Open Source · MIT License

The Deterministic Verification Layer for Enterprise AI

Enforce strict, code-based contracts to ensure your AI never hallucinates, leaks PII, or violates business rules regardless of the underlying model.

Built for enterprise compliance

Zero Hallucinations

Fail-Closed Security

Audit Ready

Why Gateia?

In production, probability is a liability

Unlike "AI-judging-AI" solutions, Gateia restores deterministic control.

Zero Hallucination Policy

Gateia does not use LLMs to verify. It uses deterministic logic and regex engines. It is impossible for the verifier to hallucinate.

Contract-First Architecture

Define your data requirements with Zod schemas. If the output doesn't match, it doesn't ship.

Audit-Ready Logging

Every decision is traced, logged, and categorized by severity, making compliance (SOC2, HIPAA) audits straightforward.

Fail-Closed Security

If a policy returns a block signal (even with malformed data), Gateia defaults to blocking. Security is never compromised.

Quick Start

Add guardrails in minutes

Scenario: You have an AI Customer Support Agent. You need to ensure it never promises refunds it can't deliver, and never leaks customer PII.

Define your contract

Use Zod schemas to specify the exact structure your AI must return.

Apply policies

Chain built-in or custom policies to enforce business rules.

Handle the result

Deterministic outcomes: blocked or allowed. No probabilistic guessing.

customer-support.ts

1import { verify } from 'gateia';
2import { z } from 'zod';
3
4// 1. Define the "Safe Reply" Contract
5const CustomerSupportContract = z.object({
6  sentiment: z.enum(['happy', 'neutral', 'angry']),
7  reply_text: z.string(),
8  ticket_status: z.enum(['open', 'resolved', 'escalated']),
9  requires_human_review: z.boolean()
10});
11
12// 2. The Verification Step
13const result = await verify({
14  output: llmResponse, 
15  contract: CustomerSupportContract,
16  policies: [
17    'finance-safe', // Block unauthorized refund promises
18    'pii-safe',     // Redact leaked phone numbers/emails
19  ],
20  mode: 'enforce'
21});
22
23// 3. Deterministic Decision
24if (!result.allowed) {
25  // 🛑 BLOCKED: The AI tried to say something unsafe
26  console.warn("Safety Violation:", result.enforcement.violations);
27  sendToUser("A human will be with you shortly.");
28} else {
29  // ✅ SAFE: Output adheres to contract and policies
30  sendToUser(result.safeOutput.reply_text);
31}

Policy Library

Battle-tested policies for enterprise risks

Ship with confidence using our pre-built policies, or create your own type-safe custom policies.

Policy ID	Category	Description	Severity
`finance-safe`	Compliance	Blocks non-compliant guarantee language (e.g., "100% no risk", "guaranteed return").	High
`pii-safe`	Privacy	Redacts or blocks Personally Identifiable Information (Emails, Phone Numbers).	High
`secrets-safe`	Security	Detects leaked API keys (AWS, Stripe, OpenAI, Slack) and private keys.	High
`markup-safe`	Security	Prevents XSS by blocking <script>, iframe, and other HTML injection vectors.	High

Type-Safe Custom Policies

Leverage TypeScript generics to ensure your security policies are strictly typed against your contracts.

check: (output) => { ... }

Advanced

Custom Policies

Build type-safe custom policies that integrate seamlessly with your contracts, or deploy in audit mode for passive monitoring without blocking.

Type-Safe Custom Policies

Gateia leverages TypeScript generics to ensure your security policies are strictly typed against your contracts.

Full IntelliSense support for output properties
Compile-time errors for invalid property access
Custom violation codes and severity levels

Audit Mode (Passive Monitoring)

Deploy policies without disrupting user flow. Violations are recorded but allowed remains true.

Perfect for gradual policy rollouts
Monitor violations without blocking users
Build dashboards from logged data

Policy Check Function

The check function receives the typed output and must return either { outcome: 'pass' } or { outcome: 'block', violations: [...] }

1import { verify } from 'gateia';
2import { z } from 'zod';
3
4// Your contract expects { score: number }
5const Contract = z.object({ score: z.number() });
6
7// TypeScript knows 'output' is { score: number }
8const result = await verify({
9  output: data,
10  contract: Contract,
11  policies: [{
12     id: 'check-score',
13     mode: 'enforce',
14     // Compile Error if you access invalid properties
15     check: (output) => { 
16        if (output.score < 0) {
17          return { 
18            outcome: 'block', 
19            violations: [{
20              policyId: 'check-score',
21              code: 'NEGATIVE_SCORE',
22              message: 'Score cannot be negative',
23              severity: 'high'
24            }]
25          }
26        }
27        return { outcome: 'pass' }
28     }
29  }]
30});

EnforcementReport

1{
2  "allowed": false,
3  "traceId": "123e4567-e89b-12d3-a456-426614174000",
4  "enforcement": {
5    "contract": { "outcome": "pass" },
6    "appliedPolicies": [
7      { "id": "finance-safe", "outcome": "block" },
8      { "id": "pii-safe", "outcome": "pass" }
9    ],
10    "violations": [
11      {
12        "policyId": "finance-safe",
13        "code": "FIN_GUARANTEE",
14        "message": "Contains forbidden guarantee language: 'no risk'",
15        "severity": "high"
16      }
17    ]
18  }
19}

The Enforcement Report

Every decision is traceable

Every call to verify() returns a comprehensive EnforcementReport. Use this for your internal dashboards and compliance logs.

`allowed: false`

Clear boolean indicating if the output was blocked or passed.

`traceId`

UUID for tracking and debugging across your infrastructure.

`violations`

Detailed breakdown of which policies failed and why.

Audit Mode Available

Deploy policies without disrupting user flow. Set mode: 'audit' to log violations without blocking.