If you’re running Rails apps in production, you probably have a pretty good sense of what’s happening inside them. You’ve got your logs, your dashboards, maybe a Slack alert that fires when something breaks at 2am. But what if your AI agent could just ask your app how things are going? That’s the idea behind Agent Gateway, a small Rails engine gem that gives AI agents structured, read-only access to the data you choose to expose.
Agent Gateway mounts into any Rails app and serves a single JSON endpoint behind two layers of authentication. The first layer is a secret UUID baked into the URL path itself, which means the endpoint returns a plain 404 to anyone who doesn’t already know where to find it. Scanners and bots see nothing interesting, because as far as they can tell, nothing is there. The second layer is a standard bearer token. You configure both via environment variables and move on with your life. On the data side, you declare exactly which models and attributes to expose through a simple DSL in an initializer. Nothing is shared by default. You allowlist every model, every field, and every aggregation. If you want to expose a count of new users and the last five orders with only their ID, total, and status, that’s exactly what comes back and nothing more.
The real power shows up when you install the gem across multiple Rails apps. Each one gets its own app_name in the config, so a single AI agent can pull briefings from your main SaaS product, your admin portal, and your internal tools without mixing up the data. The endpoint accepts optional parameters to override the default lookback window or filter to specific resources, so the same tool definition on the agent side can ask for yesterday’s numbers in a morning cron job and then pivot to a 30-day view when you ask a follow-up question. The response format is consistent across every app that runs the gem, which means you write one tool and it works everywhere.
I built this specifically to work with OpenClaw, a Docker-based AI gateway that supports scheduled tasks and custom tool definitions. OpenClaw can hit Agent Gateway endpoints on a cron schedule, pull the JSON, and synthesize a morning briefing across all your apps without you lifting a finger. But the gem itself is deliberately agent-agnostic. Any AI system that can make an HTTP request and parse JSON will work, whether that’s an MCP server, a custom Claude integration, or something you stitched together with curl and a prayer. The gem doesn’t care who’s asking as long as they have the right UUID and the right token.
If you’ve ever wanted to ask your AI assistant “how many users signed up this week across all my projects” and get an actual answer pulled from real production data, that’s what this does. No dashboards to check, no SQL to write, no Metabase tabs to keep open. Just a gem, a config block, and an agent that knows where to look.