Give AI agents access without exposing client secrets.
Shellgate lets agencies connect agents to APIs, SSH servers, and email accounts using scoped tokens, approval gates, and audit logs. Agents can work across real client systems while credentials stay behind Shellgate.
100 agent actions/month. No credit card.
Find unpaid invoices in this client's mailbox and draft a follow-up.
Using Shellgate token sg_client_mail to access client-mail.
Draft ready. Shellgate requires approval before sending email to the client.
The agent works. The secrets stay put.
Shellgate sits between your AI agents and real client systems. Agents get scoped access, every action is logged, and risky operations pause for approval.
- check_circle Scoped tokens per client workspace
- check_circle API, SSH, and email targets
- check_circle Approval gates and audit logs
How it works
Add a target
Connect an API, SSH server, or email account to a client workspace.
Issue a scoped token
Give your agent access only to the targets and actions it needs.
Watch actions flow
Shellgate injects credentials, enforces approvals, and writes audit logs.
The Problem
Client agents need access. Client secrets should not live in your agent stack.
Credentials leak into workflows
Client API keys, mailbox passwords, and SSH access end up in env vars, browser sessions, prompts, and automation configs.
No clean audit trail
When a client asks what the agent did, logs are spread across tools or missing entirely.
Risky actions need approval
Sending email, deleting data, or running SSH commands should pause before execution.
The Solution
One controlled path from agents to client systems.
Credentials stay behind Shellgate
Store secrets once and give agents scoped Shellgate tokens instead of raw API keys, SSH keys, or mailbox passwords.
Every action is logged
API calls, SSH commands, and email operations flow through one audit trail that your team can review.
Works with your agent stack
Connect Claude Code, Codex, OpenClaw, or your own scripts through MCP or HTTP.
Human-in-the-Loop
Your agent asks.
You decide.
Some actions are too important to automate. Shellgate intercepts destructive commands before they execute — and hands control back to you.
- shield
Built-in protection
Dangerous commands are intercepted by default. No configuration needed to be safe from day one.
- back_hand
You stay in control
Approve or deny before anything touches your server. The agent waits. You decide.
- gpp_bad
Prompt injection defense
Even if your agent gets manipulated by a malicious prompt, Shellgate is the last line of defense.
Clean up old backups on the production server.
Running: rm -rf /var/backups/2024
The agent wants to execute a destructive command:
Start free. Upgrade when agents touch more client systems.
Every plan includes API, SSH, and email targets. Usage caps are on by default, so there are no surprise bills.
Free
For evaluation
- ✓ 100 agent actions/month
- ✓ 1 workspace
- ✓ 1 user
- ✓ 2 targets
- ✓ 7-day audit logs
Builder
For solo consultants
- ✓ 2,500 actions/month
- ✓ 3 workspaces
- ✓ 5 targets
- ✓ 30-day audit logs
- ✓ Basic approvals
Agency Starter
For small agencies
- ✓ 10,000 actions/month
- ✓ 10 client workspaces
- ✓ 3 users
- ✓ 25 targets
- ✓ 90-day audit logs
- ✓ Team roles
Agency Pro
For production workflows
- ✓ 50,000 actions/month
- ✓ 25 client workspaces
- ✓ 10 users
- ✓ 1-year audit logs
- ✓ Exports
- ✓ Slack support
Optional overage is off by default. Builder and Agency Starter can add extra actions at EUR 5 per 1,000 actions.
Self-serve onboarding
From signup to first audited agent action in 10 minutes.
Shellgate is built for product-led setup: connect a target, issue a token, run a test action, and see the audit trail without booking a call.
- 1 Create your workspace
- 2 Add a target or use the demo target
- 3 Create a scoped sg_ token
- 4 Connect Claude Code, Codex, OpenClaw, or HTTP
- 5 Run your first action
- 6 Review the audit log and approval gate
Need private deployment later?
Enterprise self-hosting will be available for teams that need data sovereignty, custom retention, or dedicated support.
Contact us