Jeff Otterson just dropped agent-gate, an MCP server that forces AI agents to actually verify their work before they claim "done." Instead of letting models self-certify completion, this tool makes agents pass explicit gates backed by tamper-evident receipts. The philosophy is straightforward: agents that grade their own homework ship low-quality output, so why not enforce discipline at the data structure level?
The Self-Grading Problem in Agent Systems
The expensive failures in agent deployments are the silent ones. A model update quietly degrades quality. A change breaks a workflow without anyone noticing. An agent declares success while the actual work is wrong. Otterson calls this Fleet Mode doctrine: agents draft, humans approveβand everything gets recorded. The fix isn't waiting for smarter models; it's building gates that agents literally cannot talk their way past.
Fail-Closed Design
The core principle here is fail-closed evaluation. A check only counts as satisfied if it's explicitly trueβmissing proof is not proof. This mirrors a promotion gate, not an informal review. The default "ship" gate requires five conditions: deterministic_checks_pass, independent_refute_review, no_secrets, human_gated_if_irreversible, and honest_receipt_logged. If even one of these fails, the agent gets blocked with a specific list of what's missing.
MCP Tools and How to Wire It In
The server exposes four tools over MCP: gate_checklist() returns what the agent must satisfy, verify_gate() evaluates evidence fail-closed and returns passed/blocking status, record_receipt() appends a hash-chained receipt, and read_receipts() returns every receipt plus chain integrity status. Installation is simple via pip install mcp-agent-gate, then add it to your Claude Desktop or Claude Code config pointing to python -m agent_gate.server.
Tamper-Evident Receipt Ledger
Every decision gets recorded as (decision, metric, value, verdict) linked into a sha256 hash chain stored in ~/.agent-gate/receipts.jsonl. Edit or delete any past receipt and verify_chain() returns false. The honest log is enforced by cryptography, not good intentions. This means you can actually audit what your agent decided at each stepβand prove nobody tampered with the record later.
Stdlib Core, Minimal Dependencies
The core modules (agent_gate/gate.py and agent_gate/ledger.py) are pure Python stdlib: no external dependencies to audit, just fast code that's easy to read and trust. The only runtime dependency is mcp itself for the server adapter layer. Tests pass on Python 3.11 through 3.13, and the MCP tools are tested by actually calling them, not just importing.
Key Takeaways
- Fail-closed gates prevent agents from skipping verification steps
- Hash-chained receipts create auditable, tamper-evident logs of every decision
- Human approval is required by default for irreversible or outward actions
- Pure stdlib core means zero supply chain risk in the critical path
- Works as an MCP server (Claude Desktop/Code compatible) or direct Python import
The Bottom Line
This is exactly the kind of boring-but-critical infrastructure that separates toy agents from production systems. Most teams building AI workflows are still flying blind on what their agents actually decided and why. agent-gate makes accountability structural rather than aspirationalβand that's how it should be when you're handing off real work.