FX rates and intercompany matching for multi-entity AI agents
Multi-entity teams need defensible FX rates per transaction date and reliable intercompany clearing across entities. The Protocol+registry adapter pattern that handles both.
Read articlev0.1.0 · Apache-2.0
The open-source policy gate for finance AI agents.
SOX-grade segregation of duties, materiality routing, and tamper-evident audit logging — drop it in front of Claude, GPT-4, or Gemini before your AI agent touches the general ledger.
- 986 passing tests
- 19 MCP tools
- 11 jurisdictions
- Apache-2.0
The four pieces
Open-source primitives the closed vendors keep behind a moat.
closegate doesn't replace your finance stack — it makes the controls layer that goes between your LLM and your general ledger open, auditable, and reproducible.
- T1
Policy gate
Every state-changing tool call passes through one chokepoint. Tier-routes by reversibility (T0 read-only · T1 reversible · T2 reversible above-materiality requires HITL · T3 irreversible requires dual-HITL).
More on policy gate - T0
Audit log
Append-only SQLite table with BEFORE UPDATE and BEFORE DELETE triggers. Every gate decision records the verbatim policy rule + a JSON-pointer to your policy.yaml.
More on audit log - T2
HITL approval envelopes
LLM proposes, human confirms via a different actor identity. SoD enforced server-side. Block Kit (Slack) + Adaptive Card (Teams) approval bots with deeplink-back.
More on hitl approval envelopes - T3
Eval harness
Four dimensions: matching accuracy, policy enforcement, adversarial robustness, latency. Continuous evaluation as a SOC 2 monitoring control — reproducible from the CLI.
More on eval harness
The gap
Gartner told CFOs to stop mistaking AI deployment for value creation. The audit committee is the reason.
67% of US CFOs say agentic AI workflow automation is their #1 finance-tech priority for 2026. Every funded vendor in close + reconciliation + AP (BlackLine, FloQast, Numeric, Vic.ai, Ramp, Brex, AppZen, Tabs, Tesorio, Trullion) shipped "agentic" products in 2025–2026. And every one of them keeps the policy gate — the part that enforces SoD, materiality, HITL, and tamper-evident audit logging — closed-source.
The result is a stalled pilot. The agent can match 95% of GL/SL pairs in seconds. Internal audit asks one question — "who confirmed the $40K above-materiality match at 11pm on a Friday?" — and three months disappear into a vendor support ticket.
closegate ships the chokepoint open. Every state-changing tool
call routes through one transactional gate. Every blocked event carries the
verbatim policy clause text and a JSON-pointer to your policy.yaml.
Your external auditor quotes it verbatim. You keep moving.
T0 Read-only · auto T1 Reversible · auto + audit T2 HITL required T3 Dual HITL · irreversible
Comparison
The part the closed-source vendors keep behind a moat.
| Capability | closegate (OSS) | BlackLine · FloQast · Numeric · Trullion | Ramp · Brex · Vic.ai · AppZen |
|---|---|---|---|
| Open-source policy gate (readable + auditable chokepoint code) | ✓ Apache-2.0 | closed | closed |
| Per-agent identity + SoD enforced server-side (not at the prompt) | ✓ X-Actor-Id | proprietary | proprietary |
| Materiality + NIST AI RMF tier routing (T0/T1/T2/T3) | ✓ executable policy.yaml | partial | partial |
| Append-only SQLite audit log with DB-layer triggers | ✓ open SQL schema | vendor-controlled | vendor-controlled |
| Verbatim policy clause text + JSON-pointer on every blocked event | ✓ ✓ | varies | varies |
| Dual-HITL on irreversible (T3) actions like payment-run submission | ✓ ✓ | varies | varies |
| Self-host on your own infra (Docker / Kubernetes / fly.io) | ✓ ✓ | SaaS-only | SaaS-only |
| Drop-in MCP server (Claude Desktop · Cursor · OpenAI Apps SDK) | ✓ ✓ | no | no |
| Bring-your-own LLM (Claude · GPT-4 · Gemini · open-weight) | ✓ ✓ | no | no |
| Per-IdP SSO (Entra ID · Okta · Workspace · SAML · Cloudflare) | ✓ OIDC + proxy | varies | varies |
| Eval harness (matching · policy · adversarial · latency) | ✓ 4 dims, reproducible | no | no |
| Cost | ✓ Free (self-hosted compute only) | $50K–$500K/yr | $20K–$200K/yr |
From the blog
Long-form on policy gates, agentic finance, and the audit.
-
-
The 2:14am page: a controller's AI-pilot story
A real (anonymized) story of an AI agent that auto-confirmed an $87K vendor invoice after a vendor bank-change request. What the controller did on Sunday, and what the audit-committee memo said.
Read article -
SOC 2 Type 2 monitoring for AI agents in production
SOC 2 Type 2 requires ongoing operating-effectiveness evidence (CC4.2). Here's how to get AI-agent monitoring evidence on autopilot — reproducible JSON, 365-day CI retention.
Read article
Frequently asked
Quick answers for the audit committee
Every question here also surfaces in the page's FAQ structured data — so AI Overviews, Perplexity, and ChatGPT browsing extract the answers cleanly. The non-JS fallback is below for screen readers and crawlers.
closegate is an open-source policy gate, audit log, and human-in-the-loop (HITL) approval framework for finance AI agents. It enforces segregation of duties (SoD), materiality thresholds, sensitive-account routing, and a tamper-evident audit log — shipping as a Python library, an MCP server, and a Docker image.
closegate is open source (Apache-2.0) — every line of the policy chokepoint, audit log, and HITL routing code is readable, forkable, and auditable. The commercial vendors keep the policy gate closed as their compliance moat. closegate also self-hosts on your own infrastructure, supports any LLM you want (Claude, GPT-4, Gemini, open-weight), and costs zero in licensing.
closegate ships control mappings for SOX 404, SOC 2 Trust Services Criteria, NIST AI RMF Agentic Profile, PCAOB AS 1215, EU GDPR Article 22, and state sales-tax rounding rules — with file.py:line citations. Compliance is a property of your deployment; closegate ships the SOC 2 Type 2 nightly monitoring loop and an audit-evidence-export PBC bundle so your operating effectiveness is demonstrable.
closegate is LLM-agnostic. The MCP server speaks the open Model Context Protocol — any MCP-compliant client works (Claude Desktop, Cursor, OpenAI Apps SDK, Mastra, LangGraph). The bundled agent service uses the Claude Agent SDK by default but is swappable; pin your model via CLOSEGATE_AGENT_MODEL.
Yes — pip install closegate-policy gives you the policy gate as a pure function over duck-typed contexts. No MCP server, no Docker, no FastAPI. Wrap it around any LLM tool call. See the standalone snippet in the install guide.
Inbound
We're booking 2 design-partner slots this quarter.
One real workflow (close, recon, or AP). Your real policy.yaml shape. Monthly 30-min call. Direct line to the maintainer. Apache-2.0, self-hosted, no seat licensing — forever. FCFS.