Skip to main content
StateAnchor
PricingDocs
Sign inGet started →
← All posts
Engineering

Gate-only mode: add API contract enforcement without touching your SDK pipeline

April 29, 20264 min read

The problem

If you're using Speakeasy or Fern to generate your SDKs, the last thing you want is another tool that conflicts with your generation pipeline. Gate-only mode was built for exactly this situation. You already have a generation workflow that works. You need enforcement — a way to block breaking changes before they reach production — without replacing the pipeline you depend on.

What it is

Enforcement without artifact generation. StateAnchor runs the gate engine and blocks breaking changes in CI, but doesn't generate SDKs or MCP servers. You keep Speakeasy or Fern handling generation exactly as before. StateAnchor is the enforcement layer underneath: it diffs your spec on every push, classifies every change against our 34-scenario ground-truth corpus, and blocks the merge if a breaking change is detected.

The two tools don't interact. StateAnchor runs as a separate CI step, reads your spec, makes a gate decision, and exits. If the gate passes, your Speakeasy or Fern workflow runs normally. If it blocks, the merge is stopped before any downstream artifact is generated or published.

Setup

One GitHub Action, four lines of configuration. Your stateanchor.yaml at the repo root sets mode: gate-only:

# stateanchor.yaml
version: 1
mode: gate-only
spec: openapi.yaml
base: main

The workflow step:

- name: StateAnchor gate
  uses: stateanchor-hq/gate-action@v1
  with:
    token: ${{ secrets.STATEANCHOR_TOKEN }}

That's it. The action reads your config, runs the gate engine against your spec, and reports the verdict as a required status check. Your Speakeasy or Fern steps run after, unchanged.

What you get

Gate blocking on all 16 ERR-class breaking change kinds: endpoint removed, required parameter added, auth scheme changed, enum value removed, response field removed, type changed, and the rest. The full list is at /docs/gate-kinds.

Beyond blocking, gate-only mode includes the exception ledger for intentional breaking changes — a Merkle-verified audit trail that records who approved each exception, when, and why. SOC 2 compliance reports can be generated directly from the ledger. Share links let you send a cryptographically verifiable gate decision to a stakeholder without giving them repo access.

All of this runs without touching your generation pipeline. Speakeasy and Fern continue to own artifact generation. StateAnchor owns the enforcement gate upstream.

Start free at stateanchor.dev — no credit card. Gate-only mode is available on all plans.

Start free →Gate-only docs →
Written by the StateAnchor teamMore posts →
StateAnchor

StateAnchor keeps your spec, deployed API, and generated artifacts in the same state.

Product
How it worksGate engineSDK generationMCP serverPricingChangelog
Resources
DocumentationYAML ScaffolderBlogTrust & securityvs Speakeasyvs Fernvs Postmanvs oasdiff
Use cases
AI agent teamsPlatform engineersSpeakeasy users
Developers
Quick startstateanchor.yaml specGate-only modeWho it's forCompareGitHub ActionAPI reference
© 2026 StateAnchor. All rights reserved.
PrivacyTerms