FAQ
The questions controllers, CFOs, and architects ask first.
Organized by topic. Every answer also surfaces in the page's FAQPage structured data — so AI Overviews, Perplexity, and ChatGPT browsing extract them cleanly.
About closegate
closegate is an open-source policy gate, audit log, and human-in-the-loop (HITL) approval framework for finance AI agents. It's the controls layer between an LLM (Claude, GPT-4, Gemini, etc.) and your accounting systems. Apache-2.0 licensed; ships as a Python library, an MCP server, and a Docker image.
closegate is a project by Neul Labs, a small applied-research outfit working on AI infrastructure for regulated industries. Solo-maintained today; a formal maintainer organization forms at v1.0. The roadmap, issues, and design-partner conversations are all public.
Alpha. The reconciliation reference workflow is end-to-end functional with 986 passing tests. The policy + money + calendar + FSM primitives ship as pip install closegate-policy. Pre-1.0 means 0.x.y minor releases may contain breaking changes — pin tight (closegate-policy==0.1.0) until 1.0.
Compliance + audit
closegate ships control mappings for SOX 404, SOC 2 Trust Services Criteria, NIST AI RMF Agentic Profile, PCAOB AS 1215, EU GDPR Article 22, and state sales-tax rounding rules — with file.py:line citations. Compliance is a property of your deployment (your policy.yaml, your IdP-bound actors, your retention policy). closegate ships the SOC 2 Type 2 nightly monitoring loop and an audit-evidence-export PBC bundle so your operating effectiveness is demonstrable.
Every state-changing decision writes an event to an append-only SQLite audit log with the verbatim policy clause text + a JSON-pointer to the rule. Run closegate-engine audit-evidence-export to produce a 7-file PBC bundle: audit sample, actor identity registry, dead-letter queue, policy version snapshots, eval run summaries, recovery-sweeper runs, and a README.
The audit narrative is the same as for any controls system: identity, segregation of duties, materiality, escalation, evidence. The difference is that closegate's chokepoint code is open — your auditor reads the same source-of-truth your engineers do. We've shipped a 60-minute control-testing script for external auditors at /for-auditors.
Architecture + LLM
closegate is LLM-agnostic. The MCP server speaks the open Model Context Protocol — any MCP-compliant client works (Claude Desktop, Cursor, OpenAI Apps SDK, Mastra, LangGraph). The bundled agent service uses the Claude Agent SDK by default but is swappable; pin your model via CLOSEGATE_AGENT_MODEL.
Yes — pip install closegate-policy gives you the policy gate as a pure function over duck-typed contexts. No MCP server, no Docker, no FastAPI. Wrap it around any LLM tool call. See the standalone snippet at /install.
Identity is bound to the MCP transport, not the tool arguments. Every call carries X-Actor-Id from the gateway (header-trust or OIDC). Tools never accept actor_id as a parameter. The gate's evaluate() function reads the actor from request context; there's no API surface for the LLM to override it. The gate denies same-actor proposal-and-confirm regardless of prompt or chat history.
Pilot + adoption
Typical shape: one workflow (close, recon, or AP), 6–12 weeks, against a snapshot of last quarter's GL data. We seed closegate from the snapshot, port your existing policy thresholds into policy.yaml, and run the deterministic eval harness before any LLM calls. Then you graduate to a parallel run on the next close. Full plan: /for-finance-teams.
closegate is open-source (Apache-2.0); the commercial vendors keep the policy gate closed as their compliance moat. closegate self-hosts on your own infrastructure, supports any LLM you want, and costs zero in licensing. Year-1 TCO is typically $28K vs $60K–$300K for commercial. Full 14-row comparison: /compare.
We have two design-partner slots open per quarter. The ask: one real workflow, your real policy.yaml shape, monthly 30-min call. What you get: direct line to the maintainer, co-design influence on the v1.0 surface, a reference implementation your auditor + CISO + architect can all read, zero seat licensing forever. DM at /contact.
Never via GitHub Issues. Email the maintainer per the channel in SECURITY.md in the repo. We aim for a 5-business-day initial response and coordinated disclosure with the reporter.
Inbound
Question that's not here?
Two design-partner slots open this quarter. Or just send the question — we'll add it to this page and DM the answer back.