Back to blog
8 min readGateco Team

Three Ways to Resolve Metadata: Sidecar, Inline, and SQL Views

TechnicalIntegration

When Gateco evaluates a retrieval, it needs to know the classification, sensitivity, domain, and ownership of each result. This metadata determines which policies apply and whether the requesting principal is authorized. The question is: where does this metadata come from?

Sidecar mode (the default) stores metadata in Gateco's own registry. You bind metadata to resources via the API, CLI, or classification suggestion workflow. This is the simplest approach — no changes to your vector database, full control over the metadata. The tradeoff is that metadata lives at the resource level, not per-chunk, so you can reach L3 but not L4 readiness.

Inline mode extracts metadata directly from vector payloads. If your Pinecone vectors already have a "department" or "classification" field in their metadata, Gateco can use it. You configure a metadata_field_mapping that maps your payload keys to Gateco's schema (classification, sensitivity, domain, labels, owner_principal). Since each vector has its own metadata, inline mode can reach L4 readiness.

SQL view mode queries a Postgres view for metadata. This is available for Postgres-family connectors only (pgvector, Supabase, Neon). You create a view in your database that joins vector IDs to their classification metadata, then point Gateco at it. All identifiers are validated against a strict regex — no raw SQL is ever passed through configuration. SQL view mode can reach L4 if the view returns per-vector-id rows.

Auto mode tries all three in order: inline first (checking payload), then SQL view (if configured), then sidecar (always available). This is useful during migration — start with sidecar for quick setup, then gradually move to inline as you add metadata to your vector payloads.

The resolution mode is configured per connector, so you can use different strategies for different databases. All resolved metadata is normalized into a unified ResolvedPolicySubject model before policy evaluation, regardless of which resolution mode produced it.

Related reading

← Previous

From Zero to Secured Retrieval in 5 Minutes

Next →

Understanding Semantic Readiness: L0 Through L4 Explained

Ready to secure your AI retrieval?

Start with the free tier — 100 retrievals/month, no credit card required.

Get startedRead the docs