Agent Action Passport Runtime

Passport-gated actions for coding and devops agents.

dexgate governs shell, patch, and deploy-class agent actions before they run. A model may propose; a protected executor acts only with scoped authority.

Start free with local hard gates. Move to paid dexgate when production-bound actions need SDE PDP decisions, passport-schema evaluation, and reviewable outcome evidence.

Start Free View Demo See Pricing

Public beta adapters — recommended free: OpenClaw. Mature beta: Codex. Early beta: Grok, Claude, Cursor, Copilot. Paid: pilot — all adapters.

Purchase

Choose the operating mode that fits your rollout

Free local hard gate

Best for: adapter evaluation and safer local defaults

Protection: developer-free local hard gate (read, limited edit, constrained shell/tests; high-consequence actions blocked)

Outcome: no passport, no governed decision record

Paid dexgate runtime (early access / pilot)

Best for: production-bound coding/devops agents in a controlled pilot

Protection: PDP decision plus passport-schema authority

Outcome: reviewable GateDecision, Passport, Verify, and Outcome artifacts

What it does

Stops risky actions before they run

dexgate evaluates shell, patch, and deploy-class agent proposals before execution.

Creates passport records your team can review

Security, audit, and engineering teams can see what was requested, which policy applied, what scope was authorized, and why execution was allowed or refused.

Takes you from safe defaults to governed control

Free local hardening helps you start safely. Paid dexgate adds the pilot PDP and passport path for production-bound allow-with-proof when entitled.

How it works

Agent Execution Governance is Decision Execution Governance applied to AI agents. The beachhead is governed production change: shell commands, code patches, and deploy-class actions.

The adapter catches an action before it runs.

Free mode applies local hard gates.

Paid dexgate checks important actions against policy and passport schemas.

Allowed protected actions carry passport evidence for review.

Technical details

Technical details: free mode uses local hardening. Paid dexgate uses SDE-backed policy decisions, controlled policy updates, passport-schema evaluation, and governed evidence records.

What dexgate adds

Governed action decisions

Allow, deny, constrain, acquire more evidence, simulate, or escalate sensitive runtime actions with clear policy outcomes.

Scoped action passports

Bind allowed actions to a schema, target, environment, expiry, and proof fields that protected executors can verify.

Reviewable outcome records

Keep clear evidence for troubleshooting, internal controls, and security review after execution succeeds or is refused.

Supported today

OpenClaw adapter

Public beta · recommended free path.

Start with local hardening.

Move to paid pilot dexgate when you need PDP decisions, passport evidence, and environment-level controls.

Start Free Watch Demo Read Docs

Codex adapter

Public beta · mature (controlled host coverage).

Start with safer shell and limited-patch free posture.

Use the paid pilot path when Codex actions need PDP decisions, passport evidence, and readonly governance-gap detection on current builds.

Start Free Watch Demo Read Docs

What dexgate does not replace

dexgate works alongside existing identity, sandboxing, and monitoring controls. It does not replace them.

dexgate fits customer-controlled deployments and licenses by gateway and environment.

Gateway: one governed deployment boundary, usually one runtime integration serving a specific team, application path, or environment set.

Public tiers are Production at 1 gateway / 2 environments, Team at 3 gateways / 3 environments, Business at 10 gateways / 5 environments, and Enterprise by custom annual agreement.

Deployment, licensing, and validation details

dexgate runs with customer-controlled deployment boundaries.

dexgate supports licensing by gateway and environment rather than seat counting.

Customers can map their own environment labels to named policy profiles and edit those profile definitions in the delivered runtime bundle.

Validation, evidence, and compatibility statements on this site describe Automated Decision Systems internal testing for declared configurations. They do not constitute government approval, legal advice, or a guarantee that all customer environments will achieve the same outcome.

Get Started View Demo See Pricing

Purchase