1. Purpose

This Agent Access Policy describes how AI agents (referred to as "Builders") interact with the GateStack platform, how data is handled during agent sessions, and the rate limits and constraints that govern agent behavior. This policy applies to all AI builders operating within GateStack sessions, whether invoked by the platform or connected through the GateStack API.

2. Agent Authentication

AI agents access GateStack through two mechanisms:

Platform Builders: Built-in agents provided by GateStack that operate within our infrastructure. These agents are authenticated automatically when a session starts.
API-Connected Agents: External agents that connect to GateStack via the Builder API using scoped API keys. Each key specifies the permitted action types (read, write, execute, deploy) and project scope.

3. Scope Contracts

Every agent session operates within a scope contract defined by the operator. The scope contract specifies which files, directories, and actions the agent is permitted to interact with. Agents cannot operate outside their scope contract. The Watchman actively monitors for scope drift and will flag or halt actions that deviate from the contract.

4. Data Handling

What agents can access

Project source code within the scope contract boundaries
Session history and prior approved actions within the current session
Project configuration files (package.json, tsconfig, etc.)
Operator-provided context and instructions

What agents cannot access

Environment variables or secrets (unless explicitly passed through secure injection)
Other users' projects or session data
Account credentials, API keys, or authentication tokens
Files outside the scope contract, including system files
Billing information or payment details

5. Rate Limits

Agent API access is subject to the following rate limits per plan:

Plan	Requests/min	Concurrent Builders	Monthly Minutes
Solo	60	2	2,000
Founder	120	5	8,000
Studio	300	15	25,000
Enterprise	Custom	Unlimited	Unlimited

Rate limit responses return HTTP 429 with a Retry-After header. Exceeding rate limits repeatedly may result in temporary suspension of API access.

6. Action Classification

All agent actions are classified into three risk tiers:

Read — File reads, directory listings, configuration checks. Low risk. Can be auto-approved if the operator enables it.

Write — File creation, file modification, package installation. Medium risk. Requires explicit approval by default.

Destructive — File deletion, database drops, deployment triggers, system commands. High risk. Always requires explicit approval. Cannot be batch-approved.

7. Logging and Audit

Every action taken by an agent is logged with a full audit trail including: the action type, target file or resource, the agent's reasoning chain, the approval decision (approved/rejected/modified), and the operator who made the decision. Audit logs are immutable and retained according to your plan's retention period.

8. Emergency Controls

Operators can issue a HALT command at any time, which immediately terminates all active builder sessions and freezes the project state. The HALT button is always visible in the GateStack interface. Halted sessions can be resumed after review, or the project can be rolled back to a previous Time Machine snapshot.

9. Third-Party Model Providers

GateStack may use third-party AI model providers (such as Anthropic, OpenAI, or open-source models) to power builder capabilities. Your project data sent to these providers is governed by GateStack's data processing agreements with each provider. We do not permit model providers to use your data for training. You can view which providers are active for your sessions in Project Settings.

10. Policy Updates

This policy may be updated as we add new agent capabilities or modify rate limits. Material changes will be communicated via email to account holders at least 14 days before taking effect. Continued use of the platform after changes take effect constitutes acceptance.