Book a call →
ProvenanceCode · AI governance infrastructure

Govern AI where it acts, where it writes, and where it reads your data.

Verity
· Private preview open

Git-layer governance for AI-generated code

Intercepts every AI-generated PR before it merges. Creates a Developer Execution Object, evaluates it against policy, and gates or blocks non-compliant code at the source — inside your existing Git workflow.

  • PR gating + DEOs
  • AUTO / GATE / BLOCK verdicts
  • Policy-as-code (verity.yaml)
  • ISO 42001 compliance
CTO · Lead Engineer · Head of Engineering
Request early access → See how it works
Verity · git-layer policy
git push origin feature/ai-refactor
Verity: intercepting PR #418...
Creating DEO · AI source: Cursor
Policy eval: auth scope changed = GATE
✓ Review required. Provenance record committed.
Same standard.
Agent OS

Runtime governance for AI agent actions

Sits between your AI agent's reasoning and real-world execution. Every action intercepted, evaluated against policy, and either executed, gated, or blocked — before anything touches your infrastructure.

  • Policy engine + Executors
  • Human-in-the-loop approval
  • AWS Marketplace
  • ISO 42001 compliance
CEO · CISO · GC · CFO
See Agent OS Book a call
Agent OS · policy engine
agent.execute("deploy api-service to prod")
Agent OS: planning actions...
Risk level: HIGH · production deploy
Policy: requires_human_approval = true
✓ Approved. Action complete. Provenance stored.
Same standard.
Guard
· Private preview open

PII detection and redaction for AI in Europe

Scans text for EU personally identifiable information before it enters your AI models. GDPR-aligned, jurisdiction-aware — Spain, Ireland, Germany, France, and Italy. Redacts and produces a signed audit record for every scan.

  • MCP server + REST API + SDKs
  • National ID detection (DNI, PPSN, Codice Fiscale…)
  • GDPR Articles 5, 25 & 32 alignment
  • Signed audit record per scan
DPO · CISO · Engineering Lead · Legal
Request API access → See how it works
Guard · PII detection API
POST /v1/scan · locale: es-ES
Guard: scanning for EU PII...
detected: PERSON_NAME, ES_DNI, EMAIL
✓ Redacted. Audit record committed.

Three enforcement surfaces. One provenance standard.

100%
Actions auditable
Risk tiers
<50ms
Policy eval overhead
Executor types
Audit · Policy · Control
🔍
Audit

Every action logged with full provenance — who, what, why, when.

⚖️
Policy

ISO 42001-based rules gate actions before execution — deterministically.

🔔
Control

Human-in-the-loop approval for high-risk operations. The agent waits.

☁️
AWS Marketplace

Subscribe, enter your Bedrock or OpenAI key plus ProvenanceCode API key — default policy applied, containers online.

📐
Risk-weighted actions

Low ×1 · Medium ×3 · High ×10 — fair metering aligned with real risk.

Minimal token overhead

Deterministic policy eval — not a second LLM. Typically under 5% token increase vs native LLM alone.

Why ProvenanceCode

Enterprises will not adopt agents without these three things.

Auditability — every action explainable under policy and risk assessment. Risk control — high-risk work requires human approval. Accountability — signed, immutable provenance when something goes wrong.

Competitors (OpenAI Agents, Nvidia NeMo) focus on capabilities. ProvenanceCode focuses on control. That is the enterprise gap.

Join the waitlist