Now in production

Your agent won't
go rogue.

Before your agent does something irreversible, ScopeGate asks: was this authorized? One API call. Signed permit or denial. Audit trail included.

Get Your API Key See How It Works
Starts free. Metered billing. No lock-in. 
// Before every consequential agent action:
const result = await sg.verify({
  grantId: grant.grant_id,
  agentId: 'my-agent',
  requestedAction: 'send_email'
});

if (!result.permitted) throw new Error('Denied');
// ✅ authorized — safe to proceed

How It Works

01
Human issues a grant

Your user delegates a task to the agent — specifying exactly which actions are permitted, and for how long.

02
Agent checks before acting

Before every consequential action, the agent calls ScopeGate. One POST request. Returns permitted or denied with a signed token.

03
Full audit trail

Every verification is logged — what was requested, who requested it, whether it was permitted. Nothing hidden, ever.

Why ScopeGate

🔐
Cryptographically signed

Every permit is HMAC-signed. Agents can't forge authorization — and you can verify any decision independently.

One npm install

npm install scopegate-client and you're verifying actions in minutes. No agent framework lock-in.

📋
Audit-ready

Every verification is timestamped and logged. When someone asks "did the agent have permission to do that?" — you have the answer.

Pricing

Starter
$0/mo
$0.001 per verification
  • Full API access
  • Signed permits & denials
  • Audit log included
  • npm SDK included
  • Pay only for what you use
Get Started Free
Most Popular
Growth
$29/mo
$0.0005 per verification
  • Everything in Starter
  • 50% lower per-call rate
  • Priority support
  • Usage analytics dashboard
  • Best for growing products
Get Growth
Scale
$99/mo
$0.0002 per verification
  • Everything in Growth
  • 80% lower per-call rate
  • SLA & uptime guarantee
  • Custom grant policies
  • Best for production at scale
Get Scale

FAQ

ScopeGate verifies whether a specific agent was explicitly authorized by a specific human to take a specific action — at the moment of the request. It's not a firewall or a rules engine. It's a real-time authorization check: "does this agent have a valid, unexpired grant that covers this action?"
Any framework. ScopeGate is a plain HTTP API with an npm client. LangChain, CrewAI, AutoGen, OpenAI Assistants, custom agents — if it can make a POST request, it works with ScopeGate.
Each call to /grant/verify counts as one verification. You're billed monthly based on total verifications. Starter is $0.001 per verify, Growth is $0.0005, Scale is $0.0002. A typical agent doing 10,000 verifications/month costs $10 on Starter or $5 on Growth.
ScopeGate returns { permitted: false, reason: "..." } with a specific reason — grant expired, action not in scope, agent mismatch, etc. Your agent handles the denial. Every denial is logged to the audit trail.
Immediately after payment, your API key is emailed to you automatically. The email includes your key, the API endpoint, and a working code example to get started in under 5 minutes.

Your agents.
Under control.

Starts free. Takes 5 minutes to integrate.

Get Your API Key