Landing page. The hero rotates two product frames. One shows a pending human approval on a $4,800 refund. The other shows a budget cap four days from being hit. Reduced motion renders the approval frame static.

For AI teams shipping to production

Your AI agents don’t run without permission.

Block the $40,000 refund before it fires. Cap the spend before the bill lands. Sign every decision, in order, on your own Postgres.

Set a budget cap: a rogue prompt can’t spend $40,000 overnight. Mark refunds high-risk: the refund bot can’t ship one until a human clicks approve. And your next board deck has a page that says “ready for the EU AI Act.”

Start free →Talk to sales ↗

Installs in an afternoon. Runs on your Postgres. Your data stays in your network by default. The hosted platform is off until you flip it on.

refunds-bot

high

refund.issue · $4,800

Customer escalation. Refund exceeds the $1,000 auto-approve threshold. A human signs before the money moves.

WHAT YOUR COMPANY GETS

Four things you can tell your board on Monday.

Every AI team carries the same four exposures. One pip install shuts all four. And you walk into the board room with the CSV that proves it.

Spend is capped.

Every agent runs under a dollar budget you set. The agent stops before it overspends, not after the bill arrives.

Humans approve the risky moves.

High-value refunds, external messages, prod deploys. They queue for a human click, not an LLM hallucination.

Every decision is evidence.

Every action, allowed or blocked, is recorded in a tamper-evident log you can hand to an auditor.

The EU AI Act is ready.

Article 12 logging is on from day one. Export the evidence as a CSV your compliance officer can actually read.

WHEN AN AGENT TRIES SOMETHING RISKY

When the refund bot tries to ship $4,800, a person decides. Not the model.

A human-in-the-loop isn’t a policy document. It’s a card on someone’s screen, a countdown, and a button. Here’s what your team sees, and what happens either way.

refunds-bot

high

refund.issue · $4,800

Customer escalation. Refund exceeds the $1,000 auto-approve threshold. A human signs before the money moves.

pending · TTL drains · awaiting a decision · recorded

THE BOARD MEETING SLIDE

Evidence your AI is governed. Not a promise.

Your compliance lead hands the auditor a CSV. Your board gets a page in the security review that says “ready for the EU AI Act,” with the receipts stapled behind it.

Ready for the EU AI Act, today.
Article 12 requires automatic event logging with six-month retention from August 2026. It's on from the moment you install. Nothing to configure.
Records that can't be quietly edited.
Each row signs the row before it. Rewrite one and the next export breaks the chain. An auditor sees the gap on page one.
Compatible patterns. We are not a SOC 2 audited vendor.
Evidence you can actually send.
Export a CSV your compliance officer can open in Excel. Signed, board-ready PDFs coming in the next release.

Events covered18,942since Oct 20, 2025

Retention untilOct 20, 20266-month floor, Article 12

Last exportApr 18, 2026evidence.csv · 412 KB

Coverage100%every agent action recorded

roadmap

Each export carries the retention window and the event count on the first page. Auditors check coverage without a follow-up email.

BUILT INTO THE STACK YOU ALREADY HAVE

Your engineers install it in an afternoon. Your infrastructure doesn’t change.

No new service. No new database to back up. No new dashboard for your team to learn. Your data stays inside the systems you already secure, already monitor, already own.

One afternoon to install.

A small library drops in next to your existing agent code. Your team ships the first governed agent the same day.

Inside your own systems.

Audit data is written to the database you already run. Nothing egresses by default. The hosted platform is opt-in, flip one env var. Your backups, your residency, your security review, unchanged.

No new vendor lock-in.

The audit log is your data, in an open format, on your infrastructure. You can export it. You can walk away.

· no new service
· no new dashboard
· no per-seat billing
· no data egress by default
· no 3am page

Flip one env var to mirror events to the hosted dashboard. Off by default.

PRICING

Price per workspace, not per promise.

Every row in the table ships today. The roadmap strip below shows what’s next. You buy what runs, not what we plan.

free

Your Postgres. Your laptop. No hosted console.

self-hosted

The full SDK. Audit chain, scope, budget caps, prompt versioning. Data stays in your Postgres.

Start free →

teamrecommended

built for teams of 3 to 20 developers

Hosted inbox. One bill. Auditor-ready CSV.

$299/ tenant / moflat

flat rate

A hosted gates inbox humans actually open. Webhooks you can test from the UI. One CSV for every auditor meeting.

Contact to upgrade →

Team includes 1M audit events per month. Cross that line and we’ll email you about Enterprise.

WHAT YOU GET TODAY · the technical specifics

Feature	free	team	enterprise
Events / month	self-hosted	1M (soft)	custom
Agents	unlimited	unlimited	unlimited
Audit retention	your Postgres	180 days hosted	custom
HMAC-chained audit log	✓	✓	✓
Action scope enforcement	✓	✓	✓
Budget caps + halt	✓	✓	✓
SDK HITL gates (self-hosted)	✓	✓	✓
Hosted HITL inbox		✓	✓
Gates (HITL inbox)		✓	✓
Budget-alert webhooks		✓	✓
Article 12 CSV export		unsigned	signed PDF
Platform bridge (opt-in)		✓	✓
SSO + SCIM			✓
Data residency	your Postgres	US only	choice
Bridge residency			✓
Support	community	email	SLA

on the roadmap

Multi-approver HITLplanned
Signed PDF Article 12planned
Data residency choiceplanned
SSO / SCIMplanned
BAA / DPAplanned
Slack Connect supportplanned

Billed via Stripe once checkout lands. Chain stays intact on downgrade.