AI Governance Pipeline

Govern every
AI agent action.
Prove every decision.

Purogaly intercepts AI agent actions at the MCP layer, evaluates them against your policies in real time, hash-chains every decision into tamper-evident evidence, and lets auditors verify it offline.

Frameworks mapped:EU AI Act28NIST AI RMF72SOC 238ISO 2700179
01 · AI ACTIONDELETE customer_datarisk: HIGH · agent: support-bot02 · POLICY MATCHApproval requiredCustomer deletion · dual approval→ routed to humans03 · HASH-CHAINEDEVENT N-1a3f8...b91c...EVENT Nb91c...d4e7...EVENT N+1d4e7...f2a1...SHA-256 linkage · race-safe insertsEVIDENCE BUNDLE{"framework": "SOC_2","period": "Q1_2026","chain_status":"VALID","events_verified":"<count>","controls_covered":38,"genesis_hash":"a3f81b29..."}VERIFIABLE OFFLINEAuditor runs CLI · zero trust required04 · AUDITOR VERIFIEDVERIFIEDpurogaly-verify · offline
The evidence gap

A log file isn't evidence.
Auditors know.

Most AI governance produces audit trails that look authoritative but fall apart under scrutiny. Three problems show up in every real audit.

01

Approvals scattered across tools.

Slack threads, Jira tickets, email chains. Every approval lives somewhere different. No single record an auditor can verify.

02

Audit trails that aren't tamper-evident.

An append-only log file isn't proof of anything. Without cryptographic linkage, any record could have been edited after the fact.

03

Evidence that requires trusting the vendor.

If verifying compliance evidence requires calling the vendor's API, the evidence is only as trustworthy as the vendor. Auditors notice.

Intercept

Every agent request,
through the gateway.

Purogaly's MCP proxy sits between AI agents and the systems they touch. Every tool call routes through Purogaly, gets policy-evaluated in real time, and either flows through, gets blocked, or routes to humans for approval — before reaching the system being acted on.

  • MCP-native interception. Drop-in proxy for any agent that speaks Model Context Protocol.
  • Real-time policy evaluation. Allow, block, or escalate every request before it executes.
  • Per-agent identity. Every request tagged to the agent making it. No anonymous traffic.
  • Audit-logged at the gateway. Every interception writes a tamper-evident event before the response returns.
mcp-proxy / inbound request
POST /mcp-proxy
X-Agent-Idleapr-agent-prodmethodtools/calltooldelete_user_record
> evaluating policies...
matched: customer-deletion
> requires_approval: true
> status: ESCALATED
> audit_log: written
Routed to humans · auditable from this point forward
Capture

Every decision,
captured by policy.

When an intercepted action requires human review, Purogaly routes it to the right approvers based on policy rules. Every approval, denial, and escalation is recorded — who decided, when, and on what evidence.

  • Policy-driven routing. Match by action_type, risk_level, resource pattern.
  • Human-in-the-loop decisions. Single, dual, or quorum approvals per policy.
  • Versioned policies. Diff viewer, draft mode, atomic publish.
  • Auditable timeline. Every approval recorded with the reviewer, timestamp, and decision context.
approval_policies / customer_deletion
POLICY
Customer deletion requires dual approval
matchaction_type = "DELETE_CUSTOMER"riskHIGH, CRITICALactionrequire_approvalapprovers2 of [admin, security]
Active · routes every matched action through human review
Sign

Hash-chained at the
moment of decision.

Every governance event is SHA-256 hashed and cryptographically linked to its predecessor. Tampering with a single event invalidates every event after it. The chain itself is the proof.

  • SHA-256 hash linkage. Every row references its predecessor's hash.
  • Race-safe writes. Per-organization advisory locks prevent chain forks under concurrent load.
  • Append-only. No update or delete primitives exposed. The audit log is immutable by construction.
  • verify_audit_chain(). SQL function walks the chain, recomputes every hash, surfaces any break.
postgres · verify_audit_chain
-- Walk every row, recompute every SHA-256
SELECT * FROM verify_audit_chain('org-uuid');
total_events | <n>
status | VALID
genesis_hash | a3f81b29...
latest_hash | f2a17e44...
verified_at | 2026-04-25 22:14
-- Or verify offline with the open-source CLI:
$ npx purogaly-verify bundle.json
✓ BUNDLE VERIFIED
<n> audit events checked. All hashes valid.
Map

217 controls.
Four frameworks. Pre-mapped.

Approval policies map to compliance controls automatically. Coverage dashboards show which obligations you can prove and which you can't — before your auditor asks.

EU_AI_ACT
EU AI Act
Articles 8–15, 16–27, 50, 53–55, 72–73, 85–86. Verbatim from Regulation (EU) 2024/1689.
28articles mapped
NIST_AI_RMF
NIST AI Risk Management Framework
All 72 subcategories from NIST AI RMF 1.0 — Govern, Map, Measure, Manage functions.
72subcategories
SOC_2
SOC 2 Trust Services Criteria
CC1–CC9 common criteria, plus Availability and Confidentiality categories.
38criteria
ISO_27001_2022
ISO/IEC 27001:2022
Annex A.5 (organizational), A.6 (people), A.8 (technological) controls.
79controls
Prove

Generate. Share.
Verify without trusting us.

The auditor receives evidence as a shareable URL or signed JSON bundle. They can verify cryptographic integrity offline, on their own machine, with our open-source CLI. No Purogaly account required.

01 · GENERATE

Frozen snapshot.

One click produces a cryptographically signed evidence bundle for any framework + date range. Coverage summary, mapped policies, governed events, full hash chain — all locked at the moment of generation.

02 · SHARE

Send a link.

Shareable URL with cryptographic access token. 90-day expiration by default. View tracking. Revoke anytime. Auditor opens in any browser — no account, no software install, no Purogaly login.

03 · VERIFY

Open-source CLI.

Auditor runs purogaly-verify against the bundle JSON. Walks every event, recomputes every hash, returns pass or fail. MIT licensed. No network calls.

Enterprise

Built for security teams
that ask hard questions.

Enterprise-grade controls expected by procurement, security, and compliance reviewers.

Shipped
Tamper-evident audit log
● Live
SHA-256 hash chain, race-safe inserts, append-only writes. Verified by built-in SQL function and open-source CLI.
Per-organization data isolation
● Live
Row-level security on every table. Each organization's audit chain, policies, and evidence isolated.
Open-source verifier
● Live
MIT-licensed CLI. Auditors verify bundles offline without trusting Purogaly's hosted infrastructure.
Roadmap
SAML 2.0 SSO + SCIM
○ In development
Single sign-on via Okta, Azure AD, Google Workspace. Auto-provisioning and deprovisioning via SCIM.
Uptime SLA
○ Negotiated per enterprise contract
Published SLA terms, credit policy, and incident response commitments — written into your enterprise agreement.
DPA + Trust Center
○ In development
Signed DPA, sub-processor list, security whitepaper, encryption posture, incident response policy. Available alongside enterprise procurement review.
Reference Implementations

Built on Purogaly.
In production today.

Reference implementations: Leapr and Deployco are production AI applications operating on Purogaly's governance infrastructure.

REFERENCE IMPLEMENTATION

Leapr

Career transition intelligence platform. Its agent operations flow through Purogaly's approval pipeline and hash-chained audit log.

Visit Leapr →
REFERENCE IMPLEMENTATION

Deployco

Autonomous content distribution agent for founders. Tool calls are governed via the same MCP proxy and policy engine offered to enterprise customers.

Visit Deployco →

Ready to make your AI
evidence defensible?

Book a demo. We'll show you the platform, walk through a real evidence bundle, and run the offline verifier live.