GATE v1.3 ships today. The Governed Agent Trust Environment, which I published in April as a fully open framework for enterprise agent governance, has been extended with three new controls and a CLI conformance runner. The four-layer architecture is unchanged; v1.3 closes three assumptions that v1.2.8 left implicit.
The full v1.3 specification and changelog is available as a PDF. The framework lives at deterministicagents.ai with all components under open licences. For the architectural rationale behind GATE, “GATE: The Missing Infrastructure Layer for Agentic AI” remains the canonical introduction.
What v1.3 changes
The original specification defined 16 controls organised into four layers: Identity and Integrity, Runtime Enforcement, Observability and Forensics, and Orchestration and Ecosystem. v1.3 adds three controls and a conformance runner. Existing C01 through C16 implementations remain compatible.
C17 Agent Discovery and Shadow AI Detection sits in the Identity and Integrity layer. It closes a gap that v1.2.8 left implicit: the framework only governs agents it knows about. C17 continuously discovers agent-like behaviour across the governed environment and routes ungoverned workloads to enrolment or termination.
C18 Data Quality Gates sits at the memory retrieval boundary in the Runtime Enforcement layer. It enforces freshness, confidence, and provenance thresholds before retrieved content reaches the model. A well-governed agent can still produce wrong outputs from stale data; C18 is the last point in the control plane where minimum quality gates can be applied.
C19 Model Behaviour Monitoring completes the Observability and Forensics layer. It runs continuous statistical comparison of production behaviour against a signed baseline. This is distinct from C16 adversarial validation: C16 detects attacks, C19 detects gradual drift. A model can produce increasingly poor decisions without being attacked. C19 catches that.
Three assumptions v1.2.8 left implicit
The new controls exist because the original framework was built on three assumptions that most enterprise environments cannot safely make.
The first: the agent estate is closed. Every agent running in the environment is known, enrolled, and governed. In practice, engineers stand up agents for experimentation, vendors ship them inside SaaS products, and workload identities get reused for purposes their owners never anticipated. C17 addresses this directly.
The second: retrieved content is usable. A well-governed agent operating on stale or unverifiable data still passes every C01 through C16 control. The policy decision is correct given the input. The tool call is signed and audited. The replay is reproducible. But the input itself was already untrustworthy when the Memory Gateway returned it. C18 addresses this.
The third: the model is stable. An agent can produce increasingly poor decisions as the underlying model shifts (through a provider update under the same version identifier, a fine-tuning change, a tokenisation shift), and nothing in the control plane will catch it. C19 addresses this.
What is published in v1.3
The framework is available at deterministicagents.ai, with components across separate versioned repositories at github.com/deterministic-agents.
gate-contracts v1.1.0 contains the normative JSON Schema definitions for all control plane events, extended in v1.3 with schemas for the C17 discovery plane, C18 quality decisions, and C19 drift monitoring. All six new schemas and five extended schemas are in the v1.1.0 release.
gate-policies v1.1.0 contains the OPA/Rego baseline policy and invariant bundles, plus three new policy files for C17, C18, and C19. None of the new controls modify the existing tool gateway baseline; new controls get new files.
gate-python v1.1.0 is a Python reference implementation covering hashing, envelopes, ledger, replay, signing, and schema validation. Three new modules cover C17 discovery events, C18 quality gate decisions, and C19 drift scoring. scipy is optional for the drift scoring functions.
gate-conformance v1.2.0 contains 19 conformance checks, a fillable report template, BigQuery evidence correlation queries, nine Day-2 operational runbooks, and, as of v1.2.0, a CLI conformance runner that automates 9 of the 19 checks against a live evidence store.
If you are building agentic AI infrastructure, deploying agents in a regulated environment, or advising organisations on AI governance, I would welcome your feedback. The framework is designed to be implementable, not just readable. Issues and discussions are open on each repository.
Andrew Stevens is CTO and CISO at Sakura Sky. GATE is published at deterministicagents.ai. The strategic companion to this framework is the Trustworthy Agentic AI Blueprint, co-authored with Sakura Sky.