GatekeeperAI provides an on-premises solution for enterprise teams to securely adopt AI applications. With automated scanning, human review, and isolated deployment, it ensures that only approved apps gain access, all while simplifying workflow management and enhancing security without compromising ease of use.
GatekeeperAI is an on-premises platform designed to empower enterprise teams to safely integrate both third-party and internal AI applications. This comprehensive solution ensures that every application undergoes rigorous automated security scanning, human oversight, and sandboxed deployment before it is accessible to users.
How It Works
- Submit — Developers push their application code to the GatekeeperAI Git server.
- Scan — The platform automatically executes a suite of five distinct scanners, which include secrets detection, dependency vulnerability audits, egress network analysis, PII exposure checks, and an LLM-powered code review via Claude AI.
- Review — A designated approver evaluates the scan results, making decisions to approve or reject the app while having SLAs tracked automatically.
- Deploy — Once approved, applications are packaged into secure Docker containers and launched within an isolated environment, accessible through a public URL.
- Manage — Runtime secrets such as API keys and credentials are securely injected as environment variables during deployment, ensuring they are never stored in the codebase.
Key Features
- Automated multi-scanner pipeline — Conducts simultaneous analysis for secrets, vulnerability reports, egress rules, PII, and LLM code review with every push.
- Risk tiering — Automatically assesses and assigns risk tiers (low/medium/high/critical) to applications, influencing review prioritization.
- SLA enforcement — Flags overdue approvals and notifies escalators via email to maintain productivity.
- Encrypted secret injection — Utilizes AES-256 encryption for per-app secrets, injected securely at container startup.
- Audit log — Maintains a complete record of all actions (approvals, deployments, secret changes) along with the corresponding actor, IP address, and timestamp.
- Admin panel — Facilitates user management (create, disable, change roles), audit log viewing, and platform-wide metrics monitoring.
- Setup wizard — Streamlined configuration for first-time users, requiring no manual edits to configuration files.
- Secure by default — Implements JWT with refresh token rotation, limits rates on all endpoints, and includes robust security headers (CSP, HSTS, etc.) alongside non-root containers.
Tech Stack
| Layer | Technology |
|---|---|
| Backend API | FastAPI + SQLAlchemy 2.0 async + PostgreSQL 16 |
| Task Queue | Celery + Redis |
| Container Runtime | Docker SDK (Python) |
| LLM | Anthropic Claude API |
| Frontend | Next.js 16 (App Router) + Tailwind CSS |
| Auth | JWT (access + refresh) with Redis-backed JTI rotation |
Project Structure
backend/ FastAPI application, scanners, Celery workers, Alembic migrations
frontend/ Next.js web application
infra/ Docker Compose configuration
worker/ Celery task definitions (deploy, SLA checks)
User Roles
| Role | Can Do |
|---|---|
ic (individual contributor) | Submit apps, view own apps and scan results |
approver | Everything an IC can do, plus review and decide on pending approvals, view all deployments |
admin | Everything an approver can do, plus manage users, stop/start deployments, view audit logs |
New users are created by administrators; there is no public self-registration available.
No comments yet.
Sign in to be the first to comment.