When in doubt, deny.
Gateco denies retrieval requests whenever a policy evaluation cannot complete — a timeout, a misconfigured condition, a missing dependency. The decision is logged. No silent allows, no ambiguous outcomes.
Fail-closed is the default for all plans. Fail-open (open_with_audit) is an Enterprise option available via support request.
What fail-closed means
Every retrieval request goes through policy evaluation. If evaluation encounters an error it cannot resolve, the request is denied. The audit trail records the event as retrieval_denied with decision=error_deny and an error_detail field describing the failure. No data is returned to the requester.
This behavior applies to the retrieval endpoint, the Access Simulator, and Grounded Answers. The MCP server propagates the deny as a tool response explaining that access was unavailable — denied content is never included in MCP output.
Common error-deny scenarios
Metadata resolution failure: the metadata resolution mode is set to sql_view but the view does not exist, or inline mode is configured but metadata_field_mapping is missing. Gateco cannot evaluate classification-based conditions without metadata, so it denies.
IDP sync gap: a policy condition references principal.attributes.department but the principal was synced before the department attribute was added to the IDP adapter. The condition evaluates to missing, not false — and Gateco denies rather than allowing by default.
Connector error: the vector database returns an error or timeout during retrieval. Gateco cannot retrieve or evaluate results, so it denies.
Monitoring error-deny events
Filter the audit log for retrieval_denied events where failure_mode=closed. A pattern of the same error across multiple requests usually indicates a configuration issue rather than an access control enforcement — worth investigating immediately. The dashboard policy coverage sparkline drops when error-deny events are high.
Fail-open (open_with_audit) is available for Enterprise organizations where availability requirements outweigh the risk of a momentary false allow. In fail-open mode, evaluation errors result in an allow — but the event is logged with failure_mode=open_with_audit, maintaining full auditability. Request it via the contact page.
Frequently asked questions
Does fail-closed apply to the Access Simulator?
Yes. The Simulator uses the same policy evaluation path as production retrievals. If the evaluation errors, the Simulator returns a denied result with the error detail — which is useful for diagnosing configuration issues before they affect production.
How is this different from a policy deny?
A policy deny is a clean evaluation outcome: the principal lacks the required role, the resource classification exceeds their clearance, or a deny policy matches. An error_deny is when evaluation cannot complete. Both appear as retrieval_denied in the audit log, distinguished by the failure_mode field.
Is fail-closed required for EU AI Act compliance?
Article 15 requires that high-risk AI systems operate robustly under degraded conditions. Fail-closed is the technical implementation of that requirement at the retrieval layer — access is denied and logged when the system cannot make a reliable policy decision.