6 deployment patterns for running Gatekeeper across SaaS, on prem, and hybrid environments. Each architecture shows the dataflow, the components, and the security considerations for a production agent deployment.
Claude, ChatGPT, and internal copilots reach SaaS APIs through a managed gateway. Credentials stay sealed in an attested enclave.
Coding agents clone, search, and ship. Production writes require approval; AWS signing keys never transmit.
The entire stack inside your VPC: customer managed keys, private endpoints, nothing crossing your boundary.
One hub fronts every internal MCP server, with provenance tainting, Slack approvals, and SIEM streaming.
Policy authored in the SaaS console; enforcement, credentials, and decryption stay inside your VPC.
Governed transaction signing for Fireblocks, Fordefi, and Utila with quorum approvals and spend caps.