Integrations

Plug expacti into
your existing stack

SDKs for every major language, CI/CD hooks, chat alerts, infrastructure-as-code, enterprise identity, and CLI tools — all without changing how your team works.

Featured
⚙️

GitHub Actions

Composite action that wraps any run: step in an approval gate. Your pipeline pauses until a human approves.

💬

Slack

Rich Block Kit messages with Approve/Deny buttons. Reviewers approve commands directly from Slack — no tab switching.

🐍

Python SDK

Sync + async clients with LangChain tool integration. Drop-in approval gate for any Python AI agent.

Language SDKs

8 languages
🐍
Python Sync + Async
Sync and async clients with LangChain tool integration. Drop-in approval gate for any Python AI agent or automation script.
from expacti import ExpactiClient

client = ExpactiClient("wss://api.expacti.com/shell/ws", token)
decision = client.run("rm -rf /tmp/build")
# blocks until reviewer approves or denies
GitHub → Docs
🟨
TypeScript / Node.js ESM + CJS
Dual-build npm package with Vercel AI SDK and LangChain integrations. Works with any Node.js runtime or edge environment.
import { ExpactiClient } from "expacti";

const client = new ExpactiClient({ url, token });
const { approved, reason } = await client.run(cmd);
GitHub → Docs
🐹
Go Context-aware
Idiomatic Go client with context cancellation, auto-reconnect, and a Shell helper for exec integration. Zero external dependencies beyond websocket.
client, _ := expacti.New(expacti.Options{URL: url, Token: token})
decision, err := client.Run(ctx, "kubectl rollout restart deploy/api")
GitHub → Docs
🦀
Rust Tokio-native
Async-first Rust client built on tokio-tungstenite. Auto-reconnect, typed errors, and concurrent command submission.
let client = ExpactiClient::new(url, token).await?;
let decision = client.run("cargo deploy --release").await?;
GitHub → Docs
Java / Kotlin JVM
Gradle library with blocking and coroutine-based clients. LangChain4j tool interface included. Usable from any JVM language.
val client = ExpactiClient(url = url, token = token)
val decision = client.run("./gradlew deployProd")
GitHub → Docs
💎
Ruby Sync + Async
Ruby gem with sync and async clients. Compatible with standard Ruby scripts, Rails background jobs, and Sidekiq workers.
client = Expacti::Client.new(url: url, token: token)
decision = client.run("rake db:migrate RAILS_ENV=production")
GitHub → Docs
🐘
PHP Laravel-ready
Composer package for PHP 8.1+. Sync client with typed exceptions. Laravel service example included for DI-friendly integration.
$client = new ExpactiClient($url, $token);
$decision = $client->run('php artisan migrate --force');
GitHub → Docs
.NET / C# .NET 6+
Async-first C# client library with typed exceptions and xUnit test suite. Works with ASP.NET Core, Azure Functions, and worker services.
var client = new ExpactiClient(url, token);
var decision = await client.RunAsync("dotnet ef database update");
GitHub → Docs

AI Agent Frameworks

LangChain · Vercel AI · LangChain4j
🦜
LangChain (Python) Tool
Drop-in ExpactiTool for LangChain and LangGraph agents. The tool wraps any shell command in an approval gate before execution.
from expacti.langchain import ExpactiTool

tools = [ExpactiTool(client=client)]
agent = initialize_agent(tools, llm, ...)
# every tool call routes through human approval
Docs →
Vercel AI SDK Tool
expactiTool() is a Zod-typed tool compatible with generateText, streamText, and useChat. Works with any model provider.
import { expactiTool } from "expacti/vercel";

const result = await generateText({
model, tools: { shell: expactiTool(client) }
});
Docs →
🔗
LangChain4j (Java) Tool
@Tool-annotated class for LangChain4j. Register it with any AI service in your Java application to gate shell access.
@Tool("Execute a shell command with human approval")
fun executeCommand(command: String): String {
val d = client.run(command)
return if (d.approved) "ok" else "denied"
}
Docs →

DevOps / Infrastructure

CI/CD · IaC · K8s
⚙️
GitHub Actions Official action
Composite action that wraps any run: step in an approval gate. Your pipeline pauses until a human approves the deployment command. CI/CD gate for production deploys.
- uses: kwha/expacti-action@v1
with:
command: "kubectl apply -f k8s/"
backend_url: ${{ secrets.EXPACTI_URL }}
shell_token: ${{ secrets.EXPACTI_TOKEN }}
GitHub → Docs
🏗️
Terraform Provider Official
Manage whitelist rules, organizations, and API keys as infrastructure code. Fully declarative — GitOps-friendly configuration.
resource "expacti_whitelist_rule" "safe_cmd" {
pattern = "docker ps"
risk_level = "low"
}
GitHub → Docs
☸️
Kubernetes Operator CRD + Helm
Deploy and manage expacti with a Kubernetes Custom Resource. Helm chart included for production-grade deployments with TLS and autoscaling.
apiVersion: expacti.io/v1alpha1
kind: ExpactiServer
metadata:
name: expacti
spec:
replicas: 2
ingress: { enabled: true, tls: true }
GitHub → Docs
📦
install.sh curl-pipe
One-line installer for Linux and macOS. Downloads the correct binary, verifies checksums, and sets up PATH. Ideal for CI environments.
# Install expacti-sh + CLI tools
curl -sSf https://install.expacti.com | sh

# Verify installation
expacti doctor
Install → Quickstart

Notifications

Real-time alerts
💬
Slack Interactive
Rich Block Kit messages with Approve and Deny buttons. Reviewers can approve commands directly from Slack — no tab switching required.
Docs →
🟣
Microsoft Teams Adaptive cards
Adaptive card notifications for pending commands. "Review in expacti" action button opens the reviewer UI directly.
Docs →
📧
Email SMTP
Configurable SMTP fallback when the reviewer is offline. Per-org SMTP settings with test-send support. Works with any SMTP provider.
Docs →
🔔
Web Push PWA
VAPID-based push notifications to your browser or installed PWA. Service worker delivers instant alerts when a command awaits approval.
Docs →
🔗
Webhooks Custom HTTP
Generic webhook delivery for any HTTP endpoint. POST pending-command events to PagerDuty, OpsGenie, or your own incident management system.
// POST payload for pending command events
{
"event": "command.pending",
"command": { "id": "abc123", "text": "rm -rf /tmp",
"session_id": "s_01", "risk_score": 85 },
"org_id": "org_acme",
"timestamp": "2026-03-27T14:22:01Z"
}
Docs →

Enterprise / Auth

SSO · SCIM · Billing

SAML 2.0 SP

Single Sign-On with any enterprise IdP — Okta, Azure AD, Ping. Assertion mapping to expacti roles.

SCIM 2.0

Automatic user provisioning and de-provisioning from your IdP. Lifecycle managed without manual intervention.

Stripe

Billing portal integration. Usage-based metering, subscription management, and customer portal for self-serve billing.

OIDC (Google / GitHub / Microsoft)

Social login for smaller teams. Reviewer dashboard supports Google, GitHub, and Microsoft OAuth2 out of the box.

TOTP 2FA

Mandatory multi-factor authentication for reviewers. Compatible with Google Authenticator, Authy, and 1Password.

SOC 2 Reports

Automated compliance reports in JSON, CSV, HTML, and Markdown. Covers CC6.1 access control and CC7.2 monitoring controls.

ISO 27001 Reports

Evidence reports mapped to Annex A controls (A.9, A.12.4, A.14.2). Scheduled delivery to your auditor's inbox.

Multi-party Approval

Require 2+ reviewers for critical operations. Configurable policies: Any, AllOf, AnyOf, MinRole.

CLI Tools

Terminal-first
🔧
expacti-sh Shell client
Drop-in shell replacement. Wrap any script by replacing its shebang or invoking it via expacti-sh — every command routes through approval.
# Replace shebang
#!/usr/bin/env expacti-sh

# Or wrap directly
EXPACTI_SHELL_TOKEN=<token> expacti-sh deploy.sh
Install → Quickstart
expacti reviewer Approve/Deny
Terminal-based reviewer client. Stream pending commands, approve or deny from the CLI. Perfect for on-call engineers who live in the terminal.
# Start reviewing
expacti reviewer --org my-org

# Approve a specific session
expacti reviewer approve --session abc123
Docs →
🩺
expacti doctor Pre-flight
Pre-flight diagnostic check. Validates connectivity, token validity, WebSocket upgrade, and server version compatibility. Run before first deploy.
$ expacti doctor
Backend reachable at wss://api.expacti.com
Token valid (org: acme-corp)
WebSocket upgrade successful
Server version: 1.4.2
Docs →
📡
expacti ping Latency
Measure WebSocket round-trip latency to the expacti backend. Reports p50, p95, and p99 over configurable sample count.
$ expacti ping --count 20
p50: 12ms p95: 18ms p99: 23ms
Docs →
📋
expacti audit / sessions Compliance
Query audit logs and session history from the terminal. Filter by date, user, org, or risk level. Export to JSON or CSV for compliance workflows.
# Recent audit events
expacti audit --since 24h --risk HIGH

# List active sessions
expacti sessions --org acme-corp --format json
Docs →

Coming Soon

Roadmap
Coming soon

VS Code Extension

Approve/deny commands directly in your editor. Status bar indicator for pending approvals.

Coming soon

Datadog Integration

Forward approval events as custom metrics and logs. Build dashboards and monitors around command approval rates.

Coming soon

PagerDuty

Trigger PagerDuty incidents for high-risk commands. Auto-acknowledge when a reviewer takes action.

Coming soon

GitLab CI

Native GitLab CI component. Gate deployment jobs behind human approval with zero config.

Missing an integration?

Expacti's WebSocket protocol is open — any language that can open a WebSocket can act as an agent or reviewer. If you'd like an official SDK for your stack, open an issue on GitHub.

Try the demo Request an integration

Get notified when new integrations ship: