Policy-as-Code for Agent Tool Calls. Portable proof for every verdict.
Bootstrap repo policy with gait init and gait check, evaluate structured intent before real tool execution, and turn incidents into deterministic CI regressions without a hosted control plane.
Put Gait at the Tool Boundary
Normalize intent, evaluate a verdict, execute side effects only on allow, and keep signed trace artifacts.
Inline Wrapper
Call gait gate eval in your dispatcher before real tool execution.
LangChain Middleware
Official middleware with optional callback correlation. Enforcement still happens in wrap_tool_call.
MCP Boundary
Preflight server trust with gait mcp verify, then use gait mcp proxy or gait mcp serve.
def dispatch_tool(tool_call):
decision = gait_evaluate(tool_call)
if decision["verdict"] != "allow":
return {"executed": False, "verdict": decision["verdict"]}
return {"executed": True, "result": execute_real_tool(tool_call)}# Install
curl -fsSL https://raw.githubusercontent.com/Clyra-AI/gait/main/scripts/install.sh | bash
# Bootstrap repo policy-as-code
gait init --json
gait check --json
# Create a signed artifact and verify it
gait demo
gait verify run_demo --json
# Turn it into a CI regression gate
gait regress bootstrap --from run_demo --json --junit ./gait-out/junit.xml{
"ok": true,
"policy_path": ".gait.yaml",
"default_verdict": "block",
"rule_count": 7
}Start with integration checklist, boundary guide, and Python SDK contract. The example JSON shape above matches a real gait check --json run.
Gate Before Tool Execution
Evaluate structured intent with fail-closed YAML policy. Any verdict other than allow is non-executing.
Signed Evidence You Can Reuse
Keep signed traces, runpacks, packs, and callpacks you can verify offline and attach to PRs, incidents, and audits.
Incident to CI Gate
Use gait capture, gait regress add, or gait regress bootstrap to turn a failure into a permanent regression with stable exit codes.
LangChain Middleware, Truthfully Scoped
The official LangChain lane is middleware with optional callback correlation. Enforcement still happens only at wrap_tool_call.
MCP Trust Is Complementary
Use gait mcp verify on local trust snapshots before proxy or serve. External scanners find; Gait enforces.
Durable Jobs and Voice Stay Additive
Checkpointed jobs, voice commitment gating, and context evidence ride on the same artifact and policy contracts.
Why Teams Adopt Gait
| Without Gait | With Gait | |
|---|---|---|
| Tool-call control | best-effort prompt checks | fail-closed structured verdicts at execution time |
| Incident evidence | logs + screenshots | signed trace or pack + ticket footer |
| Regression loop | manual repro, often skipped | deterministic fixture + CI gate |
| MCP trust | ad hoc server trust decisions | local snapshot preflight + policy enforcement |
| Long-running agent work | fails mid-flight, lost state | durable jobs with checkpoints + resume |
| Voice commitments | hope they say the right thing | gated before speech + signed callpack |
Frequently Asked Questions
What should teams run first?
Run gait init --json, gait check --json, gait demo, gait verify run_demo --json, then gait regress bootstrap --from run_demo --json --junit ./gait-out/junit.xml.
Where does Gait enforce policy?
At the exact tool boundary where your runtime is about to execute a real side effect. Only allow executes. Block and require_approval stay non-executing.
What does Gait do that logs do not?
Gait produces signed traces and packs with deterministic verification, so incidents are portable, independently verifiable evidence rather than best-effort log interpretation.
Does Gait require a hosted service?
No. Core workflows are offline-first and run locally: capture, verify, diff, policy evaluation, regressions, and voice/context verification can run without a network dependency.
What problem does Gait solve for long-running agent work?
Multi-step and multi-hour agent jobs fail mid-flight, losing state and provenance. Gait dispatches durable jobs with checkpointed state, pause/resume/cancel, and deterministic stop reasons so work survives failures and stays auditable.
Can Gait gate voice agent actions?
Yes. Voice mode gates high-stakes spoken commitments before they are uttered. A signed SayToken capability token must be present for gated speech, and every call produces a signed callpack artifact.
What is context evidence?
Context evidence is deterministic proof of what context material the model was working from at decision time. Gait captures privacy-aware context envelopes and enforces fail-closed policy when evidence is missing for high-risk actions.
How do I turn a failed agent run into a CI gate?
Run gait regress bootstrap --from <run_id> --junit output.xml. This converts the run into a permanent regression fixture. Exit 0 means pass, exit 5 means drift.
Start with policy bootstrap. Add evidence, CI, MCP trust, and jobs as needed.
The first five commands are real: init, check, demo, verify, regress bootstrap.
Open Install GuideFor assistant and crawler discovery resources, use LLM Context.