Interactive demo · simulation, no account needed

The authorization and audit layer for AI agents.

Every agent action intercepted. Every policy enforced. Every outcome cryptographically proven.

Try it live

Walk through each feature step by step. Every pipeline shows the full decision chain — from input to receipt. You control the pace.

Feature demos

End-to-end pipelines

AI assistant

The problem

Which model decided?

You don't know. There's no record of which model ran, what version, or what it saw.

Was the decision correct?

No second opinion. A single model hallucinating means a wrong decision ships.

Did a human review it?

High-stakes decisions go straight through. No approval gate, no audit.

Can you prove it later?

No cryptographic proof. If a regulator asks, you have logs — maybe. Not evidence.

What Aira does

Policy engine

Four modes — deterministic rules, plain-English AI policies, multi-model consensus, and content scan. Stack them freely per policy.

Content scanner

NER-powered (Microsoft Presidio) + 27 regex patterns. Catches person names, addresses, SSNs, credentials, prompt injection. Input and output scanning.

LLM Gateway

Transparent proxy for OpenAI, Anthropic, Google, Ollama, or any OpenAI-compatible provider. Every call scanned, policy-checked, and receipted. Zero code change.

Human approval

High-risk actions held for review. Secure single-use approval links. The approval decision is Ed25519-signed into the receipt chain.

Agent identity

W3C DID per agent (did:web). Ed25519VerificationKey2020. Key rotation. Resolvable and verifiable across organizations.

Universal receipts

Ed25519 receipts for every action — authorized, denied, or failed. Zero audit gaps. Verifiable with OpenSSL, no account needed.

Compliance bundles

Merkle-rooted evidence exports mapped to EU AI Act Article 12, ISO 42001, SOC 2 CC7, SR 11-7. Signed, sealed, regulator-ready.

DORA compliance

Articles 17-19 incident lifecycle, ICT third-party register (Articles 28-44), resilience-test log (Articles 24-27). Major-incident PDFs Ed25519-signed.

Drift detection

Per-agent behavioral baselines + KL divergence scoring. Alerts when an agent's behavior shifts from the expected pattern.

Settlements

Tamper-evident batches anchor recent receipts to a public log with RFC 3161 timestamps + per-receipt inclusion proofs.

Multi-party signing

Policy evaluator signs with a key distinct from the notary key. Two independent signatures per receipt, both in JWKS.

Output scanning

LLM responses are scanned with the same NER + regex engine. Catches sensitive data in what the model returns, not just what you send.

Two calls. Every stake covered.

Your agent calls aira.authorize() before it acts and aira.notarize() after. Everything else happens automatically — billed only on authorize.

Intent— Agent sends action_type + details + agent_id to POST /actions.

Policy engine— Rules fire first, then AI, then consensus, then content scan — in the order you configure. Plain-English reasoning attached.

Multi-party signature— The PolicyEvaluation row is signed with a distinct policy-evaluator key. Two independent parties on every decision.

Decision— Authorized / pending_approval / denied_by_policy. Denied actions get a denial receipt — universal receipts, zero gaps.

Human review (when triggered)— Secure single-use approval link to the approver dashboard. Full action context. Approve or deny.

Agent executes— If authorized, your code runs the real action — wire transfer, email, refund, whatever.

Notarize— Agent reports the outcome. Aira mints an Ed25519 receipt committing action id, outcome, replay context, and the policy decision.

Proof & settlement— Receipt is publicly verifiable. Periodic Merkle settlement anchors it into an RFC 3161-timestamped batch.

Architecture

Aira sits between your agents and your AI providers. It doesn't replace your models — it governs them.

ingress

Your Agent

payments · refunds · support · KYC · content moderation

① authorize()

▼

⑦ notarize()

▼

step 1 · before

Aira Policy Engine

rules → AI → consensus → content scan

multi-party signature (evaluator key ≠ gateway)

→ authorized · pending_approval · denied_by_policy

step 2 · after

Aira Notary

Ed25519 signer

receipt v1.3 + replay context (prompt, tools, params)

→ JWKS-verifiable at /verify/action/{id}

▼

pending_approval →
human approver (HMAC email link)

▼

publicly verifiable receipt

periodic anchor

Merkle settlement

Every receipt batched into a Merkle tree + RFC 3161 trusted timestamp. O(log n) inclusion proof per receipt.

One integration, any agent

Python SDK, TypeScript SDK, or raw HTTP. Three lines of code.

Python

from aira import Aira

aira = Aira(api_key="...")

# Step 1 — ask for permission before the agent acts
auth = aira.authorize(
    action_type="wire_transfer",
    details="Send €75K to vendor-x",
    agent_id="payments-agent",
)

if auth.status == "authorized":
    # your code runs the real action
    tx = stripe.transfers.create(...)

    # Step 2 — seal the outcome
    receipt = aira.notarize(
        action_uuid=auth.action_uuid,
        outcome="completed",
        outcome_details=f"stripe_tx={tx.id}",
    )
    # receipt.signature · Ed25519 · publicly verifiable

TypeScript

import { Aira } from "aira-sdk";

const aira = new Aira({ apiKey: "..." });

// Step 1 — ask for permission before the agent acts
const auth = await aira.authorize({
  actionType: "wire_transfer",
  details: "Send €75K to vendor-x",
  agentId: "payments-agent",
});

if (auth.status === "authorized") {
  // your code runs the real action
  const tx = await stripe.transfers.create({ ... });

  // Step 2 — seal the outcome
  const receipt = await aira.notarize({
    actionId: auth.actionId,
    outcome: "completed",
    outcomeDetails: `stripe_tx=${tx.id}`,
  });
  // receipt.signature · Ed25519 · publicly verifiable
}

Built for compliance

EU AI Act — Article 14

Human oversight for high-risk AI. Aira enforces it with policy-driven approval gates and full audit trails.

Tamper-proof evidence

Cryptographic receipts are independently verifiable. Ed25519 signatures can't be forged. RFC 3161 timestamps can't be backdated.

Model accountability

Every receipt records which models ran, which versions, what they decided, and how they disagreed. Full attribution.

Decision provenance

The complete chain from input data to final decision is hash-linked. If anything was altered, the chain breaks.

Who it's for

AI teams

Ship agents faster. Governance is one SDK call, not months of custom infrastructure.

Compliance teams

Audit any AI decision after the fact. Cryptographic proof, not screenshots.

Regulated industries

Finance, insurance, healthcare, legal — anywhere AI decisions carry real consequences.