First supported use case

Govern coding and devops agent actions before they run.

dexgate focuses first on high-consequence development actions: shell commands, file patches, and deploy-class operations proposed by AI coding and devops agents.

Free adapters provide local hard gates. Paid dexgate adds a policy decision point, scoped action passports, protected-executor verification, and outcome evidence for production-bound workflows.

Start Free See Product See Pricing

The protected object is the proposed action

User permissions and sandboxes still matter, but they do not answer whether a proposed agent action should run now. dexgate evaluates the proposed action itself and returns a gate result before the protected executor acts.

Shell commands

Block dangerous local commands by default, and require governed authorization for production-bound shell execution.

Patch and file mutation

Gate apply-patch and file write/delete actions so the executor can refuse work that lacks scoped authority.

Deploy-class operations

Constrain promotion, rollout, and infrastructure-adjacent actions with environment, target, and expiry boundaries.

Free gate vs paid passport path

Free local hard gate

Use the adapter to block known risky local actions and evaluate fit. This path does not mint an action passport or create a governed customer decision record.

Paid dexgate runtime

Send production-bound proposals to the SDE-backed policy decision point. Allowed actions must carry a scoped passport the protected executor can verify or refuse.

Runtime contract

Proposal
Tool, action, target, user, environment, and evidence.
GateDecision
Allow, deny, constrain, acquire evidence, simulate, or escalate.
Passport
Scoped authority with schema id, target, constraints, expiry, and proof.
Verify
The executor checks the passport before acting and refuses missing or invalid authority.
Outcome
Execution or refusal evidence feeds review, troubleshooting, and reliability work.