate with an IDE / framework | Integrations |
| Review a specific action | latchgate actions <action_id> |
Core documentation
Section titled “Core documentation”Getting started
- Overview — what LatchGate is, in 5 minutes
- Getting Started — install, first run, smoke test
- Production Quickstart — from zero to production-ready in 15 minutes
Understanding LatchGate
- Core Concepts — actions, grants, receipts, the execution pipeline
- Architecture — system layers, security invariants, crate boundaries
- Security Model — threat model, trust boundaries, non-goals
Guides
- MCP Adapter — how
latchgate-mcpconnects IDE and terminal agents - Configuration —
latchgate.tomlreference - Presets — built-in security postures for common agent workflows
- Agent Sandbox — Linux namespace containment for agent processes
- Operator TUI — interactive terminal interface for real-time gate operation
- Policy & Approvals — OPA/Rego policy, budgets, human-in-the-loop
- Secrets Management — SOPS encryption, JIT injection, rotation
- Actions & Manifests — built-in action catalog and manifest format
- Custom Actions — YAML-only and Rust/WASM paths
- Webhooks — push notifications for security events
- Egress Proxy — defense-in-depth egress control
- WASM Providers — sandbox model, host I/O, custom providers
- Deployment — production hardening, UDS transport, key management
- Upgrading — version migration notes
Reference
- CLI Reference — complete command-line reference
- API Reference — complete REST endpoint documentation
- SDKs — Python and TypeScript client libraries
- Troubleshooting — common issues, diagnostics, solutions
Integrations
Section titled “Integrations”IDE agents: Claude Code · Cursor · OpenCode · Claude Desktop · Codex CLI · Cline · Windsurf
Frameworks: LangChain · CrewAI · Vercel AI SDK · OpenAI Agents · Pydantic AI
Other: Custom Agent