Getting Started

Add governance to your AI agents in three steps: onboard, integrate, go live.

STEP 1

Onboard Your Organization

The fastest path is the quickstart endpoint. One call handles intake, analysis, membrane generation, and API key provisioning: 

POST /v1/onboarding/quickstart
Content-Type: application/json

{
  "org_name": "Acme Health",
  "email": "eng@acmehealth.com",
  "description": "Healthcare call center with AI agents for billing and scheduling"
}

GaaS analyzes your context, infers the applicable regulatory frameworks, builds a governance membrane, and returns an API key. Your membrane starts in shadow mode — full evaluation, zero enforcement.

What is a membrane? Your governance membrane is the complete set of policies, risk thresholds, delegation limits, and configurations that define how GaaS governs your agents. See Onboarding for the full lifecycle.
API Key Required. Save the API key returned from quickstart — you'll need it for all subsequent requests. Include it in the X-API-Key header when submitting intents.
STEP 2

Integrate Your Agent

Before your agent takes an action, have it declare the intent to GaaS and act on the decision.

Quota Limits. Each plan has monthly action quotas. Free tier allows 1,000 actions/month. Exceeding your quota returns a 402 Payment Required error. See Billing & Quotas for details.

Python

from gaas_sdk import GaaSClient, build_intent

async with GaaSClient(
    "https://api.gaas.is",
    headers={"X-API-Key": "your_api_key"},
) as client:
    # Declare what the agent wants to do
    intent = build_intent(
        agent_id="billing_bot",
        action_type="COMMUNICATE",
        verb="send_email",
        target_type="PERSON",
        target_identifier="patient@example.com",
        target_sensitivity="CONFIDENTIAL",
        summary="Send billing statement to patient",
        content={"recipient": "patient@example.com", "channel": "email"},
        reversible=True,
        audience_size=1,
    )
    response = await client.submit_intent(intent)

    # Act on the governance decision
    if response.data.verdict == "approve":
        send_email(response.data)
    elif response.data.verdict == "block":
        log(response.data.reasoning)

TypeScript

import { GaaSClient, buildIntent } from '@gaas/sdk';

const client = new GaaSClient({
  baseUrl: 'https://api.gaas.is',
  headers: { 'X-API-Key': 'your_api_key' },
});

const intent = buildIntent({
  agentId: 'billing_bot',
  actionType: 'COMMUNICATE',
  verb: 'send_email',
  targetType: 'PERSON',
  targetIdentifier: 'patient@example.com',
  targetSensitivity: 'CONFIDENTIAL',
  summary: 'Send billing statement to patient',
  content: { recipient: 'patient@example.com', channel: 'email' },
  reversible: true,
  audienceSize: 1,
});

const response = await client.submitIntent(intent);

if (response.data.verdict === 'approve') {
  sendEmail(response.data);
} else if (response.data.verdict === 'block') {
  console.log(response.data.reasoning);
}
Important: Always use the payload from the decision response when executing an approved action, not your original content. GaaS may modify the payload for compliance (e.g., adding required disclosures).
STEP 3

Review Shadow Decisions, Then Go Live

While your membrane is in shadow mode, GaaS evaluates every intent through the full governance pipeline but doesn't enforce any decisions. Use the conversational dashboard to review:

Mark any false positives. The membrane refines based on your feedback. When you're confident, activate live mode: 

POST /v1/membranes/{membrane_id}/activate

{
  "activation": {
    "mode": "live"
  }
}

Live mode can be reverted to shadow at any time with a single call. All audit records are preserved across both modes.

STEP 4

Configure Custom Policies (Optional)

Your membrane ships with default policies covering delegation limits, financial exposure, PCI/HIPAA rules, and more. To add org-specific rules — brand safety, fact-checking, domain restrictions — use the policy authoring API. Describe your requirement in plain English: 

POST /v1/policy-authoring/generate
Authorization: Bearer <your-api-key>
Content-Type: application/json

{
  "description": "Block publishing of unverified factual claims or statistics about our products."
}

GaaS drafts a policy, explains its logic, and runs smoke tests. Review the draft, then activate it: 

POST /v1/policy-authoring/activate
Authorization: Bearer <your-api-key>
Content-Type: application/json

{
  "draft_id": "draft_abc123"
}

To see all currently active policies for your membrane: GET /v1/policy-authoring/policies

Visual authoring. The GaaS dashboard provides a UI for authoring, reviewing, and managing policies without API calls.

Troubleshooting

Common Errors

401 Unauthorized — Invalid or missing API key. Check that you're including X-API-Key in the request headers with the key from quickstart.

402 Payment Required — Monthly quota exceeded. Upgrade your plan or wait until the quota resets at the start of the next billing period.

429 Too Many Requests — Rate limit exceeded. GaaS enforces per-organization rate limits (default: 100 requests/minute). Implement exponential backoff and retry after the period specified in the Retry-After header.

📚 Full Documentation for Active Clients
Sign up to access the complete policy library, connector integration guides, advanced configuration options, and regulatory compliance documentation. Start free trial →

What's Next

Questions? Reach out on GitHub.