drandrewlaw/agentgate
Production-grade permissions, hooks, and tool safety for AI agents. Works with any LLM provider.
Platform-specific configuration:
{
"mcpServers": {
"agentgate": {
"command": "npx",
"args": [
"-y",
"agentgate"
]
}
}
}Add the config above to .claude/settings.json under the mcpServers key.
The missing safety layer for AI agents.
[](https://www.npmjs.com/package/agentgate) [](https://opensource.org/licenses/MIT) [](https://www.typescriptlang.org/)
Your agent can call tools. But should it?
agentgate gives you declarative permission rules, lifecycle hooks, and tool execution control for any AI agent — extracted from battle-tested patterns in production AI systems serving millions of users.
Your Agent (LangChain / CrewAI / OpenAI / Custom)
│
┌────▼─────────────────┐
│ agentgate │
│ permissions + hooks │
└────┬─────────────────┘
│
Actual Tools (filesystem, bash, APIs, databases)Every AI agent framework gives you tools. None gives you governance.
| Feature | agentgate | LangChain | CrewAI | OpenAI Agents | ShipAny | |---------|:---------:|:---------:|:------:|:-------------:|:-------:| | Permission DSL (allow/deny/ask) | Yes | No | No | No | No | | Lifecycle hooks (pre/post/error) | Yes | No | No | No | No | | Provider-agnostic | Yes | Yes | Yes | No | No | | MCP support | Yes | No | No | No | Yes | | Type-safe tools (Zod) | Yes | Partial | No | Partial | Yes | | Zero runtime deps | Yes | No | No | No | No |
npm install agentgate zodimport { agentgate, buildTool, matchPattern } from 'agentgate'
import { z } from 'zod'
const Bash = buildTool({
name: 'Bash',
inputSchema: z.object({ command: z.string() }),
call: async (input) => ({ data: `ran: ${input.command}` }),
preparePermissionMatcher: (input) => (pattern) => matchPattern(pattern, input.command),
})
const gate = agentgate({
permissions: {
mode: 'default',
rules: [
{ allow: 'Bash(Loading reviews...