Block unsafe AI agent actions before they touch real systems.

VertRule sits between AI agents and the systems they can reach — repos, databases, CI/CD, and internal APIs. Each attempted action is checked against policy: approved actions continue, unsafe ones are blocked before execution, and every decision is recorded.

Request a Pilot See how it works

Prefer a direct note? Email Dave

A pre-execution control point for AI agent actions.

VertRule is a pre-execution policy enforcement layer for AI agent actions. Logs tell you what happened. RBAC governs who has access. Model guardrails influence behavior. VertRule governs the moment an agent tries to act — before the action reaches a real system.

Before execution

not after the fact
Explicit policy

not probabilistic judgment
Evidence on every decision

not vague audit trails

AI Agent
↓
VertRule
↓
Repo · Database · CI/CD · Internal API

Allow · Deny · Receipt

Receipt: verifiable evidence of what was attempted, what was allowed or blocked, and why.

Blocks destructive SQL Blocks protected-branch force pushes Stops unapproved data egress Verifiable receipts for every decision

Intercept

Every agent action passes through VertRule before it reaches a repo, database, deployment target, or external API.

Decide

Deterministic policies evaluate the action and return allow or deny. No heuristics, no probabilistic detection. The same input always produces the same verdict.

Prove

Each decision produces a cryptographic receipt — BLAKE3 digest, JCS canonical form. Independently verifiable, permanently auditable.

Same agent. Same task. Less blast radius.

An incident-response agent with real system access reads logs, queries production, and opens a safe rollback PR. When it tries destructive SQL, a protected-branch force push, or unapproved data egress, VertRule blocks the action before execution and records the decision.

Policy

[email protected]

Determinism policy

Read operations on governed tables are permitted

No destructive SQL on production tables

All collections use ordered iteration

Runtime

vertrule-runtime

Every decision produces a receipt

The receipt is evidence. Each one is independently verifiable.

Receipt envelope denied

event_hash befdf1a1...680e

action execute_sql

statement DROP TABLE sessions

policy db-safety@1

reason Destructive SQL blocked by policy

This receipt is a real verifier-passing artifact. Verify it yourself.

One control point for every agent boundary

Deploy VertRule in front of the systems your agents can touch. Start with one workflow, then expand policy coverage over time.

Repos

Force pushes, direct commits to protected branches

Databases

Destructive SQL, schema mutations, unbounded queries

CI/CD

Unapproved deployments, pipeline modifications

Internal APIs

External data transfers, privilege escalation

Proof is available when you want it.

VertRule decisions are deterministic and produce receipts that can be independently verified.

BLAKE3

befdf1a174e8fd225e0b584fb68214d19f2fb832a43193708e33fb92bedc680e

Verify a receipt Research notes →

New to agent governance?

Read the practical explainer — category, control point, and how a pilot starts. Agent Governance, explained →

Technical Notes

Gemma 4 31B-IT

Deterministic local topology capture on a bounded CPU surface.

Nemotron-3 Super-120B

Local execution and canonical mixed-edge topology for a larger hybrid model.

All technical notes →

Start with a controlled pilot

One workflow. One integration boundary. 3-5 policies. Receipts on every decision. See VertRule stop the expensive mistake on your systems.

Request a pilot Email Dave Verify a sample receipt