Advanced Features

Optimize performance and reduce latency with bulk submission, field filtering, idempotency, ETag caching, and API versioning.

Bulk Intent Submission

Submit up to 50 intents concurrently in a single API call. The pipeline processes all intents in parallel via asyncio.gather, and partial failures don't abort the batch — each result includes either a decision or an error.

Endpoint

POST https://api.gaas.is/v1/intents/batch

Request Body

{
  "intents": [
    { "agent": {...}, "action": {...}, "payload": {...}, ... },
    { "agent": {...}, "action": {...}, "payload": {...}, ... },
    { "agent": {...}, "action": {...}, "payload": {...}, ... }
  ]
}

Response Structure

{
  "results": [
    { "success": true, "intent_id": "int_001", "decision": {...} },
    { "success": true, "intent_id": "int_002", "decision": {...} },
    { "success": false, "intent_id": "int_003", "error": {...} }
  ],
  "total": 3,
  "succeeded": 2,
  "failed": 1
}

Python (gaas_sdk)

from gaas_sdk import GaaSClient, build_intent

async with GaaSClient("https://api.gaas.is", headers={"X-API-Key": "your_key"}) as client:
    intents = [build_intent(...) for _ in range(10)]
    response = await client.submit_intents_bulk(intents)

    # Handle partial failures
    for result in response.results:
        if result.success:
            print(f"Intent {result.intent_id}: {result.decision.verdict}")
        else:
            print(f"Intent {result.intent_id} failed: {result.error}")

TypeScript (@gaas/sdk)

import { GaaSClient, buildIntent } from '@gaas/sdk';

const client = new GaaSClient({
  baseUrl: 'https://api.gaas.is',
  headers: { 'X-API-Key': 'your_key' },
});

const intents = new Array(10).fill(null).map(() => buildIntent({...}));
const response = await client.submitIntentsBulk(intents);

response.results.forEach((result) => {
  if (result.success) {
    console.log(`Intent ${result.intentId}: ${result.decision.verdict}`);
  } else {
    console.error(`Intent ${result.intentId} failed: ${result.error}`);
  }
});

Java (com.gaas.sdk)

import com.gaas.sdk.*;

GaaSClient client = new GaaSClient("https://api.gaas.is", "your_key");
List<IntentDeclaration> intents = new ArrayList<>();
// ... populate intents ...

BulkIntentResponse response = client.submitIntentsBulk(intents);

for (IntentResult result : response.getResults()) {
  if (result.isSuccess()) {
    System.out.println("Intent " + result.getIntentId() + ": " + result.getDecision().getVerdict());
  } else {
    System.err.println("Intent " + result.getIntentId() + " failed: " + result.getError());
  }
}

Field Filtering (Sparse Responses)

Reduce bandwidth and improve mobile performance by requesting only specific fields from the response. Works on all endpoints — no per-route configuration needed.

Usage

Append a ?fields= query parameter with comma-separated dot-notation paths:

GET https://api.gaas.is/v1/intents/{id}/decision?fields=decision.verdict,decision.risk_assessment.score

Response

{
  "decision": {
    "verdict": "APPROVE",
    "risk_assessment": {
      "score": 0.23
    }
  }
}

The response includes an X-GaaS-Fields-Filtered: true header when filtering is active. Error responses (4xx/5xx) pass through unfiltered.

Python (gaas_sdk)

response = await client.submit_intent(
    intent,
    fields="decision.verdict,decision.risk_assessment.score"
)

TypeScript (@gaas/sdk)

const response = await client.submitIntent(intent, {
  fields: 'decision.verdict,decision.risk_assessment.score',
});

Java (com.gaas.sdk)

GaaSResponse<GovernanceDecision> response = client.submitIntent(intent, "decision.verdict,decision.risk_assessment.score");

Idempotency

Prevent duplicate processing of the same intent by including an idempotency key. GaaS supports two approaches: header-based (recommended) and body-based (legacy, backward-compatible).

Header-Based Idempotency (Recommended)

Include an Idempotency-Key header with a unique identifier (e.g., UUID). If the same key is submitted within the TTL window, GaaS returns the cached response without re-executing the pipeline.

POST https://api.gaas.is/v1/intents
Idempotency-Key: unique-key-123
Content-Type: application/json

{ "intent": {...} }

When a cached response is returned, the response includes an Idempotent-Replayed: true header.

Body-Based Idempotency (Legacy)

Alternatively, include an idempotency_key field in the intent payload:

{
  "intent": {
    "agent": {...},
    "action": {...},
    "payload": {...},
    "idempotency_key": "unique-key-123"
  }
}

Python (gaas_sdk)

# Header-based (recommended)
response = await client.submit_intent(
    intent,
    headers={"Idempotency-Key": "unique-key-123"}
)

# Body-based (legacy)
intent = build_intent(..., idempotency_key="unique-key-123")
response = await client.submit_intent(intent)

TypeScript (@gaas/sdk)

// Header-based (recommended)
const response = await client.submitIntent(intent, {
  headers: { 'Idempotency-Key': 'unique-key-123' },
});

// Body-based (legacy)
const intent = buildIntent({ ..., idempotencyKey: 'unique-key-123' });
const response = await client.submitIntent(intent);

Java (com.gaas.sdk)

// Header-based (recommended)
Map<String, String> headers = new HashMap<>();
headers.put("Idempotency-Key", "unique-key-123");
GaaSResponse<GovernanceDecision> response = client.submitIntent(intent, headers);

// Body-based (legacy)
IntentDeclaration intent = IntentBuilder.create()
    .idempotencyKey("unique-key-123")
    ./* ... */
    .build();
GaaSResponse<GovernanceDecision> response = client.submitIntent(intent);

ETag Caching (HTTP Conditional Requests)

Save bandwidth and reduce latency by using HTTP conditional requests. GaaS supports ETag and If-None-Match headers for 304 Not Modified responses.

How It Works

1. Make a request to a cacheable endpoint (e.g., GET /v1/membranes/{id})
2. GaaS returns an ETag header with a cache validator (e.g., ETag: "abc123")
3. On subsequent requests, include If-None-Match: "abc123"
4. If the resource hasn't changed, GaaS returns 304 Not Modified with no body
5. If the resource has changed, GaaS returns 200 OK with the updated resource and a new ETag

Example

# First request
GET /v1/membranes/mem_abc123
# Response: 200 OK, ETag: "xyz789", { ... }

# Subsequent request (no changes)
GET /v1/membranes/mem_abc123
If-None-Match: "xyz789"
# Response: 304 Not Modified (no body)

# Subsequent request (resource changed)
GET /v1/membranes/mem_abc123
If-None-Match: "xyz789"
# Response: 200 OK, ETag: "new456", { ... }

Caching Strategy

API Versioning

All API routes are mounted under the /v1/ prefix. This allows for future backward-incompatible changes to be introduced under /v2/ while preserving existing client integrations.

Current Version

https://api.gaas.is/v1/intents
https://api.gaas.is/v1/escalations
https://api.gaas.is/v1/dashboard/...

Backward Compatibility

GaaS follows semantic versioning for the API:

• Patch releases (v1.0.1) — Bug fixes, no breaking changes
• Minor releases (v1.1.0) — New endpoints, optional fields, backward-compatible additions
• Major releases (v2.0.0) — Breaking changes, mounted under /v2/

The API version is included in the X-GaaS-API-Version response header on all requests.

Performance Optimizations

Phase 1 performance infrastructure is live in production at api.gaas.is as of February 2026. These optimizations reduce latency and payload size without any changes to your integration.

GZip Response Compression

All API responses are automatically compressed (minimum 1 KB, compression level 6). This reduces typical payload sizes by 60–70% for list and dashboard endpoints.

Multi-Tier Caching

Frequently accessed resources (agent profiles, governance membranes) are cached at two layers:

• L1 — In-memory LRU cache: Sub-millisecond reads for hot data. Auto-invalidated on writes.
• L2 — Redis cache: Shared across instances. Agent profiles cached for 1 hour; membranes for 15 minutes. Graceful degradation if Redis is unavailable.

Cache performance is exposed via Prometheus metrics: gaas_cache_hits_total, gaas_cache_misses_total, and gaas_cache_operation_duration_seconds.

Read Replicas

Read-heavy operations (decision history, audit exports, dashboard queries) are automatically routed to a read replica when one is configured. The primary database handles all writes. Configure via environment variables:

GAAS_DATABASE_REPLICA_URL=postgres://replica-host:5432/gaas
GAAS_READ_REPLICA_ENABLED=true

If the replica is unavailable, GaaS falls back to the primary automatically — no downtime, no configuration changes required.

Pipeline Latency Optimizations

The governance pipeline includes several built-in optimizations that reduce end-to-end latency without any changes to your integration:

• Parallel policy evaluation — policies within each tier are evaluated concurrently
• Smart filtering — only applicable policies are evaluated for each intent
• Shadow mode fast path — shadow pipelines skip expensive stages when enforcement isn't needed
• Early consensus exit — deliberation rounds terminate early when agents reach strong agreement
• Adaptive deliberation — only high-risk intents trigger the multi-agent deliberation stage

Natural Language Policy Authoring

Author governance policies in plain English. GaaS uses an LLM to generate a sandboxed Python policy function from your description, validates it against 5 canonical intents, and stages it as a draft for review.

Endpoints

• POST /v1/policy-authoring/generate — Generate a policy from natural language
• POST /v1/policy-authoring/activate — Compile and register an active policy
• GET /v1/policy-authoring/drafts — List drafts (7-day TTL)
• DELETE /v1/policy-authoring/drafts/{draft_id} — Delete a draft
• GET /v1/policy-authoring/policies — List activated policies for the org

Sandbox

Generated policies run in a restricted execution environment. AST validation allows 42 node types, 15 safe built-in functions (len, bool, int, float, str, min, max, etc.), and 19 safe methods. Blocked: import, eval, exec, open, __import__, and all dunder attributes. The __builtins__ dict is empty at runtime.

Smoke Testing

Every generated policy is automatically tested against 5 canonical intents covering low-risk approve, high-risk transaction, PHI access, PII communication, and control actions. All 5 must execute without exceptions before the draft is accepted.

Governance Proof Tokens

Every decision carries a governance_proof_token — an ECDSA P-256 signed artefact that binds the verdict, policies evaluated, risk score, and audit hash into a tamper-evident object. The signed payload is SHA-256("{token_id}:{decision_id}:{audit_hash}").

• Verification: GET /v1/verify/proof/{token_id} — public endpoint, no API key required
• Returns: TokenVerificationResult with valid, signature_valid, and chain_integrity fields
• See Compliance > Governance Proof Tokens for full field reference

DLT Temporal Anchoring

Audit records can be anchored to a distributed ledger for independent temporal verification. Anchoring is fire-and-forget — it never blocks the governance pipeline.

• Enable: GAAS_DLT_ANCHOR_ENABLED=true
• Backend: GAAS_DLT_ANCHOR_BACKEND=sqlite (default) or ethereum
• Batching: 100 records or 3,600 seconds (1 hour), whichever comes first
• Confirmation hash: SHA-256("{anchor_id}:{chain_head_hash}:{chain_position}:{timestamp.isoformat()}")

Multi-Party Co-Signing

Configure how audit records are cryptographically signed. Three modes are available, configured per-organization in the governance membrane's signing_config:

Signing failures never block decisions — the record receives an unsigned_reason instead. The signing_metadata field is excluded from audit hash computation (signatures derive from the hash).

Policy Epoch Tracking

Every audit record is stamped with policy_epoch (integer) and epoch_stale (boolean), identifying exactly which version of your policy configuration was active when the decision was made.

• Stored in Redis at gaas:policy_epoch:current with HMAC-SHA256 integrity (GAAS_POLICY_EPOCH_HMAC_KEY)
• Local cache TTL: 5 seconds. If HMAC verification fails, the system uses the last known-good value (fail-closed)
• Fields live on AuditPipelineMetadata (not GovernanceDecision)

Behavioral Velocity Signals

GaaS automatically computes per-agent behavioral signals from recent observation history (10-minute sliding window). These signals run as a virtual connector — no external HTTP calls, no additional latency.

• Signals: submit rate, block rate, deliberation rate, risk trend, baseline deviation
• Cold-start safe: fewer than 5 observations → cold_start=true, confidence 0.0. After 5+ observations, confidence rises to 0.85
• Shadow mode decisions are excluded from behavioral calculations
• Available in enriched context as source category BEHAVIORAL

Feature Flags

Runtime feature toggles that can be enabled per-organization or globally, with optional percentage-based rollouts using deterministic hashing. Bootstrap defaults from environment variables (GAAS_FEATURE_{NAME}).

Endpoints

• GET /v1/feature-flags — List all flags (viewer+)
• GET /v1/feature-flags/{name} — Get flag details (viewer+)
• GET /v1/feature-flags/{name}/check — Check if enabled (viewer+)
• POST /v1/feature-flags — Create flag (admin only)
• PATCH /v1/feature-flags/{name} — Update flag (admin only)
• DELETE /v1/feature-flags/{name} — Delete flag (admin only)

Flag names are 1–128 characters. Rollout percentage (0–100) determines what fraction of requests see the flag enabled. InMemory and Postgres-backed stores are available.

Decision Appeal System

When a decision is blocked, org admins receive an email with appeal action buttons. Appeal tokens are HMAC-SHA256 signed and expire after 72 hours.

Endpoints

• GET /v1/intents/{intent_id}/appeal?action=approve&token={token} — HTML confirmation page
• POST /v1/intents/{intent_id}/appeal — Record appeal decision (form: action, token, decision_id, reason)

Token format: hex_signature:unix_timestamp. The HMAC payload is decision_id:timestamp_str, signed with the SESSION_SECRET environment variable. Old tokens without a : separator are rejected. All user-controlled values in HTML pages are escaped via html_escape() to prevent XSS.

Geographic Access Control

Optional middleware that logs or blocks requests based on the originating country. Uses MaxMind GeoLite2 for IP-to-country resolution. Disabled by default — enable via environment variables.

• GAAS_GEO_GUARD_ENABLED — set to true to activate (default: false)
• GAAS_GEO_GUARD_MODE — log (default) or block
• GAAS_GEO_BLOCK_COUNTRIES — comma-separated ISO country codes to block (e.g., CN,RU)
• GAAS_GEOIP_DB_PATH — path to GeoLite2-Country.mmdb (default: /var/lib/GeoIP/GeoLite2-Country.mmdb)

In log mode, the country ISO code is logged with each request and stored in request state for downstream access. In block mode, requests from listed countries receive HTTP 403 with a geo_blocked error code. If the GeoIP database or geoip2 library is unavailable, the middleware passes requests through silently (graceful degradation).

Related Pages

• Getting Started — Onboard and integrate with the API
• Authentication — API keys and security
• Rate Limits — Per-endpoint throttling
• SDKs — Python, TypeScript, Java, and LangChain clients
• Compliance — EU AI Act, Federal Compliance, Proof Tokens, SR 11-7
• Observability — Prometheus metrics including cache and query monitoring
• API Reference — Complete endpoint documentation