The operator runs inside your boundary. Zero data out.
Instead of sending prompts to a vendor cloud to govern them, the operator runs inside your own VPC and routes, guards, and proves every move within your trust boundary. Bodies, tokens and secrets never egress — only the leaf hash and Merkle root cross the wire, so your receipts verify on the same public portal as SaaS.
For the CISO who has to sign off: full autonomy, your boundary, you hold the kill switch. Observe & Suggest is available now; assisted and autonomous tiers roll out per tenant as you grant them.
The operator does its job without exposing a byte of prompt content
Instead of trusting a vendor cloud with your traffic, you run the operator on @agentics/gateway-core — the identical dispatch and receipt code that powers SaaS — inside your VPC, against your own database. You set what may leave with one of 3 egress modes: full, hash_only, or strict, where only the leaf hash crosses.
Because the core is identical, the operator's in-VPC receipts produce the same leaves, fold to the same Merkle roots, and anchor to the same chain — so your auditor verifies them on the same public Trust portal, with no prompt content ever leaving your boundary.
- In-VPC operator. It runs the same dispatch + receipt code as SaaS, in your boundary.
- Hash-only egress. Bodies, tokens and secrets stay home; only the 32-byte hash crosses.
- Verify parity. In-VPC receipts verify on the same public portal as SaaS.
It runs in your boundary, and proves it the same way
Instead of taking the operator's word for it, your auditor recomputes the proof. The leaf and Merkle math are byte-for-byte the same in your VPC as in SaaS, so an in-VPC receipt verifies the same way — without you exposing prompt content.
An in-VPC receipt verifies identically
This receipt the operator sealed uses the same canonicalization and sorted-pair fold the in-VPC core runs. Recompute the leaf — the bytes match whether the receipt was sealed in SaaS or in your own boundary.
This is the same client-side verification shipped on the Trust portal. SHA-256 runs via Web Crypto. No Agentics call.
- •Recompute leaf
- •Chain integrity
- •Fold Merkle proof
- •Anchor memo == root
SHA-256 runs in your browser via Web Crypto. No Agentics call.
Run the operator on your own host
Instead of pointing at a vendor cloud, install the core in your VPC and set the egress mode that matches your residency requirement. The operator runs there.
npm i @agentics/gateway-core
# wrap it in the Docker adapter — fetchUpstream / emit / now
# the operator runs here; bodies never leave. configure what does:
{
"egress": "hash_only", // full | hash_only | strict
"residency": "strict" // strict → only the leaf receipt_hash leaves
}
// raw bodies, tokens, PII and previews never cross the boundary
Set the operator's residency and egress
Instead of guessing what leaves your boundary, you see it: the console shows the operator's deployment mode, exactly what egresses, and the parity between in-VPC and SaaS receipts.
Sovereign console
The operator's deployment and egress configuration, with confirmation that in-VPC receipts verify on the public portal.
Open Sovereign →