> ## Documentation Index
> Fetch the complete documentation index at: https://docs.golf.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Govern how AI tools connect to your systems

Your engineers are using Claude, Cursor, ChatGPT, and Copilot. Each tool connects to GitHub, Slack, and your internal systems. **You have zero visibility into what's connected to what.**

Your security team can't answer basic questions:

* Which AI tools are connected to our GitHub?
* Who approved those connections?
* What data flowed through them last month?
* Is PII being sent to model providers?

Each AI tool maintains its own integration settings. Five tools means five separate control points, five places to audit, five different permission models. **The control plane is fragmented.**

## The Governance Gap

Whether you've blocked AI tools entirely or approved them across teams, you're facing the same problem:

<Tabs>
  <Tab title="Blocked Everything">
    Security said no. Too much risk, no visibility, no way to control what connects to what.

    **The problem**: Your employees are using these tools anyway—on personal devices, personal accounts, outside your network. You don't see it, you can't audit it, and you have zero control over what data flows through. The block didn't reduce risk—it just eliminated your visibility.

    Meanwhile, your competitors are shipping faster.
  </Tab>

  <Tab title="Approved AI Tools">
    You said yes to Claude, Cursor, Copilot, ChatGPT, or others. Maybe through official procurement, maybe through a team-level decision, maybe it just happened.

    **The problem**: These tools are now connecting to your systems—GitHub, Slack, Jira, internal APIs. Each one is a separate authentication flow, separate permissions model, separate audit trail (if there's an audit trail at all).

    You enabled AI. You're also flying blind.
  </Tab>
</Tabs>

Both paths lead to the same place: **you need a governance layer**.

## What's At Risk

These aren't theoretical risks. They're patterns we see repeatedly across enterprises adopting AI tools.

<Accordion title="Shadow Integrations">
  Without clear policies, employees connect whatever they find. Someone configures their AI tool to connect to Salesforce. They set it up. It works. They tell their team.

  Now six people are using an integration that security has never reviewed, IT doesn't know exists, and nobody is monitoring. This is shadow IT, but faster—an employee can connect an AI tool to sensitive systems in five minutes. No ticket, no approval, no audit trail.

  **How Golf helps**: All connections route through the gateway. You see every integration, every user, every request.
</Accordion>

<Accordion title="Unvetted Integrations">
  An engineer wants to connect their coding assistant to a tool. They find a third-party integration—maybe it has a few hundred stars on GitHub. They download it and run it locally.

  No security review. No code audit. No verification this is an official integration. And because it's running locally, there's no authentication layer, no access controls, no audit logs. Whoever runs it gets full access to whatever it connects to.

  **How Golf helps**: Classify and approve integrations. Only approved integrations route through your gateway.
</Accordion>

<Accordion title="Supply Chain Risks">
  You approve an integration today. It looks fine.

  Next week, the maintainer pushes an update. New capabilities added. Behavior changed. Maybe intentionally malicious, maybe just careless. Your AI tools are now running different code than what you reviewed.

  There's no versioning enforcement. No change detection. No alert when an integration you depend on modifies its capabilities.

  **How Golf helps**: Capability versioning detects when integrations change. New capabilities require re-approval.
</Accordion>

<Accordion title="PII Leakage">
  When someone asks Cursor to "summarize this customer file," that data goes to model providers. No inspection, no DLP.

  If that file contains social security numbers, credit card data, or health records—it's now sitting on a third-party server. For fintechs, healthcare companies, and any regulated industry, this can be a compliance violation.

  **How Golf helps**: PII scrubbing detects and masks sensitive data before it reaches model providers.
</Accordion>

<Accordion title="No Audit Trail">
  When an incident happens, you need to answer: What data was accessed? Which systems were queried? Who initiated the request? What was returned?

  With fragmented AI tool integrations, you can't answer any of this. There are no logs. There's no central record of what data flowed through which tool to which system.

  When auditors ask how you govern AI access to sensitive systems, "we don't track that" is not an acceptable answer.

  **How Golf helps**: Every request logged with cryptographic integrity. Who, what, when, where—all searchable. SIEM-ready (Splunk, Datadog, Sentinel).
</Accordion>

<Accordion title="Prompt Injection">
  AI tools read content from your systems and have access to sensitive data. Attackers can craft malicious content—in GitHub issues, Slack messages, or documents—that hijacks the AI tool when it reads that content, causing it to leak data or take unauthorized actions.

  In May 2025, security researchers demonstrated this exact attack against popular AI tool integrations with GitHub.

  **How Golf helps**: AI-powered prompt injection detection analyzes every message in real-time.
</Accordion>

## What is Golf?

Golf is the single governance layer for all AI tool integrations. It deploys in your environment and sits between your AI tools and your systems—one control point for authentication, permissions, data inspection, and audit logging, regardless of which AI tool an employee uses.

<Frame>
  <img src="https://mintcdn.com/authed/6poinvANZd41oWSN/images/golf-overview.png?fit=max&auto=format&n=6poinvANZd41oWSN&q=85&s=f60c4ea85dad3600402fb44ddffb8c80" alt="Golf Platform connecting AI Agent Ecosystem to MCP Server Ecosystem" width="5333" height="3000" data-path="images/golf-overview.png" />
</Frame>

<CardGroup cols={2}>
  <Card title="Centralized Inventory" icon="list-check">
    See every AI tool and every integration across your org
  </Card>

  <Card title="Access Control" icon="shield-halved">
    Role-based permissions via your existing IAM. Least privilege by default.
  </Card>

  <Card title="Data Protection" icon="eye-slash">
    Detect and redact PII before it reaches model providers
  </Card>

  <Card title="Complete Audit Trail" icon="scroll">
    Every request logged. SIEM-ready (Splunk, Datadog, Sentinel).
  </Card>
</CardGroup>

## System Architecture

Golf provides centralized governance for AI tools connecting to enterprise systems. The architecture has three main layers:

### Platform Overview

<Frame>
  <img src="https://mintcdn.com/authed/6poinvANZd41oWSN/images/golf-diagram.png?fit=max&auto=format&n=6poinvANZd41oWSN&q=85&s=41ff9d9472597e75fccca91212393588" alt="Golf Gateway architecture: AI Tools connect through Golf Gateway to Integrations, with Control Plane managing configuration and Your IDP/SIEM for auth and logging" width="3351" height="1804" data-path="images/golf-diagram.png" />
</Frame>

### Component Responsibilities

| Component             | Location                  | Responsibilities                                                    |
| --------------------- | ------------------------- | ------------------------------------------------------------------- |
| **Control Plane**     | Golf Cloud or Self-Hosted | Policy management, integration registration, monitoring, Dev Portal |
| **Gateway Runtime**   | Your Infrastructure       | Security pipeline, audit logging, credential injection              |
| **Identity Provider** | Your IdP                  | User authentication, SSO, group membership                          |
| **AI Tools**          | Developer Workstations    | Claude Desktop, Cursor, Copilot, ChatGPT                            |
| **Integrations**      | Your Network or SaaS      | GitHub, Slack, Jira, internal tools                                 |

### Deployment Options

<Tabs>
  <Tab title="Golf Cloud">
    **Control Plane hosted by Golf.** Zero infrastructure management. Live in under a week.

    <Frame>
      <img src="https://mintcdn.com/authed/6poinvANZd41oWSN/images/deploy-golf-cloud.png?fit=max&auto=format&n=6poinvANZd41oWSN&q=85&s=49ad99a7701d25d59f71cfc5522b1eac" alt="Golf Cloud deployment: Gateway in your VPC connects to Golf Cloud control plane" width="2197" height="1290" data-path="images/deploy-golf-cloud.png" />
    </Frame>

    * Gateway connects to `api.golf.dev`
    * Configuration managed via Admin Portal
    * Audit logs exportable to your SIEM
    * Your data never leaves your infrastructure
  </Tab>

  <Tab title="Self-Hosted">
    **Full on-premises deployment.** Complete data residency control.

    <Frame>
      <img src="https://mintcdn.com/authed/6poinvANZd41oWSN/images/deploy-self-hosted.png?fit=max&auto=format&n=6poinvANZd41oWSN&q=85&s=80c38328ea8c5ad2ac22c90043aa940a" alt="Self-hosted deployment: Gateway and Control Plane both in your VPC with PostgreSQL" width="2519" height="1481" data-path="images/deploy-self-hosted.png" />
    </Frame>

    * PostgreSQL + Redis required
    * Kubernetes deployment via Helm
    * See [Deploy Self-Hosted](/gateway/guides/getting-started/deploy-control-plane) for setup
  </Tab>
</Tabs>

## I Am A...

Find your starting point based on your role.

<Tabs>
  <Tab title="New User">
    **Goal**: Understand what Golf is and try it out

    <CardGroup cols={2}>
      <Card title="Golf Gateway" icon="book" href="/gateway/overview/golf-gateway">
        Understand the value proposition and capabilities
      </Card>

      <Card title="Quick Start" icon="rocket" href="/gateway/overview/quickstart">
        Deploy your first gateway in 20 minutes
      </Card>
    </CardGroup>
  </Tab>

  <Tab title="Developer">
    **Goal**: Connect AI tools to integrations through Golf

    You're using AI tools like Claude, Cursor, or Copilot and need to connect them to your organization's systems through Golf Gateway.

    <CardGroup cols={1}>
      <Card title="Dev Portal" icon="plug" href="/gateway/overview/control-plane#for-developers-dev-portal">
        Discover available integrations and get connection instructions
      </Card>
    </CardGroup>
  </Tab>

  <Tab title="Security Admin">
    **Goal**: Configure policies and ensure compliance

    You're responsible for governing AI tool integrations, managing access control, and ensuring compliance.

    <CardGroup cols={2}>
      <Card title="Admin Portal" icon="shield-halved" href="/gateway/overview/control-plane#for-administrators-admin-portal">
        Manage integrations, policies, and view security incidents
      </Card>

      <Card title="Configure SSO" icon="id-card" href="/gateway/guides/identity-providers/sso-connections">
        Set up identity provider integration
      </Card>

      <Card title="Integration RBAC" icon="users" href="/gateway/guides/security/setup-server-rbac">
        Control who can access which integrations
      </Card>

      <Card title="Capability RBAC" icon="sliders" href="/gateway/guides/security/setup-capability-rbac">
        Fine-grained access per tool, prompt, and resource
      </Card>
    </CardGroup>
  </Tab>

  <Tab title="Platform Engineer">
    **Goal**: Deploy and operate Golf Gateway in production

    You're responsible for deploying, scaling, and maintaining Golf Gateway infrastructure.

    <CardGroup cols={2}>
      <Card title="Deploy Centralized" icon="cloud" href="/gateway/guides/getting-started/deploy-control-plane">
        Connect to Control Plane for centralized management
      </Card>

      <Card title="Deploy Distributed" icon="code-branch" href="/gateway/guides/getting-started/deploy-hybrid-mode">
        GitOps workflow with local YAML configuration
      </Card>

      <Card title="Environment Variables" icon="terminal" href="/gateway/reference/environment-variables">
        All configuration options
      </Card>

      <Card title="YAML Schema" icon="file-code" href="/gateway/reference/yaml-schema">
        Configuration for distributed mode
      </Card>
    </CardGroup>
  </Tab>
</Tabs>

## Next Steps

<Steps>
  <Step title="Understand the Product" icon="book">
    [Learn what Golf Gateway does and how it works](/gateway/overview/golf-gateway)
  </Step>

  <Step title="Deploy Your First Gateway" icon="graduation-cap">
    [Deploy and verify step-by-step](/gateway/overview/quickstart)
  </Step>

  <Step title="Solve a Problem" icon="wrench">
    [Task-oriented how-to guides](/gateway/guides/getting-started/deploy-control-plane)
  </Step>
</Steps>