Roadmap

Define resource ownership, team membership, and project access via 1-hop relationship policies. Evaluated at retrieval time with a 60s result cache.

Create and revoke named API keys from the dashboard. Keys are bcrypt-hashed at rest; plaintext shown exactly once on creation.

Hybrid + keyword + vector retrieval from Google Discovery Engine data stores. Supports global and regional locations.

Ranked BM25 keyword and native RRF hybrid search from Azure AI Search indexes. Managed identity and API key auth.

FastMCP server with 6 tools: retrieve, ask (grounded answers), list connectors, list policies, list principals, resolve principal. Works with Claude, Cursor, and any MCP-compatible host.

Policy-aware answer synthesis — retrieves only policy-allowed chunks, feeds them to an LLM, returns an answer with citations. Three outcomes: answered, no_access, insufficient_context.

Audit underway. Target H2 2026. Enterprise customers can request current in-progress artifacts from enterprise@gateco.ai.

Run the Gateco policy engine inside your own VPC. Vector DB credentials never leave your network. Waitlist open now.

Enterprise customers can provide their own KMS key for encrypting connector credentials and sensitive fields.

Formal HIPAA Business Associate Agreement. Gateco's deny-by-default model and audit trails structurally support the minimum necessary standard today. BAA planned after SOC 2 completion.

Outbound webhooks on policy change, high-denial-rate alerts, and IDP sync failures. Configurable per-org with HMAC signing.

One-click export of Annex III evidence pack: policy version history, retrieval decision log, classification coverage report, and access revocation audit trail.

Complete Gateco stack deployable in your own infrastructure. No Gateco telemetry. Target Q3 2026 waitlist.

Open-source the gateco-sdk core under a permissive license. Server-side product stays closed; client SDK becomes community-owned.

Implement the OASIS AuthZEN interoperability standard so Gateco can interoperate with AuthZEN-compatible policy engines.

Declare policies as YAML files in a Git repo. Gateco watches the repo and applies changes on merge. Pairs with existing policy version history.

Allow teams using Cerbos PDP for application authorization to delegate retrieval-layer decisions to Gateco — shared principal context, no double sync.

Hosted EU data plane where policy evaluation, audit logs, and connector credentials all stay in the EU region for GDPR data residency without Private Data Plane deployment.