Gateway architecture

Agent → Brew Gateway → MCP Provider.

/gateway is the future execution layer. It is intentionally documented and typed here, not fully implemented yet. It will enforce authentication, authorization, budgets, trust policies, audit logs, rate limits, provider routing, spend limits, and approval workflows.

interface GatewayRequest {
  agentId: string
  taskDescription: string
  providerSlug: string
  capabilitySlug: string
  estimatedCostUsd: number
  riskLevel: "low" | "medium" | "high" | "critical"
}

interface GatewayPolicy {
  maxDailyBudgetUsd: number
  requireVerifiedProviders: boolean
  allowHighRiskActions: boolean
  allowCriticalActions: boolean
  approvedProviders: string[]
  blockedProviders: string[]
}

interface GatewayDecision {
  allowed: boolean
  reason: string
  route?: ProviderRoute
}