// Operated in your VPC

The operator runs inside your boundary. Zero data out.

Instead of sending prompts to a vendor cloud to govern them, the operator runs inside your own VPC and routes, guards, and proves every move within your trust boundary. Bodies, tokens and secrets never egress — only the leaf hash and Merkle root cross the wire, so your receipts verify on the same public portal as SaaS.

For the CISO who has to sign off: full autonomy, your boundary, you hold the kill switch. Observe & Suggest is available now; assisted and autonomous tiers roll out per tenant as you grant them.

// What it is

The operator does its job without exposing a byte of prompt content

Instead of trusting a vendor cloud with your traffic, you run the operator on @agentics/gateway-core — the identical dispatch and receipt code that powers SaaS — inside your VPC, against your own database. You set what may leave with one of 3 egress modes: full, hash_only, or strict, where only the leaf hash crosses.

Because the core is identical, the operator's in-VPC receipts produce the same leaves, fold to the same Merkle roots, and anchor to the same chain — so your auditor verifies them on the same public Trust portal, with no prompt content ever leaving your boundary.

// What you get
  • In-VPC operator. It runs the same dispatch + receipt code as SaaS, in your boundary.
  • Hash-only egress. Bodies, tokens and secrets stay home; only the 32-byte hash crosses.
  • Verify parity. In-VPC receipts verify on the same public portal as SaaS.
// The record it's held to

It runs in your boundary, and proves it the same way

Instead of taking the operator's word for it, your auditor recomputes the proof. The leaf and Merkle math are byte-for-byte the same in your VPC as in SaaS, so an in-VPC receipt verifies the same way — without you exposing prompt content.

An in-VPC receipt verifies identically

This receipt the operator sealed uses the same canonicalization and sorted-pair fold the in-VPC core runs. Recompute the leaf — the bytes match whether the receipt was sealed in SaaS or in your own boundary.

This is the same client-side verification shipped on the Trust portal. SHA-256 runs via Web Crypto. No Agentics call.

// Verify in your browser Anchored
receipt_idc4d8e2f0…4e5f
prev_hash1af67611…4a032
payload_hash2962f6b5…466dd
recomputed
merkle_root14a24583…c058a
  • Recompute leaf
  • Chain integrity
  • Fold Merkle proof
  • Anchor memo == root

SHA-256 runs in your browser via Web Crypto. No Agentics call.

// The deployment

Run the operator on your own host

Instead of pointing at a vendor cloud, install the core in your VPC and set the egress mode that matches your residency requirement. The operator runs there.

npm i @agentics/gateway-core
# wrap it in the Docker adapter — fetchUpstream / emit / now
# the operator runs here; bodies never leave. configure what does:
{
  "egress": "hash_only",   // full | hash_only | strict
  "residency": "strict"     // strict → only the leaf receipt_hash leaves
}
// raw bodies, tokens, PII and previews never cross the boundary

Read the self-host guide →

// In the console

Set the operator's residency and egress

Instead of guessing what leaves your boundary, you see it: the console shows the operator's deployment mode, exactly what egresses, and the parity between in-VPC and SaaS receipts.

acme.agentics.you/console/sovereign/

Sovereign console

The operator's deployment and egress configuration, with confirmation that in-VPC receipts verify on the public portal.

Open Sovereign →
// Sovereign by design

Let the operator run your AI in your boundary — and prove every move.