AI Safety Gate
Automation Safety Layer
Get protected
Documentation
Overview
⬅️ Back to Docs Home

What is AI Safety Gate

AI Safety Gate (ASG) is an enforcement API that decides whether you can safely execute an AI-driven action.

How AI Safety Gate Works

1. Request submitted

2. Policy evaluation

3. PASS / WARN / BLOCK returned

4. Workflow enforces outcome

ActionKind-based enforcement (required)

Policies are actionKind-based.

**context.actionKind is required.**

If required context is missing or cannot be safely evaluated, the system will return WARN (paused for approval) or BLOCK (execution stopped), depending on the policy and risk.

Where it sits in your stack

ASG sits between:

  • your AI output (a proposed refund, message, data export, workflow step)
  • and the real-world side effect (issuing the refund, sending the message, exporting the data)

Call ASG after you have final AI output, and immediately before execution.

What you send → what you get

You send a request that contains:

  • the **action you intend to execute** (action_kind + action_type)
  • the **AI output** you would execute (ai_output)
  • the **context evidence** ASG uses for deterministic decisions (context, required fields depend on the action_kind)

action_type is not free-form. The only authoritative source for allowed action_type values is PUBLIC_ACTION_CATALOG (via listAllowedActionTypes(action_kind)).

If action_type is not allowed for the given action_kind, the validator returns a deterministic BLOCK with this exact reason format:

BLOCK: Unknown action_type for action_kind {action_kind}. Supported action_type values: {comma-separated list}.

ASG returns a **decision**:

  • PASS — execution is allowed
  • WARN — you must pause and get human approval
  • BLOCK — you must not execute

Your first integration (3 steps)

1. Choose the correct action_kind from the Action Reference.

2. Send your action_kind, action_type, ai_output, and the required context evidence for that action_kind to POST /api/validate.

3. Branch your execution on status.

What happens on PASS / WARN / BLOCK

  • PASS

- Execute the action.

  • WARN

- Do not execute yet.

- Persist the returned decision_id.

- Wait for a human approver to approve the decision.

  • BLOCK

- Do not execute.

- Persist the returned decision_id.

- Fix the request and re-validate.

Next: choose an `action_kind`

Go to **Action Reference** to pick the right action_kind in under a minute:

/docs/action-reference

Monitoring & observability

AI Safety Gate includes passive monitoring to support reliability and incident response. Monitoring does not change enforcement outcomes.

  • External-safe health endpoints: /api/health/app and /api/health/safety-gate
  • Structured operational logs for key lifecycle events (best-effort, no PII where possible)
  • Optional error monitoring (when configured)
Legal & Responsibility Notice
Summary
Informational only
Provided for general guidance. Not legal, compliance, security, or professional advice.
You control implementation
You are responsible for policies, prompts, integrations, workflows, and regulatory requirements.
Liability limitation
To the maximum extent permitted by law, the company disclaims liability for losses arising from use of this documentation or implementations based on it.