Skip to main content

ProofRail

Your agents act together. Govern them that way. ProofRail watches what your AI agents do across an entire workflow — cumulative spend, external calls, risky actions, which agents have run, what domains they’ve contacted — and applies policy to the whole chain, not just one tool call at a time. When something crosses a threshold you’ve set, execution pauses for human approval before it runs.

The problem ProofRail solves

Most AI safety tools evaluate one tool call at a time. That misses the failure mode that actually matters in production: agents that each look fine individually but commit you to something serious in aggregate. A research agent looks up vendor pricing. A negotiation agent calculates an offer. An email agent drafts the message. A commitment agent records the deal. Each step passes its own per-call review, and the chain quietly hands a vendor $50,000 with no human in the loop. Chain-level governance is the difference between catching that and not catching it.

What you get

  • Cumulative tracking across the whole workflow — financial exposure, external communications, records modified, privileged actions, tokens used. A 4,000chargelooksfinealone;thesamechargeafterthreeother4,000 charge looks fine alone; the same charge after three other 3,000 charges should require approval.
  • Local fast-path evaluation — obviously-safe actions resolve in under 5ms with no backend round-trip. You don’t pay network latency on the reads and lookups that make up most of an agent workflow.
  • Blocking human approval gate — when policy says a human needs to sign off, your code actually blocks until they do. The approver gets an email with chain context, clicks through, and the workflow resumes.
  • Tamper-evident audit receipts — every chain closes with an HMAC-signed, hash-chained receipt. You can verify any receipt offline without a network call.
  • Open-source SDK — the policy engine that runs locally is the same algorithm running on the backend, verified for parity on every test run. Read it before you install it.

Who this is for

Anyone running AI agents in real systems. If you’re building with LangGraph, LangChain, CrewAI, MCP, or your own orchestration, ProofRail fits. Solo developers, small teams, and startups all qualify. You don’t need to be at scale to want this — you need to be one chain of agent decisions away from a problem you can’t take back.

How it works

Two components: an open-source SDK that runs in your Python process, and a hosted backend that handles authoritative policy decisions, dashboard UI, and audit log storage. The SDK handles chain lifecycle, payload sanitization, and a local fast-path for obviously-safe actions. Anything that needs scrutiny — financial actions, high-risk agents, actions near a configured threshold — goes to the backend for the real decision. The policy logic powering the fast-path is published in full at proofrail/policies.py. The backend runs equivalent logic and the two are verified against identical inputs on every test run.

Where to go next

Installation

Install the SDK and the framework adapters you need.

Quickstart

Get from install to your first governed chain in under 10 minutes.

Chain-level governance

The core concept. Why workflow-level matters more than per-call.

Framework integration

LangGraph, LangChain, CrewAI, and MCP adapters.