Reference architecture
GatewayStack is the open-source reference implementation of the Agentic Control Plane pattern. It’s built as six composable npm modules — each handles one governance concern, and they compose into a full pipeline.
The pipeline
Every request passes through six layers in order. Each layer is optional — use one module or all six.
app / agent
chat UI, agent runtime, MCP client
→
identifiabl
who is calling?
→
transformabl
clean & classify
→
validatabl
is this allowed?
limitabl
within budget?
→
proxyabl
route & execute
→
explicabl
what happened?
→
your backend
APIs, databases, tools
Every request is identified, transformed, validated, constrained, routed, and audited.
Module breakdown
Each module ships as two npm packages: a -core package (framework-agnostic, pure functions) and an Express middleware wrapper.
| Module | npm | What it does |
|---|---|---|
| identifiabl | @gatewaystack/identifiabl | RS256 JWT verification and identity normalization. Validates tokens from any OIDC provider and maps them to a consistent user object on req.user. |
| transformabl | @gatewaystack/transformabl | PII detection, redaction, and content safety classification. Catches SSNs, emails, credit cards in prompts before they reach the model. |
| validatabl | @gatewaystack/validatabl | Deny-by-default policy engine. Define who can use which tools and models based on roles, scopes, or custom claims. |
| limitabl | @gatewaystack/limitabl | Per-user rate limits, budget tracking, and agent runaway detection. Pre-flight checks reject requests that would exceed spend limits. |
| proxyabl | @gatewaystack/proxyabl | Identity-aware routing to tool backends and LLM providers. SSRF protection, auth injection, and scope enforcement per outbound call. |
| explicabl | @gatewaystack/explicabl | Structured audit logging of every tool call, policy decision, and cost attribution. Health endpoints for monitoring. |
Supporting packages:
| Package | Purpose |
|---|---|
| request-context | AsyncLocalStorage-based request context propagation across the pipeline |
Architecture pattern
Each -core package exports pure functions with no framework dependency:
// identifiabl-core: verify a token
import { verifyToken } from "@gatewaystack/identifiabl-core";
const user = await verifyToken(token, { issuer, audience });
// validatabl-core: check a policy
import { checkPolicy } from "@gatewaystack/validatabl-core";
const allowed = checkPolicy(user, "tool:crm:read");
// limitabl-core: pre-flight budget check
import { checkBudget } from "@gatewaystack/limitabl-core";
const ok = await checkBudget(user.sub, { maxSpend: 500 });
The Express middleware packages wrap these into app.use() calls:
import express from "express";
import { identifiabl } from "@gatewaystack/identifiabl";
import { transformabl } from "@gatewaystack/transformabl";
import { validatabl } from "@gatewaystack/validatabl";
import { limitabl } from "@gatewaystack/limitabl";
import { createProxyablRouter } from "@gatewaystack/proxyabl";
import { explicablLoggingMiddleware } from "@gatewaystack/explicabl";
const app = express();
app.use(identifiabl({ issuer: process.env.OAUTH_ISSUER!, audience: process.env.OAUTH_AUDIENCE! }));
app.use("/tools", transformabl({ blockThreshold: 80 }));
app.use("/tools", validatabl({ requiredPermissions: ["tool:read"] }));
app.use("/tools", limitabl({ rateLimit: { windowMs: 60_000, maxRequests: 100 } }));
app.use("/tools", createProxyablRouter(configFromEnv(process.env)));
app.use(explicablLoggingMiddleware(createConsoleLogger()));
Agentic Control Plane Cloud
For teams that need the full stack out of the box, Agentic Control Plane Cloud is a managed multi-tenant MCP gateway with:
- Tenant isolation — each organization gets its own configuration, policies, and audit stream
- Dashboard — visual policy editor, usage monitoring, audit log viewer
- Built-in integrations — Auth0, Okta, Entra ID; Slack, GitHub, custom tool connectors
- MCP + Apps SDK — native protocol support for ChatGPT Actions and MCP tool calls
Connect runs on Cloud Run and uses the same open-source modules under the hood.
Repository layout
| Path | Description |
|---|---|
packages/ |
Six -core packages + six Express middleware wrappers + request-context |
apps/gateway-server |
Express reference server wiring all six layers |
apps/admin-ui |
Vite/React dashboard that polls /health |
demos/ |
MCP issuer + ChatGPT Apps SDK connectors |
tools/ |
Echo server, mock tool backend, Cloud Run deploy helper |
tests/ |
Vitest smoke tests (135 tests across 17 files) |
docs/ |
Auth0 walkthroughs, conformance output, endpoint references |
Get started
npm install @gatewaystack/identifiabl express
Start with identity — it’s the foundation. Then add layers as your governance requirements grow.