Intercept · Decide · Prove

The Runtime Firewall for AI Agents

AI agents can move money, read database tables, and modify critical systems. Kovera sits between your agents and your tools—automatically blocking high-risk actions, routing anomalies to human oversight, and issuing tamper-proof compliance receipts your auditors can verify instantly.

[ Categorized by Enterprise Auditors as the Agent Protocol of Record — APoR ]

Request Technical Briefing See the Decision Layer

Why APoR?

Why the Agent Protocol of Record?

A protocol layer for agentic governance—not another monitoring add-on.

Beyond Guardrails

Guardrails score text; APoR governs the execution path—including tool calls, bridge traffic, and delegation hops.

Cryptographic Accountability

Every decision anchors to the Kovera Ledger (Merkle-secured activity ledger); proof remains independent of production logs.

Evidence-Grade Compliance

Forensic-ready packs (EU AI Act, ISO 42001) + Open Evidence API for third-party, independent verification.

Differentiation

Gateways Route. Kovera Attests.

AI gateways are a prerequisite for delivery. They handle routing, authentication, and wire-level limits. Kovera adds runtime interception and tamper-proof activity receipts. You can verify those receipts without trusting our UI.

Passive Observability
{
  "lvl": "INFO",
  "_trace": "chunked…",
  "ts": "2026-05-13T18:42:01.883Z",
  "svc": "ai-gateway",
  "rid": "req_9f2c4a",
  "route": "/v1/chat/completions",
  "body": "{\"messages\":[…]}",
  "model": "gpt-4o",
  "latency_ms": 842,
  "policy_ref": null,
  "signed_decision": null,
  "flush": "pending_batch_7"
}
Deterministic Proof Verified 
{
  "v": "kovera.sovereignty_receipt.v1",
  "receipt_id": "sr_01k8q2x7hmz",
  "decision": "PERMIT",
  "decision_hash": "sha256:e3b0c44…9c2d",
  "parent_anchor": "merkle:0x4a91f…",
  "policy_bundle_ref": "pol_v2026.05.1",
  "mediation": {
    "latency_ms": 8,
    "human_gate": "not_required"
  },
  "signature_alg": "RS256",
  "signature": "MGUCMFE…",
  "verify": "https://verify.kovera.tech/r/sr_01k8q2x7hmz"
}

Primary Function

Traditional Guardrails (Post-Mortem Logs)

Traffic Routing & Rate Limiting

Kovera Runtime Firewall

Inline Blocking & Human Intervention

Trust Model

Traditional Guardrails (Post-Mortem Logs)

Operational Telemetry (Logs)

Kovera Runtime Firewall

Cryptographic Attestation

Evidence Type

Traditional Guardrails (Post-Mortem Logs)

Mutable JSON Logs

Kovera Runtime Firewall

Tamper-Proof Activity Receipts

Verification

Traditional Guardrails (Post-Mortem Logs)

Internal Database Only

Kovera Runtime Firewall

Independent Public Verification Path  · verify.kovera.tech

Human Role

Traditional Guardrails (Post-Mortem Logs)

Post-incident Reviewer

Kovera Runtime Firewall

Real-time Veto Authority

Deploy gateways for how traffic flows. Deploy Kovera for what was permitted. You get proofs your auditors can recompute.

The Evidence Gap

The Evidence Gap

Legacy gateways record damage after the fact. The APoR prevents it on the execution path. Enterprise compliance teams face an Evidence Gap: they cannot cryptographically sign off on autonomous agent deployments using logs alone.

Try the Evidence Gap Demo

verify.kovera.tech · no login · independent verification

How It Works

Intercept

Route traffic through api.kovera.tech — complementary to your AI gateway — so policy, receipts, and verification stay aligned.

Enforce

Apply runtime interception checks: intent binding, schema validation, provider attestation, content redaction, and collective defense.

Log

Generate SHA-256 signed event records.

Prove

Auto-sync evidence to Vanta, Drata, or your Auditor.

Decision Layer

Every Action Has a Path. High-Risk Gets a Human.

Kovera routes every agent intent through two enforcement paths. Routine actions clear in milliseconds. High-stakes actions pause for a human decision — and that decision becomes a tamper-proof activity receipt.

Fast Pass
Low Risk → Instant Clearance
  1. 1 Agent submits intent to Kovera for runtime interception
  2. 2 Heuristic Risk Analyzer scores intent below threshold
  3. 3 Crypto passport issued, action proceeds, SHA-256 entry written to ledger
avg latency: <12ms · fully automated
Slow Pass
High Risk → Human Decision Required
The Hero Feature
  1. 1 Consequence Twin simulates the action in a sandboxed environment
  2. 2 Slack notification fires with Approve / Deny buttons to the security team
  3. 3
    Human decision generates a unique tamper-proof activity receiptrecorded in the Kovera Ledger
  4. 4 Dashboard timeline shows the full chain: Agent → Intercept → Approval → Receipt
immutable proof · auditor-grade · SOC 2 Type II Ready

Tamper-Proof Receipt

The Cryptographic Activity Receipt

Every high-risk intervention generates a tamper-proof activity receipt. This isn't just a log entry; it's a non-repudiable artifact.

dh_sha256:a3f9e1c2b804d57f3a91e6c4d2b30e7a1f58c9d6e2a04b73f1c8d5e9a2b30c74

  • Immutable: Anchored to the Vanguard Merkle Ledger at the moment of approval.
  • Portable: Share receipts with security teams or regulators without exposing underlying payloads.
  • Verifiable: Stakeholders can validate integrity independently via verify.kovera.tech.

What changes when Kovera is deployed

Agent actions are unaudited — no cryptographic record of what ran or why

Every action cryptographically logged — SHA-256 hash chain, tamper-evident from first call

Incidents discovered in post-mortem, days or weeks after damage is done

High-risk actions blocked at runtime in <12ms — before damage, not after

Compliance evidence assembled manually — weeks of engineer time per audit

Audit evidence auto-generated — signed PDF/JSON exports ready on demand

High-risk agent actions proceed silently — security team has no visibility or veto

Security team gets Slack Approve/Deny on every escalation — full context, one click

~$4.88M average cost of an uncontrolled incident (IBM Cost of a Data Breach 2024)

Human decisions sealed as tamper-proof activity receipts — permanent, auditor-grade record

IBM Cost of a Data Breach 2024 · Ponemon Institute AI Incident Research · conservative $75K/intervention floor used in SAVI dashboard

Core Technology

The Evidence-Grade Gauntlet · L1–L5

Five inline blocking checks translate policy rules into clear outcomes—not mutable logs you discover after an incident.

L1 · Intent Binding

RSA-2048 signing locks the agent's system prompt. Any material deviation from the bound intent triggers an immediate session revocation.

L2 · Schema Enforcement

Static analysis of tool-call payloads ensures malformed schemas and injected parameters are rejected at the edge.

L3 · Provider Attestation

Cryptographic binding between your policy and the LLM endpoint prevents mid-session model-hijacking or unverified routing.

L4 · Content Redaction

Real-time scanning for PII leakage and policy violations ensures compliance before data egress.

L5 · Collective Defense

Cross-session analysis detects coordinated, multi-turn prompt injection sequences across your entire agent workforce.

Open Governance Protocol

Built on an Open Standard.

Trust must be open-source. Enforcement must be enterprise-grade.

Open source

Kovera Protocol of Record

  • liability-receipt/v1 standard specification and canonical JSON schema
  • @kovera/verify — fully stateless, zero-dependency cryptographic verification engine
  • aegis/1 ledger pre-image, hash-chain verification, and Art. 12 manifest bundles
  • Reference test profiles and canonical golden spec vectors

Value: Auditors, third-party SIEMs, and partners can independently verify the cryptographic integrity of any session receipt offline—free of vendor lock-in.

Commercial

Kovera Enterprise Plane

  • Genesis runtime interception (inline blocking and runtime tool-gating)
  • Deterministic Human-in-the-Loop (HITL) cryptographic signing services
  • Multi-tenant Kovera Ledger write-paths, secure organization isolation, and compliance sinks
  • High-assurance Operator Dashboard and interactive Auditor Portal UX

Developers

Verify any receipt without our platform

TypeScript · @kovera/verify Offline 
import { verifyReceipt } from '@kovera/verify';

const result = verifyReceipt(receiptJson);
if (result.isValid) {
  console.log('Session cryptographic integrity verified.');
}
View canonical schema Kovera-Protocol-Of-Record on GitHub
Human-in-the-Loop

Active Gating: Approve or deny in Slack.

When Kovera intercepts a policy violation, your team receives an instant Slack alert with full context: the agent, the blocked action, and the specific rule triggered.

  • Contextual Alerts: Instant visibility into the ‘Why’ behind every interception.
  • Slack Handshake: One-click approve or block override without leaving your workspace.
  • Verified Links: Every alert carries a direct link to the cryptographically signed audit trail in the Evidence Vault.
Slack — governance-alerts
Slack governance alert: permission request denied with agent, tool, and link to Kovera forensic entry
Vanguard surfaces the violation in-channel; the audit trail stays hash-anchored.
Architecture

Where Kovera sits in the request path.

Kovera runs alongside your AI gateway for runtime interception, tamper-proof activity receipts, and verification—without replacing routing, auth, or quotas.

Request path

Flow from App through Gateway and Kovera mediator to LLM App Gateway Kovera (Mediator) LLM

Kovera: the protocol layer enterprises use to govern agents at machine speed.

Sidecar enforcement

<10ms overhead on typical policy paths.

Fails-open architecture

High availability by default when runtime interception is unavailable.

Non-custodial

We never touch your provider keys; they stay in your vaults and gateway.

Sovereign Visibility

Your Entire AI Workforce. One Governance Dashboard.

Centralize agentic oversight. The dashboard provides a real-time feed of agent calls, policy enforcements, and the cryptographic proof backing every decision. Vanguard highlights materially sensitive paths so reviewers can prioritize without leaving the stream.

app.kovera.tech — governance ledger
Kovera dashboard: PERMISSION_REQUESTED row awaiting human review in the live ledger
Pending path: PERMISSION_REQUESTED with human gate visible in-line.
app.kovera.tech — verification
Kovera verification: PERMISSION_DENIED sealed with Tamper-Proof Receipt and public truth ASI tags
Blocked path: Cryptographic Activity Receipt verification against the Kovera Ledger anchor.

External audit validation

External reviewers expect continuity between live operations and reproducible artifacts: a visible record of who can approve a privileged path, and evidence that survives export. The first frame shows the Kovera Ledger with PERMISSION_REQUESTED and the human gate in-line; the second frame shows the enforced outcome anchored with a tamper-proof activity receipt you can verify independently.

Not a testimonial—illustrative validation framing only. Technical detail in the proof model overview.

Evidence Vault

Signed Evidence & Compliance Sync.

Every agent action is captured as a SHA-256 signed record, anchored to a tamper-evident log. We don’t just log history; we notarize it.

SHA-256 Kovera Ledger anchoring

Tamper-evident, chronologically ordered event records. Each row binds to the prior anchor so silent edits fail verification.

JSON + PDF exports

Machine-readable packs designed for forensic auditors and internal review workflows.

Vanta & Drata sync

Automated evidence pipelines for Business and Vanguard tiers.

app.kovera.tech — evidence vault
Kovera Evidence Vault: live ledger with chain integrity, verification latency, and governed agent events

JSON-Signed Audit Log

Enterprise ready

Trust Bundle

Threat model, data boundaries, failure modes, receipt verification, and PII posture—what security reviews need before a pilot.

Request the Trust Bundle

Kovera

One dashboard to monitor and verify every agent action in your stack.

Runtime security tiers for agentic teams — feature comparison below. For pricing and procurement, contact contact@kovera.tech.

Kovera

The Sandbox

Self-serve governance POC — ship a verifiable receipt to your security buyer

Contact for pricing contact@kovera.tech
  • · 1 Shareable Tamper-Proof Receipt / mo
  • · 100 Guarded Actions / mo Automated pause after 100 actions to prevent unintended cost or drift
  • · Single Developer Workspace
  • · Basic Drift Detection
  • · Community Support
Contact Sales Build the governance loop yourself — Tamper-Proof Receipt + verify.kovera.tech included

Kovera

Operational Shield

For growing teams

Contact for pricing contact@kovera.tech
  • The 5-Layer Gauntlet Proxy
  • Unlimited LLM Traffic Monitoring
  • Runtime Interception
  • 30-Day Audit Log Retention
Contact Sales
Recommended
MERKLE-SECURED LEDGER

Kovera

Merkle Integrity

For security-first teams

Contact for pricing

contact@kovera.tech
  • Kovera Ledger Cryptographic Logging
  • Tamper-Evident Audit Pulse
  • CLI Logic Integrity Auditor
  • Multi-User Team Dashboard
Contact Sales

Kovera

The Sovereign

For enterprise AI workforces

Contact for pricing contact@kovera.tech
  • Dedicated Instance
  • Private Cloud, VPC, or On-Prem Deployment
  • Custom Policy Engine & Control Mappings
  • White-Glove Audit Support & SSO / SAML
Contact Sales

Kovera

The Fortress

For global enterprises

Contact for pricing contact@kovera.tech
  • Bespoke Policy Engineering
  • Private Instance (VPC/On-Prem)
  • Customer-Managed Keys (BYOK)
  • White-Glove Audit Support
Contact Sales

KVR-105b · Pay-as-you-Mint

Anchor credit packs

Verification on verify.kovera.tech stays free for auditors and third parties. Production ledger mints consume anchor credits — email contact@kovera.tech for pack pricing and capacity.

Contact for anchor credits
SHA-256 Hash Chained
AES-256 Encrypted
SOC 2 Type II Ready

Frequently Asked Questions

Runtime interception, tamper-proof activity receipts, and how Kovera differs from gateway-only stacks or plain audit logs.

Open full FAQ

Compliance exports, retention, integrations, and deployment patterns.

Ready to see Kovera in action?

Click our email below to copy it to your clipboard, then paste into your mail client.

Built for Enterprise

Compliance-ready infrastructure for Global Standards

SOC 2 Type II Ready

Audit-ready infrastructure with complete cryptographic traceability and immutable evidence logs.

GDPR Compliant Protocol

Data sovereignty guaranteed. Local processing with edge-first security perimeter and zero code storage.

HIPAA Compliant Architecture

Enterprise-grade encryption (AES-256) with audit trail integrity and access control federation.

System Operational
Health Score 100%
P99 Latency <2ms
Uptime 99.99%
Calls Blocked 1.2M+
Crypto RSA-2048 SHA-256 AES-256