Skip to content

Where we sit

Your dashboards are green. The investigator still wants to know who owned the call.

Your control plane shows the fleet running clean. Your guardrails caught the bad prompts. None of it answers the one question that lands you in a deposition, because the team that built the system cannot vouch for its own record. Your control plane runs the fleet. We are the proof an outsider can check, on the single decision that mattered, and your auditor checks it themselves.

The neighbours in the stack

Three layers you already have. We sit alongside all three.

None of these are wrong, and we replace none of them. Each answers a question we do not, and we answer one they were never built for: can an outsider check, without trusting your team, that a named person owned the call that mattered.

Control planes

Agent identity, observability, fleet policy

Give every agent an identity, watch what the fleet does, and apply policy across it, all inside your own walls. This is how you run agents at scale and see them.

Where we sit

Keep it. The control plane runs the fleet. We add the record your auditor checks. Your agent runs inside the fleet it already governs, and our proof sits alongside that layer, not in place of it.

Guardrail and policy tools

Content safety, injection, PII, policy match

Read the content of a prompt, a response, or a tool call, and block, redact, or steer it. They keep what flows through an agent clean and on-policy.

Where we sit

Keep them too. They watch the content. We prove a named person owned the call that mattered, in a file an outsider can check. Guardrails were never the thing an auditor asks you to hand over.

Periodic assurance

Firm-attested AI audits and reports

An independent firm reviews a system and issues a point-in-time report. Genuinely independent, and the trusted way to assure a system as a whole.

Where we sit

We are the per-decision version. Not a report you trust the firm for, but a file your auditor checks themselves for any single decision, on their own laptop, on the day they ask.

The slot we occupy

Built for the person looking for a reason to doubt you.

Sort the tools by who they answer to. Most produce dashboards for the team running the fleet, which is exactly what running a fleet needs. We do one different thing: a file for the outsider who wants to check, on a single decision, in regulated healthcare. That is what we are, not a longer feature list.

For the team running the agents

Identity, monitoring, dashboards and reports for the people who run the fleet. Essential for operating at scale, and handled by the control planes and assurance firms above.

For the auditor who wants to check

A file on a single decision that an auditor re-checks themselves, trusting neither your team nor us. This is the corner we are built for.

Runs the whole fleet

Governs every agent, sets policy, runs the work. We sit alongside this. Our agent runs inside the fleet it already governs.

Does one thing well

Enforce the rule, write the proof, and stay out of the way. Runs on any framework, self-hosted, open source, so it sits anywhere without taking over your stack.

The corner built for the auditor, by a tool that does one thing well, for regulated healthcare: that is the one we are built to own. We back it up with what we are, below. The agent cannot vouch for its own work, it runs on any framework, your auditor checks the record themselves, and it is open.

What we are

The agent cannot vouch for itself. So we built the proof an outsider can.

Three things make this the record your auditor relies on the day it matters: the agent cannot sign its own work, it runs on any framework, and your auditor recomputes the file offline, trusting no one, including us.

What we are 01

The agent cannot vouch for its own work

The team that built the system cannot be the one who proves it. So we keep the proof outside the agent, the way a SOC 2 counts and a self-graded audit does not. That is the one thing a team cannot add to its own system, and the reason your auditor can check the record without trusting us.

What we are 02

An agent that can act, on any framework

We build and run the agent, and we run it where you already work, on LangChain, CrewAI, the Claude Agent SDK, or your own code, inside your own walls. It does the routine work on its own and stops the serious call for a named human. The record is written as the agent acts, in one step with the action, so an agent that acted but left no trace cannot happen.

What we are 03

Your auditor checks it themselves

Every step and every sign-off lands in a tamper-evident, signed record. Hand over the file and your auditor re-checks it on their own laptop, in any language, with no access to your systems and no code from us. The engine is AGPL-3.0 and the SDK is Apache-2.0, so you can read every line and air-gap it. The deal is check it yourself, not take our word.

The point

Keep your control plane. Keep your guardrails. We sit alongside them.

Your control plane still runs the fleet. A guardrail still scans the content. Your framework still routes the work. We sit alongside all of it. What we add is the one part those layers were never built to be: the file your auditor checks themselves, on the single decision that mattered, because the agent cannot vouch for its own work.

We build and run the agent, run it where you already work, and write the record as it acts. Any auditor can check that record themselves, trusting no one, including us.

Governance vs guardrails, in depth →

Where it sits

  1. 01Control plane runs the agents and watches the fleet
  2. 02Guardrail checks the content is safe and on-policy
  3. 03MakerChecker lets the agent close the routine work, stops the serious call for a named human, and writes the proof as it happens
  4. 04Your systems the action commits, only after the sign-off

One independent layer, alongside any stack, that answers an auditor without asking them to trust your logs, or ours.

Watch an auditor check the file themselves →

Keep reading

For life sciences

Complaint and adverse-event triage, batch release, the reportability call stays a named officer’s.

Read →

For oncology

Patient access, funding and appeals, and trial cohort identification, the eligibility attestation kept off the agent that ran the investigation.

Read →

The six primitives

Agents as employees, versioned grants, structural segregation of duties, gates, limits, signed audit.

Read →

Use cases

Where a governed agent must not act alone, every workflow has a one-way door.

Read →

Why now

No rules means no safe harbor. The predicate rules underneath are date-proof.

Read →

See it for yourself

See the file your auditor checks themselves.

One command starts the demo: an agent stopped from signing off its own work, and the signed evidence file an inspector can check for themselves.

Book a demoRead the docs

Designed against the rules your auditors already enforce.