The governance layer for production AI agents.
Risk control today. Regulation-ready tomorrow. Every agent action is scored against policy Canons before it commits. Risky actions trip a circuit breaker. Every decision becomes a signed, hash-chained ledger entry. Operators reduce loss now. Compliance signs deploys when SOC 2 and the EU AI Act ask.
from dmzagent import DMZAgent cx = DMZAgent(api_key="ck_live_...") # Capture an agent decision — action, evidence, risk tags r = cx.capture( kind="tool_call", subject_id="support-triage", subject_type="chat", payload={ "action": "refund.approve", "amount": 84000, "risk_tags": ["financial-action", "customer-pii"], }, ) # r.accepted → True r.frame_id → "frame_xyz" # Check the circuit breaker before the action commits g = cx.check(subject_id="support-triage") if not g.allow: print(f"Blocked: {g.reason}")
What DMZAgent is for.
AI agents now take actions that have financial, clinical, and legal consequences. The operators of those agents need a record that holds up to audit, to incident review, and to the customer asking what happened. DMZAgent produces that record.
You cannot explain what your agent did.
Application logs are not evidence. Prompt traces are not an audit trail. When an agent approves a refund or escalates an alert, no one on your team should have to reconstruct the reasoning from monitoring dashboards at 2 a.m.
You cannot produce a defensible record.
Auditors and regulators expect signed, time-stamped, evidence-linked records of consequential decisions. Most teams produce these by hand, once per audit cycle, and rebuild them every quarter.
You cannot stop the agent before it acts.
Logging tells you what happened. It does not stop the bad refund, the leaked PII, or the unauthorized escalation. A governance layer scores each action against policy before it commits, trips a circuit breaker on risk, and writes the decision to a signed ledger.
Three modules. One governance layer.
DMZAgent governs every agent action in three steps: record it, judge the risk, and stop it if it crosses your policy. All three modules write to one hash-chained ledger, so every score, forecast, and decision is signed and can be replayed.
Score every agent action against your policy.
DMZAgent records what each agent does — its capabilities, its normal behavior, its known failure modes, and its risk tags — with the evidence behind every finding. It signs each action into a hash-chained ledger your auditors can verify.
Catch a risky action before it happens.
DMZAgent scores each pending action against the agent's own track record and your active policies. That score is what the enforcement step checks before the action is allowed to commit.
Stop an unsafe action before it commits.
Your policies run as code against every action. When the risk score crosses your threshold, DMZAgent holds the action, escalates to a person, and records the decision. Any agent runtime can call it through the open MCP standard.
Three steps. Most teams are in production within a week.
Add the SDK to your agent loop.
Five lines around the agent call. Or run the sidecar proxy when the runtime is closed and you cannot change the agent code.
from dmzagent import DMZAgent
cx = DMZAgent(api_key="ck_live_...")
cx.capture(
kind="subject_says",
subject_id="cust",
subject_type="chat",
speaker_subject_id="cust",
agent_subject_id="triage",
payload={"text": "I want a refund."},
)
Every action becomes a record.
Actions, retrieved evidence, tool calls, policy checks, and drift signals — written to your isolated workspace with cryptographic signing.
POST /v1/agent-stream/event
{ "kind": "tool_call",
"agent_subject_id": "triage",
"payload": { "action": "refund.approve",
"evidence": [...], "risk_tags": ["financial"] } }
Query the record where you already work.
From your incident channel, your audit prep, your on-call view, or your CI gate. The registry follows the team.
from dmzagent import DMZAgent cx = DMZAgent(api_key="ck_live_...") # Retrieve reasoning outcome for a frame r = cx.await_outcome(frame_id="frame_xyz", timeout=30.0) print(r.tags_fired, r.soul_version)
Built for the team that owns AI in production.
If you are the person paged when an agent misbehaves, or the one who explains it to legal, security, or the customer, DMZAgent is the record system you do not have yet.
Fleet visibility across runtimes.
One registry for every agent — whether built in-house, taken from an open framework, or supplied by a vendor. Set what "production-ready" means without telling each team how to build.
Audit-ready by default.
SOC 2, HIPAA, EU AI Act Articles 12 and 14, and internal model-risk programs. The record is the artifact your audit asks for.
Replay, do not reconstruct.
When an agent misbehaves, you need the trace, the evidence, and the diff — in your incident channel, in two clicks. DMZAgent emits to your existing paging and chat tools.
Boundaries you can prove.
Per-workspace data isolation, configurable retention, bring-your-own cloud, and a policy layer your security officer can read without translation. Self-hosted on your network if required.
Works with the stack you already run.
DMZAgent plugs into your existing tools. Ingest from your data sources, notify through your channels, and automate with your workflow tools. No rip-and-replace required.
Connect your agents and data sources.
SDKs and connectors that feed agent decisions into the governance layer.
Reach your team where they already work.
Outbound notifications route through webhooks to chat, paging, and observability tools.
Automate workflows and authenticate users.
Trigger governance flows from your automation stack and authenticate against your identity provider.
Mapped to the controls your auditor already asks about.
DMZAgent ships pre-mapped to common control frameworks. If your audit cycle calls for a different framework, the same event record supports it.
| Framework | Controls supported | Status |
|---|---|---|
| SOC 2 Type II | CC7 (system operations), CC8 (change management), CC9 (risk mitigation) | In progress · evidence under NDA |
| HIPAA | 164.308 administrative safeguards, 164.312 audit controls | Available with BAA on Enterprise |
| EU AI Act | Article 12 (record-keeping), Article 14 (human oversight) | Pre-mapped · crosswalk available |
| NIST AI RMF | Measure 2.1, Measure 2.3, Manage 4.1 | Pre-mapped · self-attestation |
Free to start. Metered after. Canons à la carte.
Three dimensions and nothing else. One — a built-in free tier on every account. Two — per-resource metered rates above the free allowance. Three — optional Canon subscriptions for curated governance packs (for example, the Blockchain Canon at $499 per workspace per month). No fixed plans, no per-seat lock-ins, no minimums, no trial countdown.
Included at no charge
- 10,000behavior events recorded
- 100reasoning passes
- 1,000integration runs
- 10subjects under watch
- 1 GBGB storage
- 100,000inbound webhook requests
- 50image-to-text calls
- 30 minaudio transcription
- 1analyst seat
- 1auditor seat
The free allowance renews on the first of each calendar month. A payment method is collected at signup so usage above the free tier is uninterrupted; the card is not charged while your usage stays within the free allowance.
Start free workspace →| Resource | Free / month | Rate | Unit |
|---|---|---|---|
| Behavior events recorded | 10,000 | $0.3 | per 1,000 events |
| Reasoning passes | 100 | $0.04 | per pass |
| Integration runs | 1,000 | $0.01 | per run |
| Subjects under watch | 10 | $0.05 | per subject per month |
| Storage | 1 GB | $0.015 | per GB per month |
| Inbound webhook requests | 100,000 | $0.2 | per 1,000,000 requests |
| Image-to-text calls | 50 | $0.01 | per call |
| Audio transcription | 30 min | $0.008 | per minute |
| Analyst seats | 1 | $40 | per seat per month |
| Auditor seats | 1 | $25 | per seat per month |
Volume rates apply automatically at higher usage thresholds — for example, behavior events drop to $0.20 per 1,000 above 1,000,000 per month, and reasoning passes drop to $0.025 above 10,000.
Canons are curated governance packs from the Library — pre-built policy bundles for a domain such as blockchain custody, healthcare privacy, or financial-services controls. Each Canon is priced per workspace per month, independent of resource metering, and listed on its detail page. The Blockchain Canon anchors the range at $499/mo per workspace; smaller Canons start at $0 (community-maintained) and scale with regulatory scope.
What procurement, security, and legal usually ask.
How long does it take to deploy?
The free workspace is provisioned in under one minute. Most teams
are sending production traces within the first afternoon — either
through the SDK (pip install dmzagent /
npm install @dmzagent/sdk) or as a sidecar proxy when
the agent code cannot be changed.
Where is our data stored? Can we run it ourselves?
Hosted workspaces run in us-east-1 or
eu-west-1 with configurable residency. Self-hosted
deployment on your network is available on the Enterprise tier with
the same control plane, your keys, and no outbound data.
What about SOC 2, HIPAA, and the EU AI Act?
SOC 2 Type II is in progress with a target of Q3 2026; evidence is available under NDA today. HIPAA-compliant deployment with a Business Associate Agreement is available on Enterprise. DMZAgent ships pre-mapped controls for EU AI Act Articles 12 and 14; if your auditor asks, the crosswalk is provided.
How does DMZAgent fit our existing observability?
DMZAgent emits OpenTelemetry, integrates with the common observability and paging tools, and exposes webhooks for everything else. It does not replace your monitoring; it adds the layer your monitoring cannot produce — agent decisions, evidence chains, and risk tags.
What happens if your service ends?
Every event is exportable to JSONL or Parquet on demand, without a support request. Self-hosted customers continue to run on their last released image. The registry schema is published.
Why the name DMZAgent?
A DMZ is the inspected buffer zone between an untrusted network and the systems you trust. DMZAgent is that zone for AI agents: every action is recorded, scored, and checked against your policy before it reaches anything that matters. For the long-form purpose, see the thesis page.
Begin the record before you need it.
Provision a workspace in a minute. Send the first trace in five. Have a defensible audit packet by the end of the week.
No card required · Cancel any time · SOC 2 Type II in progress