Founder-led v1 · 3 design-partner slots

Your AI agents are privileged users. Treat them like one.

Stop risky AI‑agent actions before they reach production.

Clavenar inspects tool calls, enforces policy, routes sensitive actions for human approval, and keeps a tamper‑evident audit trail before side effects fire.

  • 4 outcomes allow, block, review, rate‑limit
  • SHA‑256 browser‑verifiable sample chain
  • Customer‑run private deployment path
  • Apache‑2.0 Lite and scanner source
Product flow

How a tool call becomes an auditable decision.

Clavenar sits between the agent runtime and every side effect. Fast calls pass; risky calls park; every outcome becomes evidence.

  1. 1

    Agent requests a tool

    OpenAI, Anthropic, MCP, or custom clients send the normalized call through the proxy.

  2. 2

    Brain + policy decide

    Semantic checks and Rego policy classify the call as allow, block, review, or rate-limit.

  3. 3

    Risky calls park

    Yellow-tier actions wait for Slack, Teams, console, or CLI approval before the side effect fires.

  4. 4

    Ledger becomes proof

    Verdicts, approvals, and upstream outcomes are canonical JSON rows on a SHA-256 chain.

Outcomes by team

One control point, three jobs to be done.

Start with one production agent and one consequential tool surface. Each team gets evidence it can use without asking the agent to explain itself.

Security — stop unsafe side effects

Put semantic inspection, explicit policy, velocity limits, and human approval on the tool‑call path. Denied calls do not receive upstream credentials or reach the target system.

Platform — add a governed release path

Normalize MCP or custom calls at the proxy, roll out in observe mode, then enforce policy without rebuilding every agent. Correlation IDs connect runtime decisions to operational debugging.

Audit & compliance — reconstruct the decision

Replay who requested what, which policy decided, who approved, and whether the upstream action executed. Hash chaining helps reveal later alteration; it does not by itself establish regulatory compliance.

Live demo

See three sample decisions in about 90 seconds.

This browser walkthrough animates the product flow with illustrative events: indirect injection, a high‑value refund routed for human approval, and a runaway loop hitting a velocity limit. Auto‑play it or step through each decision.

Agent finbot‑prod‑7
    Clavenar pipeline
      Upstream side‑effect
        Authorized Blocked HIL pending Rate‑limited

        Want to drive it yourself? Pass the Cloudflare check to open a scoped 2‑hour live-console session in a new tab. You only see the ledger rows you create; the shared demo chain continues separately.

        Verify the sample chain

        No signup — the session expires after 2 hours.

        Deployment & trust

        Know the operating boundaries before a pilot touches production.

        Clavenar is a founder‑led product being built toward v1. This site documents the current control‑plane scope and its limits; it is not a claim of broad enterprise maturity or third‑party certification.

        Customer‑controlled deployment

        Run Lite as a single binary or deploy the full services in infrastructure you control. Pilot planning covers network boundaries, upstreams, model providers, evidence storage, and rollback before enforcement.

        Credentials and approvals stay separated

        The production design authenticates agents with mTLS, injects upstream credentials only after authorization, and keeps policy mutation and approval authority outside the agent. Full‑stack approvals can be SSO‑gated.

        Failure posture is explicit

        Policy faults do not silently allow a request. Sensitive approvals expire closed. A pilot defines fail‑closed behavior, retention, redaction, access, and evidence export for the chosen tool surface.

        The agent does not receive these authorities

        Real upstream credentials Direct upstream socket Policy mutation rights Approval authority Ledger rewrite path

        Evidence fields can be mapped to common control frameworks.

        • SOC 2 control mapping
        • EU AI Act Art. 11/12 mapping
        • NIST AI RMF mapping
        • ISO/IEC 42001 mapping

        Mappings are implementation aids, not legal advice, certification, attestation, or a promise that your deployment complies. Clavenar does not currently claim SOC 2 Type II certification.

        Product paths

        Start at the layer you can evaluate today.

        Use the open‑source tools for discovery and a single‑agent trial, or work directly with the founder on a scoped production pilot.

        Free · Apache‑2.0

        Find exposed agents

        Shadow Scanner · open‑source CLI

        Scan supported source, workspace, and local surfaces for agent footprints and exposed credentials. Review the README and permissions before pointing it at an organization.

        • Discovery, not runtime enforcement
        • Source and issue history are public
        Review Shadow Scanner
        v0.4.1 · Apache‑2.0

        Protect one agent

        Clavenar Lite · single binary

        Evaluate the proxy, policy decisions, pending approvals, and chain format locally without adopting the full service topology.

        • Use the pinned release, not :latest
        • Known gaps and verification steps published
        Check Lite status & install
        Design‑partner pilot

        Govern a production agent

        Full control plane · founder‑led deployment

        Scope one consequential tool surface, observe it first, then turn on policy and human approvals with a rollback plan and evidence review.

        Apply for the pilot

        Shape v1 around one consequential agent.

        Apply for a scoped design‑partner pilot. If the use case fits, the next step is a 30‑minute scoping call with the founder.

        We use this information only to evaluate and reply to your request. See our Privacy Notice and Terms.

        Prefer email? contact@clavenar.com