Production · v0.5.0 · api.gaas.is

Governance for
Autonomous Agents

Every agent action — payment, communication, data access — passes through a five-stage governance pipeline before execution. Compliance built in, not bolted on.

Get Started → API Reference

1

Intent Declaration

Agent declares action. Validated for completeness and semantic correctness.

2

Context Enrichment

27 production connectors pull live identity, security, IoT, and domain signals.

3

Policy Evaluation

60 policies across 11 categories. Tier 1 violations fast-fail. Risk scored in 6 dimensions.

4

Deliberation

6-agent LLM panel deliberates ambiguous cases through up to 3 consensus rounds.

5

Decision + Audit

SHA-256 hash-chained audit record. Every decision stored, reasoned, and retrievable.

Quick Start

Python

TypeScript

cURL

from gaas_sdk import GaaSClient, build_intent

async with GaaSClient("https://api.gaas.is", api_key="gsk_...") as client:
    intent = build_intent(
        agent_id="my-agent-v1",
        action_type="TRANSACT",
        verb="initiate_payment",
        target="vendor_account_9912",
        summary="Pay invoice INV-2026-0044 for SaaS services",
    )
    decision = await client.submit_intent(intent)
    print(decision.verdict)  # APPROVE | BLOCK | ESCALATE

import { GaaSClient, buildIntent } from '@gaas/sdk';

const client = new GaaSClient({ baseUrl: 'https://api.gaas.is', apiKey: 'gsk_...' });

const intent = buildIntent({
  agentId: 'my-agent-v1',
  actionType: 'TRANSACT',
  verb: 'initiate_payment',
  target: 'vendor_account_9912',
  summary: 'Pay invoice INV-2026-0044 for SaaS services',
});

const decision = await client.submitIntent(intent);
console.log(decision.verdict); // APPROVE | BLOCK | ESCALATE

curl -X POST https://api.gaas.is/v1/intents \
  -H "X-API-Key: gsk_..." \
  -H "Content-Type: application/json" \
  -d '{
    "intent": {
      "agent": { "id": "my-agent-v1" },
      "action": { "type": "TRANSACT", "verb": "initiate_payment",
                  "target": { "identifier": "vendor_account_9912" } },
      "payload": { "summary": "Pay invoice INV-2026-0044" }
    }
  }'

Start Here

Getting Started

Quickstart, API key provisioning, your first governance decision.

API Reference

Complete OpenAPI spec — all endpoints, request and response schemas.

Onboarding

Intake, UCM builder, membrane generation, and the shadow → live lifecycle.

SDKs

Python, TypeScript, Java, and LangChain client libraries with full intent builder support.

Core Pipeline

Intent Declaration API

Action types, shadow mode, batch submission, and governance verdicts.

Policy Library

60 policies — HIPAA, GDPR, PCI-DSS, SOX, AP2, EU AI Act, NIST, FedRAMP, CMMC.

Connectors

27 production integrations — Okta, SIEM, Stripe, GitHub, Slack, IoT, fleet, agriculture.

A2A & Agent Networks

A2A Protocol v0.3, Agent Trust Registry, AP2 payment governance.

Shadow Mode

Full pipeline evaluation, zero enforcement. Test on live traffic safely.

Conversational Dashboard

Governance operations via natural language — powered by Claude.

Platform & Operations

Observability & Alerting

Structured logging, Prometheus metrics, OTel tracing, anomaly detection.

Webhooks

HMAC-signed event delivery for decisions, escalations, and quota events.

Authentication

API keys, multi-tenancy, OAuth, MFA, and org isolation.

Rate Limits

Per-endpoint sliding-window throttling and 429 backoff patterns.

Advanced Features

NL policy authoring, proof tokens, DLT anchoring, co-signing, feature flags, appeals.

Load Testing

k6 smoke, load, and stress profiles — CI-gated between staging and production.

Compliance & Billing

Compliance & Liability Shield

EU AI Act, NIST AI RMF, SP 800-53, FedRAMP, CMMC, SR 11-7, Governance Proof Tokens.

GDPR Compliance

Data subject rights (Arts. 17, 20, 22), consent management, sub-processor automation.

Billing & Quotas

4-tier pricing, usage enforcement, multi-currency, Stripe Tax.

SLA

Availability commitments, credit tiers, and incident definitions by plan.