What you get
Your agents registered with identities and limits. Your AOPs authored in our dashboard or by API: refund ceilings, catalog rules, required disclaimers, jurisdiction packs. Every hold lands in your review queue inside our dashboard with full context and a plain language summary; your team approves or rejects; our ledger records who decided and why, append-only and hash-chained, personal data kept out by architecture.
The path in
Register the agents, enable the packs that match your industry and jurisdictions, author your own rules on top, and run our shadow mode against live traffic.
in a week of shadow, the ledger might show two refund proposals over your ceiling, one off-catalog discount drafted, and a reply missing a required disclaimer. None were blocked, all were recorded. That ledger is your calibration evidence; when it decides the way you want, you enforce.
Why now, for an enterprise
The liability is already yours. Regulators on three continents are converging on demonstrable pre-action control over automated decisions (in the EU, high-risk AI Act obligations are being finalized through the Digital Omnibus, with timing that may extend into late 2027), and underwriters increasingly ask how an agent is prevented from acting outside policy, not how the incident was logged. Our gate is the answer to that question in its literal form.
Execution without credentials
If you want zero keys in the agent all the way to execution, register connectors with us: credentials live on our side, encrypted and write-only, and actions execute only against a valid permit.