Give AI agents access without exposing client secrets.

Shellgate lets agencies connect agents to APIs, SSH servers, and email accounts using scoped tokens, approval gates, and audit logs. Agents can work across real client systems while credentials stay behind Shellgate.

Scoped agent tokens Approvals for risky actions Audit logs by default

100 agent actions/month. No credit card.

Agent Session
person

Find unpaid invoices in this client's mailbox and draft a follow-up.

smart_toy

Using Shellgate token sg_client_mail to access client-mail.

Searched mailbox for unpaid invoices check_circle
Read 3 matching email threads check_circle
Drafting a follow-up for approval... refresh

Draft ready. Shellgate requires approval before sending email to the client.

visibility Live Shellgate Audit Stream
[2026-06-13 10:18:01] AUTHORIZED - ag_04 called mail_search on client-mail
[2026-06-13 10:18:04] AUTHORIZED - ag_04 called mail_read for UID 1044
[2026-06-13 10:18:08] AUTHORIZED - ag_04 created mail_draft for finance@example.com
[2026-06-13 10:18:12] APPROVAL_REQUIRED — ag_04 wants to call mail_send

The agent works. The secrets stay put.

Shellgate sits between your AI agents and real client systems. Agents get scoped access, every action is logged, and risky operations pause for approval.

  • check_circle Scoped tokens per client workspace
  • check_circle API, SSH, and email targets
  • check_circle Approval gates and audit logs

How it works

1

Add a target

Connect an API, SSH server, or email account to a client workspace.

database
2

Issue a scoped token

Give your agent access only to the targets and actions it needs.

key
3

Watch actions flow

Shellgate injects credentials, enforces approvals, and writes audit logs.

bolt

The Problem

Client agents need access. Client secrets should not live in your agent stack.

key_off

Credentials leak into workflows

Client API keys, mailbox passwords, and SSH access end up in env vars, browser sessions, prompts, and automation configs.

visibility_off

No clean audit trail

When a client asks what the agent did, logs are spread across tools or missing entirely.

front_hand

Risky actions need approval

Sending email, deleting data, or running SSH commands should pause before execution.

The Solution

One controlled path from agents to client systems.

hub

Credentials stay behind Shellgate

Store secrets once and give agents scoped Shellgate tokens instead of raw API keys, SSH keys, or mailbox passwords.

history_edu

Every action is logged

API calls, SSH commands, and email operations flow through one audit trail that your team can review.

all_inclusive

Works with your agent stack

Connect Claude Code, Codex, OpenClaw, or your own scripts through MCP or HTTP.

Human-in-the-Loop

Your agent asks.
You decide.

Some actions are too important to automate. Shellgate intercepts destructive commands before they execute — and hands control back to you.

  • shield

    Built-in protection

    Dangerous commands are intercepted by default. No configuration needed to be safe from day one.

  • back_hand

    You stay in control

    Approve or deny before anything touches your server. The agent waits. You decide.

  • gpp_bad

    Prompt injection defense

    Even if your agent gets manipulated by a malicious prompt, Shellgate is the last line of defense.

Agent Session
person

Clean up old backups on the production server.

smart_toy

Running: rm -rf /var/backups/2024

security
warning Shellgate — Approval Required

The agent wants to execute a destructive command:

rm -rf /var/backups/2024
visibility Shellgate Audit Stream
[14:31:02] AUTHORIZED — ag_07 executed `git pull origin main`
[14:31:08] AUTHORIZED — ag_07 executed `docker compose up -d`
[14:31:14] APPROVAL_REQUIRED — ag_07 wants to run `rm -rf /var/backups/2024` — waiting for operator
[14:31:14] waiting...

Start free. Upgrade when agents touch more client systems.

Every plan includes API, SSH, and email targets. Usage caps are on by default, so there are no surprise bills.

Free

For evaluation

EUR 0
  • 100 agent actions/month
  • 1 workspace
  • 1 user
  • 2 targets
  • 7-day audit logs
Start free

Builder

For solo consultants

EUR 19 /month
  • 2,500 actions/month
  • 3 workspaces
  • 5 targets
  • 30-day audit logs
  • Basic approvals
Start building
Recommended

Agency Starter

For small agencies

EUR 79 /month
  • 10,000 actions/month
  • 10 client workspaces
  • 3 users
  • 25 targets
  • 90-day audit logs
  • Team roles
Start free

Agency Pro

For production workflows

EUR 249 /month
  • 50,000 actions/month
  • 25 client workspaces
  • 10 users
  • 1-year audit logs
  • Exports
  • Slack support
Start free

Optional overage is off by default. Builder and Agency Starter can add extra actions at EUR 5 per 1,000 actions.

Self-serve onboarding

From signup to first audited agent action in 10 minutes.

Shellgate is built for product-led setup: connect a target, issue a token, run a test action, and see the audit trail without booking a call.

  1. 1 Create your workspace
  2. 2 Add a target or use the demo target
  3. 3 Create a scoped sg_ token
  4. 4 Connect Claude Code, Codex, OpenClaw, or HTTP
  5. 5 Run your first action
  6. 6 Review the audit log and approval gate

Need private deployment later?

Enterprise self-hosting will be available for teams that need data sovereignty, custom retention, or dedicated support.

Contact us