The platform
One platform. One source of truth for your AI agents.
Everyone else owns a slice: an identity tool, a gateway, an eval harness, an audit log. Zahara is the governed loop in one system: govern agents your team already runs, enforce policy at runtime, route any model, watch every run, and keep one record you can verify.
Runtime enforcement + guardrails
Import any framework, no rewrite
Human review before action
LLM gateway, any provider, BYOK
Tracing, observability, command center
Evals + release quality gates
Versioning, inventory, rollback paths
Fleet runtime + workboard
MCP governance + memory
Proof you can check
Describe, import, or configure
SaaS now, private modes planned
Available in Zahara today or directly represented in the live product.
Available when the related workspace setup, routes, credentials, or policy are configured.
Planned enterprise capability shown so teams can see where the platform is headed.
The feature map
Feature name first. Short answer second. Details when they ask.
Browse the full capability map the way evaluators actually read: feature name first, short answer second, and detail available when they want proof.
Govern
Enforce policy at runtime - on every action, before it runs. Agents get scoped identity, least-privilege access, and credentials that never touch a prompt.
runtime enforcementCapability Invocation GateDeny-by-default enforcement on every trusted tool call.Available>
Every trusted action an agent attempts is checked against policy before it runs. Zahara can clear it, pause it for review, or block it outright. The gate sits outside the agent's prompt, so the model cannot talk its way around the rule.
Value: Operators can stop unsafe work before it touches a system, instead of finding out from logs after the damage is done.
guardrailsPer-agent guardrailsAllowed tools, blocked actions, and limits enforced at the gate.Available>
Define what each agent may read, write, call, spend, or change. Workspace policy sets the baseline; per-agent policy tightens it. Guardrails are not just text in the system prompt - they are enforced by the control plane.
Value: Operators can set clear boundaries for each agent and know those boundaries are enforced outside the model prompt.
least privilegeCapability contractsA formal model of what an agent can do and what it is bound to do.Available>
Each agent carries an operating contract: mission, owner, source systems, write destinations, allowed tools, blocked actions, approval route, and done condition. That gives operators a concrete object to review instead of a loose chat transcript.
Value: Operators can review the exact job, scope, owner, and allowed actions before trusting an agent with real work.
agent identityCredential vault and bindingsScoped credentials per agent, vaulted, never in prompts.Available>
Every agent runs with scoped access instead of a shared API key duct-taped into a script. Users enter their own secrets into the workspace vault. Thomas can point to missing setup, but never auto-fills, echoes, or submits credentials for the user. Credentials are bound to approved agent use, reducing blast radius.
Value: Operators can give agents the access they need without exposing raw secrets in prompts, scripts, or logs.
RBACRole-based access controlAdmin, operator, viewer, and scoped machine-access boundaries.Configurable>
Human roles decide who can create, configure, manage credentials, review approvals, or inspect fleet evidence. Machine access is treated separately from human roles so automation does not borrow a broad human session.
Value: Operators can separate who configures agents, who reviews them, who manages credentials, and what machines may run.
cost controlsHard spend and action ceilingsNumeric per-agent limits that stop runaway work.Configurable>
Set ceilings for spend, tool calls, retries, fanout, and other high-risk activity. The point is not to warn after a runaway loop - it is to halt the run when the ceiling is reached.
Value: Operators can stop runaway cost and runaway action loops before they become an incident or surprise bill.
Integrate
Bring agents and workflows you already have. Zahara imports the spec, shows what it can touch, and holds it in review instead of forcing a rebuild.
framework agnosticFramework and file adaptersImport common agent frameworks and specs without losing provenance.Configurable>
If an agent already exists somewhere - in a repo, a LangGraph graph, a CrewAI crew, or another supported spec - Zahara does not ask you to rebuild it. It imports the spec, keeps the source and adapter visible, and shows what capability was preserved for review.
Value: Operators can govern agents teams already built without forcing a rebuild just to get control and evidence.
access discoveryCapability mappingSurface tools, credentials, routes, and side effects before activation.Available>
Import is not just a parser. Zahara maps what the agent can touch: tools, model routes, MCP references, source systems, credentials, handoffs, and writes that require review.
Value: Operators can see the agent's blast radius before launch: tools, credentials, routes, writes, and side effects.
supply-chain recordImport provenanceRecord source, adapter, hash, warnings, and review state.Available>
Imported source, adapter name, content hash, warnings, preserved tools, and review decisions become part of the agent's record. Teams can see where an agent came from and what changed after it entered Zahara.
Value: Operators can prove where an agent came from, what was imported, and what changed after it entered Zahara.
no blind importsReview-first activationParsed does not mean trusted.Available>
A successful import still has to pass review. Preserved tools and side effects stay in review until an operator approves the operating contract.
Value: Operators can keep imported agents in review until their tools, side effects, and operating contract are approved.
Approve
No agent approves its own exception. Risky actions pause, route to a named person, and proceed only after a human says yes.
human in the loopApproval routingRisky actions pause and route to a named reviewer.Available>
When policy requires approval, Zahara pauses the run and notifies a specific reviewer with the full context of what is being asked. The agent cannot approve its own exception, and nothing proceeds until the reviewer approves it.
Value: Operators can route risky actions to the right human before the agent changes data, sends messages, or calls tools.
safe defaultFail-safe holdsIf approval is required, the action stays paused until reviewed.Available>
Timeouts and missing reviewers fail safe. Zahara keeps the pending action blocked instead of letting the model continue because nobody responded.
Value: Operators get a safe default: if nobody approves the action, the action stays blocked.
decision trailReview evidenceApproval IDs, reviewers, timestamps, and outcomes stay with the run.Available>
Every approval decision becomes evidence: who reviewed it, when, what action was requested, what was approved or denied, and how the run continued afterward.
Value: Operators can reconstruct who approved what, when, why, and how that decision affected the run.
Route
Your keys, your spend, your choice of model. Zahara sits underneath as the governed pipe, not another model vendor trying to upsell tokens.
LLM gatewayOpenAI-compatible gatewayRoute existing model calls through a governed endpoint.Available>
Zahara is designed around OpenAI-compatible routes so apps and agents can move model traffic behind a governed layer without scattering model settings across scripts and prompts.
Value: Operators can bring model calls under the same policy, logging, and audit controls without rewriting every agent.
provider agnosticMulti-provider routingFrontier LLMs, hosted open-source models, SLMs, and custom endpoints.Configurable>
Teams can use frontier providers, hosted open-source models, small language models, enterprise gateways, or custom OpenAI-compatible endpoints. The model can change without changing the governance record.
Value: Operators can choose the right model for each job while keeping one governance record across providers.
routing policySmart routing and fallbackChoose route policy by cost, quality, latency, or custom rule.Configurable>
Teams can choose cheap, balanced, strong, or custom paths with fallback chains. Where configured, budget and readiness gates block bad calls before they run.
Value: Operators can balance cost, quality, and reliability without letting model choice bypass policy.
BYOKBring your own keysYour provider keys, your model spend, no token markup claim.Available>
Provider keys live in the workspace vault and are tested before trusted runs. Zahara governs usage without needing to resell or mark up model tokens.
Value: Operators keep provider ownership and spend control while Zahara governs how keys are used.
gateway governanceGateway projects and request logsRoutes, providers, request records, and key rotation in one place.Available>
Organize routes and providers by workspace needs. Request logs, provider health, model readiness, and key lifecycle controls help teams treat model access as infrastructure.
Value: Operators can inspect model traffic, rotate access, and manage routes from one governed surface.
Watch
See every run, every step, every cost - for one agent or the whole fleet. Monitoring tells you what happened; Zahara pairs it with enforcement.
tracingRun tracing (Agent GPS)A step waterfall of goal, route, tool request, approval, and output.Available>
Every run is explainable: what the agent tried to do, which model route it used, which tool it requested, whether approval was needed, what happened next, and what proof was retained.
Value: Operators can see the exact path a run took instead of reconstructing it from scattered logs.
real-time monitoringLive streaming and replayWatch runs live, then fall back to stored replay when needed.Available>
Live events help operators see what is happening now. Stored replay protects the investigation path if the live stream drops or someone returns to the run later.
Value: Operators can investigate current runs live and still recover the full story later.
fleet opsHealth, signals, and outcomesThree lenses: system health, behavioral signals, business outcomes.Available>
Health tells you whether the fleet is running. Signals tell you whether behavior is drifting. Outcomes tell you whether the work is useful. Zahara keeps those views close to the agent record.
Value: Operators can separate uptime, behavior, and business impact instead of treating all runs as equal.
operator viewCommand CenterFleet metrics, approval pressure, guardrails, readiness, and dependency health.Available>
The command center is the operator's front door: active runs, success rate, signals, cost pressure, approval age, readiness, guardrails, and dependency health. It is where the fleet becomes manageable.
Value: Operators get one front door for fleet health, review pressure, cost, readiness, and dependencies.
operator preferenceCustom layoutReorder command-center blocks locally for the way each operator works.Available>
Operators can rearrange the command center in their browser and reset to default. It is a practical V1 customization path without pretending to be a full BI builder yet.
Value: Operators can keep the command center focused on the blocks they use most without changing shared data.
quality signalQuality scorerTurn run evidence into a trackable quality signal.Configurable>
A useful quality score combines status, latency, retries, cost, outcomes, tool success, and eval evidence. Treat this as a configurable signal that improves as teams wire more evidence into the loop.
Value: Operators can turn run evidence into a score they can track, compare, and eventually gate.
Evaluate
Catch regressions before customers do. Quality gates can block a bad version before trusted work reaches production.
eval studioEvaluationsLLM-judge and rule-based scoring for agent behavior.Available>
Evaluate agent versions against explicit cases, thresholds, and expectations. Use rule-based checks where the answer is deterministic and judge-based checks where output quality is open-ended.
Value: Operators can test behavior before trusting a new version with live work.
quality gateRelease gatesFailing or missing eval evidence can block promotion or launch.Configurable>
Bring CI/CD discipline to agents: if the evidence says the version is unsafe, stale, or below threshold, it does not advance to trusted work.
Value: Operators can stop a weak or stale version from reaching production workflows.
continuous evaluationScheduled evalsRun evals on a cadence to catch drift.Configurable>
Agent behavior can change when prompts, tools, models, data, or provider behavior changes. Scheduled evals catch drift outside the release window.
Value: Operators can catch drift after models, prompts, tools, or data change.
test suitesEval packsReusable eval-case collections across related agents.Configurable>
Teams reuse a quality bar: support triage cases, finance cases, security cases, release-readiness cases. The eval layer keeps those standards portable across the fleet.
Value: Operators can reuse the same quality bar across similar agents instead of rebuilding tests each time.
red teamingSecurity evalsTest prompt injection, unsafe tool behavior, and policy drift.Configurable>
Security-oriented evals sit beside normal quality checks. They test boundary conditions, adversarial inputs, and whether the agent respects tool and approval policy.
Value: Operators can test adversarial cases before attackers or users discover the gap.
Manage
Version agents like software: draft, configure, review, test, launch, and recover with history intact.
inventoryAgent fleet recordEvery agent has a home: owner, status, runtime, readiness, and history.Available>
A governed fleet needs an inventory that operators can trust. Zahara keeps the agent record, setup state, governance mode, readiness checks, and evidence in one place.
Value: Operators can find every agent, owner, status, and setup state without searching across chats and scripts.
lifecycleAgent versioningTrack changes to the spec and runtime configuration.Available>
Agent configuration changes are reviewable over time: mission, tools, route, approvals, safety, evals, and launch state. Versioning makes that inspectable.
Value: Operators can see what changed before a behavior change or incident.
recoveryRollback supportRecover to known-good configurations where rollback is configured.Configurable>
Where version history and rollback controls are enabled, operators can move back to a known-good state and preserve the recovery evidence.
Value: Operators can return to a known-good configuration when a change goes wrong.
agent teamsManager and managed agentsGovern standalone agents, manager agents, and managed sub-agents.Configurable>
Some teams need one standalone agent. Others need a manager coordinating several specialized agents. Zahara models both so delegated work stays visible.
Value: Operators can govern delegated work without losing sight of which agent did what.
Operate
Run agents across a fleet, feed them work from existing systems, and show governance on the board.
agent orchestrationFleet runtimeRunners claim, lease, heartbeat, and complete units of work.Available>
A fleet needs runtime discipline: runner identity, leases, heartbeats, completion records, token rotation, and remote disable. Zahara treats runner activity as governed infrastructure.
Value: Operators can run distributed agent work without losing identity, lease, and token control.
triggersWork sourcesFeed work from GitHub, webhooks, feeds, schedules, APIs, or manual entry.Configurable>
Agents start from the systems teams already use. Zahara supports manual test paths and configured routes for APIs, webhooks, schedules, external runtimes, and work feeds.
Value: Operators can bring real work into Zahara while keeping the launch surface governed.
agent ops boardWorkboardA live board where waiting, running, blocked, reviewed, and complete work is visible.Available>
The workboard shows more than progress. It shows governance: needs-review, budget-blocked, tool-blocked, paused, safe-test pending, and complete states.
Value: Operators can see where work is blocked, reviewed, running, or done from one queue.
Connect
Govern the tools, MCP servers, credentials, memory, and source systems your agents reach before they become shadow infrastructure.
tool setupIntegration catalogModel providers, SaaS tools, databases, APIs, collaboration, and business apps.Available>
Zahara organizes setup paths for the systems agents use: Gmail, Slack, GitHub, Zendesk, Postgres, model providers, APIs, webhooks, and other tools. The setup drawer shows only what the agent actually needs.
Value: Operators can connect the systems an agent actually needs without granting broad access by default.
MCP gatewayMCP server governanceTreat MCP servers like the shadow IT of the agent era.Configurable>
Unapproved MCP servers can expose powerful tools that nobody signed off on. Zahara registers MCP connections, risk-assesses them before an agent can use them, and scopes access per agent instead of granting it fleet-wide by default.
Value: Operators can review MCP tool surfaces before agents inherit those capabilities.
interoperabilityZahara-as-MCPExpose governance context to other tools through a controlled MCP interface.Configurable>
A control plane does not have to become a walled garden. A read-only MCP interface lets other approved tools ask governance questions without taking over policy enforcement.
Value: Operators can let approved tools query governance context without giving them policy control.
agent memoryVector memoryMemory and retrieval primitives governed like any other tool.Configurable>
Agents need retrieval and memory, but memory can become a source of stale or unsafe instructions. Zahara exposes memory through reviewed configuration and tracks what the agent is allowed to retrieve.
Value: Operators can make retrieval useful without letting memory become an unreviewed source of instructions.
notificationsSource sync and alertsGitHub, email, SMS, and webhook alerts keep people in the loop.Configurable>
Approvals and agent work need to reach the right person. Source sync and alerts keep agent operations connected to existing workflows instead of trapping everything inside a dashboard.
Value: Operators can keep approvals and work signals in the systems teams already watch.
Verify
Audit is not a screenshot. Zahara records decisions and lets reviewers check exported chains locally, without taking the claim on faith.
tamper-evident recordHash-chained audit logEach row includes previous and current hashes.Available>
Every audit row links to the one before it with a SHA-256 hash. If a hashed row changes or the linkage breaks, verification names the first failing row and reason.
Value: Operators can detect whether exported evidence changed after it was recorded.
no login, no server callStandalone verifierRecompute the chain in your own browser.Available>
Export the audit JSON, drop it into a page that runs entirely in your browser, and it will tell you by row if anything changed. The verifier requires no login and makes no call back to Zahara while checking the export.
Value: Operators can prove the record independently instead of trusting a vendor badge.
run dispositionDecision ledgerApprovals, denials, overrides, and outcomes reconcile to run proof.Available>
The decision record shows how a run moved from request to review to final outcome. That record gives auditors something better than a transcript.
Value: Operators can trace how a request became an approval, denial, override, or outcome.
SOC 2 evidenceCompliance exportsExport evidence with verification metadata.Available>
Exports include the fields needed to verify the chain outside Zahara: hash status, previous hash, row hash, verifier result, and legacy-row treatment.
Value: Operators can give auditors evidence that survives outside the Zahara UI.
future proof modeExternal anchoringPublic or customer-controlled anchoring can add another proof layer.Planned>
External anchoring and stronger signing modes are planned proof layers separate from today's in-browser verifier. They can publish hashes, never customer data, to a customer-controlled or public checkpoint.
Value: Operators can add a future proof layer for environments that need stronger tamper resistance.
Build
Use build tools as on-ramps into governance. Describe, import, or configure an agent - then Zahara turns it into a governed operating record.
intent to agentNatural-language agent creationDescribe the job in plain words; get a governed operating spec back.Available>
Vibe Intake turns an ordinary description into a structured spec: name, mission, owner, sources, writes, approval route, blocked actions, setup requirements, and safe-test path.
Value: Operators can turn a plain-language request into a reviewable governance contract.
builder modeFull enforcement or Freestyle draftChoose strict gates or a draft path that keeps gaps visible.Available>
Full enforcement blocks launch until required connections, approvals, and contradictions are resolved. Freestyle draft lets builders continue while still showing the missing setup clearly.
Value: Operators can default to strict governance while still allowing safe drafting and iteration.
connection flowInline setup drawerConnect what the agent needs without leaving the build flow.Available>
The setup drawer shows only the systems the user specified with Thomas - Gmail for Gmail agents, Zendesk for support agents, GitHub for PR agents, Postgres for database agents, and so on.
Value: Operators can reduce setup friction without hiding required model, tool, and approval gates.
low codeVisual agent builderA typed, governed canvas for teams that prefer visual design.Planned>
A planned visual builder brings the same governance model to a canvas: tools, human-review gates, logic branches, knowledge lookups, search, and model routing as governed nodes.
Value: Operators can make future visual workflows governable node by node.
pro-codeCode-first builderSpec editing, schema validation, and GitHub-backed workflows.Configurable>
Platform teams can author and review agent specs like software. Zahara's code-first path keeps schema validation and source review tied to the same governed record.
Value: Operators can keep platform-team workflows inside the same governed spec model.
prebuilt libraryTemplate marketplacePre-governed starter agents shorten the path to first value.Planned>
Planned templates for support triage, research, PR review, finance checks, and incident summaries can ship with sensible routes, approvals, limits, and setup cards.
Value: Operators can start from safer defaults instead of blank prompts.
Deploy your way
Managed SaaS today. Private deployment modes are planned for enterprise environments. The evidence model is built for teams that need producible AI decision trails.
available nowManaged SaaSZahara runs today as a managed application with live workspaces.Available>
The current product is managed SaaS: onboarding, credential vault, fleet, command center, approvals, evals, audit, and verifier surfaces all live in the hosted application.
Value: Operators can start immediately without running governance infrastructure themselves.
low-friction setupHosted adaptersManaged adapters first, with self-host templates where teams need control.Configurable>
Zahara's adapter model is built for managed Slack, Teams, Discord, portal, API, and runtime surfaces where low-friction setup matters, with self-host templates for teams that require owning the runtime surface.
Value: Operators can bring agent presence into work surfaces without rebuilding the governed core.
enterprise plannedVPC, on-prem, air-gappedPrivate deployment modes for data-residency and high-security buyers.Planned>
Planned VPC, on-prem, and air-gapped modes address data residency and high-security requirements for teams that cannot use a standard SaaS deployment.
Value: Operators can plan for private deployment requirements without changing the governance model.
data residencyYou own your dataPrivate modes are designed for customer-controlled data boundaries.Planned>
In private deployment modes, customer data stays in the customer's environment and Zahara provides the governance software that runs inside the chosen boundary.
Value: Operators can align agent governance with data-residency and ownership requirements.
The source of truth
The record everything reconciles to - and you can check it.
The features matter because they all point back to evidence: approval decisions, tool requests, model routes, eval gates, and audit rows that can be verified outside the vendor UI.
Each row carries the hashes needed to detect content or linkage changes.
Drop in a JSON export and recompute the chain locally in the browser.
The public verifier does not call Zahara while checking the export.
External anchoring is a separate planned control beyond the in-browser verifier.
Start here
Bring one agent under Zahara. Prove the loop. Then scale.
Start with Vibe, import an existing agent, or configure one directly. Zahara keeps the setup gaps visible until the agent is ready for trusted work.