AWS-native architecture
Built to connect inside your AWS account.
AgentGateX reads what it needs, visualizes the path from source to runtime enforcement, and streams evidence to the tools your security team already trusts.
0 write perms
read-only AWS discovery
5 flows
repo → IAM → scan → gateway → audit
SARIF
portable evidence output
Live AWS connection map
GitHub App scans repos & workflows
A least-privilege GitHub App inspects agent skills and CI workflows without holding write access.
AWS read-only IAM role
AgentGateX assumes a read-only role to map agent permissions — it never mutates your account.
Runtime gateway on ECS / Lambda / API Gateway
Deploy the enforcement layer where your agents run, with fast policy decisions on every tool call.
Audit logs to S3 / CloudWatch / SIEM
Every decision is logged and exportable to your existing security tooling.
Optional Amazon Bedrock integration
Use Bedrock to explain risks and draft remediations in plain language.