A cloud reference framework of controls for enterprise-grade trustworthy AI agents. When an AI system can take real-world actions, the primary production constraint becomes trust - not model capability.
GATE specifies 16 controls across four layers that wrap probabilistic agents in a deterministic shell of governance. The model proposes; the control plane decides. Built on the architectural argument set out in the Trustworthy Agentic AI Blueprint.
Download the FrameworkPrompts are configuration, not governance. Enterprises cannot safely rely on prompt-only safety for systems that plan and execute actions across enterprise tools.
LLMs are non-deterministic and can be influenced by adversarial inputs. Trust must be engineered into the surrounding platform with controls that are deterministic, enforceable, and auditable outside the model.
When an agent can write to a database, call a payments API, or rotate a credential, the cost of an unbounded action is no longer reversible. The control plane authenticates, authorizes, and records every action before it takes effect.
Audit, incident response, and regulatory inquiry all require the same primitive: a tamper-evident record of who did what, on what authority, with what consequences. GATE makes that record a first-class output of every run - an architectural property the executive operating model increasingly depends on.
GATE uses “deterministic” to describe the control plane boundaries that surround the agent - not the model itself. LLMs remain probabilistic. What GATE enforces is operational determinism at the tool and memory boundary.
GATE defines a trustworthy agent as one whose failures are contained (limited blast radius), attributable (who did what), reproducible (deterministic replay), governable (policy, budgets, approvals), and auditable (tamper-evident evidence). Each control in the framework targets one or more of these properties directly.
A cross-cutting pattern that turns the 16 controls into a closed-loop autonomy dial: measure → score risk → constrain execution → audit. Higher autonomy tiers require more controls, stronger evidence, and tighter human-in-the-loop gates. The dial is calibrated against actual telemetry, not declared in policy.
16 controls across four layers. Each control specifies Why (the risk), What (the mechanism), How (implementation patterns), Evidence (what to log), and Failure Modes (common foot-guns). Built to be read like a platform spec, not a conceptual paper.
Prove who/what is acting and that execution is untampered.
Enforce deterministic policy, budgets, and execution boundaries.
Produce evidence, replayability, and non-repudiation.
Safely scale to distributed and multi-agent autonomy.
GATE is open and vendor-neutral. The control catalog maps to recognized governance standards so enterprise teams can use it alongside existing programs.
Each GATE control maps to GOVERN, MAP, MEASURE, and MANAGE functions, with explicit traceability tables in the appendix.
High-level theme alignment table covers the management-system clauses an ISO 42001 implementation needs to evidence.
Cloud Architects, AI Architects, Platform Engineering, Security Engineering, GRC, and SRE/Operations teams responsible for productionizing agentic AI.
GATE ships with open-source companion artifacts. All MIT-licensed and ready to fork.
Canonical project home: deterministicagents.ai
What the 134-page framework argues, in short form.
Agentic AI is crossing from “assistive” software into systems that plan and execute actions across enterprise tools. When an AI system can take real-world actions, the primary production constraint becomes trust, not model capability. The core challenge is architectural: models are probabilistic and influenceable; trust must be engineered into the surrounding platform.
“Trust must be engineered into the surrounding platform with controls that are deterministic, enforceable, and auditable outside the model.”
GATE is intended for adoption. The companion repositories provide schemas, policy templates, matrices, and runbooks that architects can use to model and map implementations in real cloud environments.
The architectural argument GATE implements, and the executive operating model it supports.
A 134-page open framework for engineering teams productionizing agentic AI. CC BY 4.0 documentation; MIT-licensed reference contracts and code. Available as a direct PDF download.
Download GATE v1.2.8134 Pages | ~2.4MB | Version 1.2.8 | CC BY 4.0