Zing Forum

Reading

Semantic GPS: Control Plane and Governance Gateway for MCP Agent Workflows

Semantic GPS is an award-winning project from Anthropic's hackathon, providing an enterprise-grade control plane for MCP (Model Context Protocol) agent workflows. It enables typed workflow discovery, real-time policy enforcement, and audit tracking through a single gateway, supporting policy governance for 12 tools including Salesforce, Slack, and GitHub.

Semantic GPSMCP智能体Agent控制平面策略执行审计SagaTRelClaude
Published 2026-04-25 19:15Recent activity 2026-04-25 19:19Estimated read 6 min
Semantic GPS: Control Plane and Governance Gateway for MCP Agent Workflows
1

Section 01

Semantic GPS: Introduction to the Enterprise Control Plane and Governance Gateway for MCP Agent Workflows

Semantic GPS is an award-winning project from Anthropic's 2026 "Keep Thinking" hackathon, providing an enterprise-grade control plane for MCP (Model Context Protocol) agent workflows. It enables typed workflow discovery, real-time policy enforcement, and comprehensive audit tracking through a single gateway, supporting policy governance for 12 tools including Salesforce, Slack, and GitHub. It addresses governance challenges such as compliance, data security, and unauthorized operations when enterprises deploy AI agents.

2

Section 02

Project Background and Origin

Semantic GPS was born at Anthropic's "Keep Thinking" hackathon in April 2026. It took 5 days to develop from concept to a production-grade prototype, built by developer mboss37 using Claude Opus4.7's million-context capability. Its core positioning is to solve enterprise AI agent governance pain points: when multiple agents access sensitive systems, how to ensure their behaviors comply with organizational policies, prevent data leaks, and avoid unauthorized operations?

3

Section 03

Architecture Design and Core Extensions

It adopts a control plane/data plane separation architecture: the control plane is responsible for policy orchestration, workflow management, and audit logging; the data plane handles tool call execution, supports deployment in environments like Cloudflare Workers and Kubernetes Sidecar, and tool calls do not leave the customer's network. It extends the TRel (Typed Relationships) method (e.g., discover_relationships, find_workflow_path) to enhance semantic workflow capabilities; implements the Saga pattern to ensure eventual consistency of distributed transactions through rollback mapping.

4

Section 04

Fine-Grained Governance Capabilities and Policy System

A three-tier scope gateway provides fine-grained access control: organizational level (default policy), domain level (business domain policy), and server level (fine-grained control), all supporting Bearer Token authentication. Built-in 12 policies cover 7 major governance dimensions: time and state gating (business_hours, write_freeze), rate limiting, identity authentication, data residency (IP whitelist, geofencing), data hygiene (PII desensitization, injection protection), circuit breaking and switches (kill_switch, idempotency). Policies support shadow (audit-only) and enforce (mandatory execution) modes.

5

Section 05

Integration Demos and Effect Verification

It provides 3 real MCP integration examples: Salesforce (OAuth client credential flow, supporting operations like Lead/Contact), Slack (Bot API for message/user/channel management), GitHub (PAT for Issue/PR management), totaling 12 tools. The built-in Playground supports A/B testing: using the same prompts and models, compare the behaviors of the original MCP endpoint and the controlled gateway endpoint to evaluate policy impacts.

6

Section 06

Tech Stack and Security/Privacy Guarantees

Tech Stack: Frontend Next.js14 + TypeScript + Tailwind CSS; Backend Next.js API Routes + tRPC; Database PostgreSQL (Supabase); Authentication Supabase Auth; AI Models Claude Opus4.7 (evaluation) and Sonnet4.6 (Playground default). Security Measures: SSRF protection (safeFetch), AES-256-GCM credential encryption, fail-closed policy engine, traceId full-link audit.

7

Section 07

Future Vision and Summary

Future Vision: To become a protocol-agnostic agent governance platform (supporting MCP and A2A protocols) and build a semantic layer (decoupling business semantics from technical details). Summary: Semantic GPS provides an architectural reference and implementation example for enterprise AI agent governance, is open-source under the MIT license, and is an important case for developers and technical decision-makers to study agent governance best practices.