v0.9.2 · MIT open source

Stop AI agents from
seeing your customers' data

gate transparently intercepts dbt, BigQuery, psql, and MCP tool calls — redacting PII before query results ever reach the model context. No query rewriting. No code changes. No data leaves your environment.

$ brew tap GaaraZhu/gate && brew install gate

How it works

01 / INTERCEPT

Hook into your AI agent

Run gate init once. gate registers as a Claude Code hook — no changes to your queries or workflows. MCP wrapping is opt-in via --wrap-mcp.

02 / DETECT

Two-layer PII detection

Gate 1 reads your SQL and marks sensitive columns before the query runs. Gate 2 scans every result row with regex patterns covering names, emails, phone numbers, IRD, NHI, TFN, ABN, Medicare, credit cards, and more.

03 / REDACT

Redacted results reach the model

PII is replaced with typed placeholders like [REDACTED:email]. The AI gets enough context to answer the question — not the raw data.

04 / RETRO

Review and tune with gate retro

Run gate retro to surface low-confidence redactions and automatically generate allowlist commands to suppress false positives. Keep redaction sharp without manual work.

What gate covers

SQL query tools

dbt, BigQuery CLI, psql, MySQL, and any tool invoked via Claude Code's Bash hook.

MCP server proxy

Intercepts tools/call responses from any MCP server and redacts PII inline.

AU/NZ compliance pack

Built-in checksum-validated patterns for IRD, NHI, TFN, ABN, and Medicare numbers.

JSONB & nested data

Recursively scans JSON values in columnar results — handles semi-structured data stores.

Column-aware scanning

Gate 1 parses your SQL to force-redact columns by name, even if the value looks clean.

Schema scanner

Run gate scan to classify every column in your database by PII tier before you connect.

AU / NZ Compliance Pack

Built for FMA, Privacy Act, and APPs

gate ships production-ready detection for every regulated identifier in Australia and New Zealand — IRD, NHI, TFN, ABN, Medicare — with checksum validation to eliminate false positives. The Compliance Pack adds signed attestation and a deployment runbook for organisations that need to demonstrate due diligence.

Learn more