What is Aira?

The problem we solve

You built an agent. It has access to tools that can move money, send email, delete data, publish content, or talk to customers on your behalf. Your CFO, your head of legal, your compliance lead, and your insurers all want to know the same three things:

1. Who authorized this action? A human? A model? Which model? What was the prompt?
2. What stopped it from doing something dangerous? A hardcoded rule? A judgment call by an LLM? A human reviewer?
3. If a regulator knocks on the door tomorrow, can you prove any of the above? Without relying on vendor goodwill, without a subpoena, in a format a non-technical auditor understands.

"We log everything in Datadog" is not the answer. Logs aren't signed. Logs aren't timestamped by a trusted third party. Logs can be tampered with by anyone with write access to the log store. And logs don't prevent anything — they describe what already went wrong.

Aira is the only AI governance provider that gives you a public, cryptographically verifiable URL for every receipt. No account, no vendor call, no subpoena: anyone with the receipt id can hit /api/v1/verify/action/{id} and independently check every signature against the published JWKS. We're the transparency provider for AI governance.

Who it's for

• Fintech / payments: agents that wire money, refund transactions, approve loans, or manage treasury. EU AI Act Art. 14 (human oversight) + SOC 2 CC7 out of the box.
• Banks, insurers, EU financial services under DORA: every ICT incident (Articles 17-19) gets a tamper-evident lifecycle, every vendor a structured register entry (Articles 28-44), every resilience test (24-27) an append-only log. Major-incident PDFs are Ed25519-signed and ready for ESA submission. See the DORA guide.
• Healthcare / life sciences: agents that triage support tickets involving patient data, request records, or communicate with providers. PII scan + audit trail + legal hold in one.
• Regulated SaaS: compliance, legal, insurance, or government-adjacent products where "an AI did this" needs to be provable and reversible.
• AI infrastructure teams: builders of multi-agent orchestration frameworks who need a shared governance layer so every agent in the org plays by the same rules.
• Anyone under the EU AI Act: Article 12 (automatic event logging), Article 14 (human oversight), and Article 15 (accuracy, robustness, cybersecurity) all require evidence. Aira produces that evidence in one click.

If "an agent fucked up and nobody can explain how" would cost you your job, your customers, or your licence, you are our customer.

The two-step flow

                  ┌────────────────┐
agent wants to ───▶│ POST /actions  │──▶ policy engine runs
 transfer €75K    │   (authorize)  │    (rules / AI / consensus / scan)
                  └────────────────┘
                          │
         ┌────────────────┼─────────────────┐
         ▼                ▼                 ▼
    authorized      pending_approval    denied_by_policy
         │                │                 │
    agent executes   human decides      403 back to agent
         │            via email link     (still recorded)
         ▼                ▼
  ┌──────────────────────────┐
  │ POST /actions/{id}/notarize │──▶ Ed25519 receipt minted
  │        (notarize)            │    + public verification URL
  └──────────────────────────┘

Step 1 — authorize. The agent sends a description of what it wants to do (action_type, details, agent_id, optional replay-context hashes). Aira runs every matching policy, returns one of three states, and commits a signed PolicyEvaluation row for audit. If denied, the agent gets a 403 with the policy name and human-readable reason.

Step 2 — notarize. Once the agent has actually done the thing (completed the wire, sent the email, refunded the customer), it reports the outcome. Aira mints an Ed25519-signed receipt that commits the action id, the outcome, the replay context, a reference to the policy decision, and the system-prompt hash. The receipt is publicly verifiable at api.airaproof.com/api/v1/verify/action/{id} — no auth, no account.

Billing happens at authorize, because that's where the expensive compute runs (policy engine + LLMs + content scan + multi-party signing). Notarize is free bookkeeping. See Billing for the full event → meter mapping.

What's in the box

1. Policy engine — four modes, one API

Policies stack. One action can hit rules first, then content scan, then consensus — in any order you configure. See the policy guide for configuration details.

2. Multi-party cryptographic notary

• Ed25519 signing by default (RFC 8032). Verifiable in OpenSSL, every browser, every major language.
• Pluggable signing backend — ML-DSA-65 (NIST FIPS 204) is a drop-in for post-quantum deployments. See Pluggable Signing.
• RFC 3161 trusted timestamps on compliance bundles and Merkle settlements. (Per-action timestamps are opt-in for deployments that don't want the external network call on the hot path.)
• Distinct policy-evaluator key. The policy decision is signed by a different key than the action receipt, so a regulator inspecting two receipts can confirm they were signed by two independent parties in the same org. Both keys published via JWKS at /.well-known/jwks.json. See Multi-party Signatures.
• Public verification URL — anyone can paste a receipt id at /api/v1/verify/action/{id} and get back the signed payload, public key, and algorithm. No Aira dependency. See Public Verification.

3. Human-in-the-loop approvals

• Approval primitive with full lifecycle states: pending_approval → approved → notarized or pending_approval → denied_by_human → failed.
• Secure approval links — approvers click through to a public page, review the action, approve or deny. No account needed.
• Dashboard view for approval queues, with filters by agent, action type, and age.
• Multi-approver rules per policy (N-of-M, role-based, escalation paths). See Human Approval.

4. Behavioral drift detection

• Per-agent behavioral baselines computed from production action history, synthetic seed data, or pooled cohort data.
• Symmetric KL divergence scoring against the baseline's action-type distribution.
• Volume ratio alerts independent of distribution (sudden spikes and drops).
• Severity scoring (info / warning / critical) + webhook + drift alert dashboard.
• Lets you catch "my agent started doing something new last Tuesday" before it becomes an incident. See Drift Detection.

5. Compliance bundles + regulator-ready reports

Two views of the same data — machine-readable JSON for auditors, signed PDF for regulators. See Sub-Products for the split.

Bundles — cryptographic evidence exports:

• Sealed, Merkle-rooted evidence exports for a date range.
• Pre-built framework mappings: EU AI Act Article 12, ISO 42001, AIUC-1, SOC 2 CC7, raw.
• Self-contained JSON — every receipt's signed payload inlined, JWKS URL embedded, verification instructions in plain English. An auditor with nothing but OpenSSL and this file can recompute the root and verify every signature.
• Streaming export — safe for 100k+ receipt bundles.
• Per-receipt Merkle inclusion proof endpoint for point-in-time verification without downloading the whole bundle. See Compliance Bundles.

Reports — the document a regulator opens:

• Article 12 technical file — automatic logging with Annex VII field mapping (guide).
• Article 9 risk management register — actions bucketed by Annex III high-risk category, with per-agent-per-category rows persisted for later queries (guide).
• Article 6 right-to-explanation — per-action walkthrough of the full policy chain, approval chain, and signed receipt. Every response carries a signed JSON envelope; a public POST /api/v1/verify/explanation endpoint lets a regulator re-verify the export without an Aira API key (guide, envelope guide).
• Annex IV technical documentation — the top-level file every high-risk AI system provider must prepare under Article 11; maps each of the nine sub-sections 1..9 to data Aira already holds (org profile, policy catalogue, signing-key lifecycle, drift alerts, settlements, conformity counters). 10-year retention (guide).
• Same Ed25519 signature + RFC 3161 timestamp as bundles. GET /compliance/reports/{id}/verify re-derives the content hash and confirms the signature in one call. See Compliance Reports.

6. Merkle settlements

• Periodic, admin-triggered Merkle anchoring of every receipt into a batch with a single root signature + RFC 3161 timestamp.
• Each receipt's inclusion proof is stored on the receipt row, so a single-receipt verification is O(log n).
• This is the Aira answer to "proof of write order" without spinning up an external blockchain dependency. See Merkle Settlement.

7. Replay context on every receipt

Every receipt commits:

• system_prompt_hash — so you can tell if the agent's instructions changed mid-incident
• tool_inputs_hash — so you can tell what arguments the tool call used
• model_params — temperature, top_p, seed, anything else that affects reproducibility
• execution_env — SDK version, framework version, runtime

If you need to re-run an action six months later to reproduce a bug or defend an audit finding, you have everything the model saw, sealed into the receipt.

8. Agent identity + trust graph

• W3C DID for every agent, with key rotation.
• A2A agent cards for cross-org discovery.
• Verifiable Credentials (W3C VC Data Model) for reputation, reputation-weighted trust, mutual notarization between agents across organizations.
• Reputation scores accumulated over verified outcomes. See Trust Layer.

9. Policy assistant chat

A built-in LLM chat interface trained on your org's policy config, audit log, drift history, and compliance snapshots. Ask "why did agent X get denied last Thursday?" in English; get the answer with the matching action id + signed evaluation row attached.

SDKs

One-line install, zero config:

pip install aira-sdk         # Python
npm install aira-sdk         # TypeScript

from aira import Aira

aira = Aira(api_key="aira_live_...")

auth = aira.authorize(
    action_type="wire_transfer",
    details="Transfer €75,000 to vendor-x",
    agent_id="payments-agent",
)

if auth.status == "authorized":
    # your code runs the transfer
    tx = stripe.transfers.create(...)
    receipt = aira.notarize(
        action_uuid=auth.action_uuid,
        outcome="completed",
        outcome_details=f"stripe_tx={tx.id}",
    )
    # receipt.signature · Ed25519 · publicly verifiable

First-class integrations for every framework your agents might already use: LangChain, CrewAI, OpenAI Agents, Vercel AI SDK, Google ADK, AWS Bedrock, MCP. Each one is a one-line pip install aira-sdk[...] or import from "aira-sdk/extras/...".

Offline-first. The SDK has an offline queue so intermittent network failures don't block the agent — actions are notarized when the backend is reachable again.

See the full SDK reference for supported frameworks and method signatures.

Deployment

Hosted SaaS — sign up at airaproof.com, get an API key, ship. 99.5% SLA on Business, 99.9% on Enterprise. Hosted on EU infrastructure (Hetzner Germany).

Self-hosted — single docker compose up pulls the full stack: API, Postgres, Redis, worker, frontend dashboard, docs site. Your data never leaves your VPC. Same code, same crypto. Enterprise plan includes the self-hosted bundle + a dedicated license. See Self-hosted.

Auto-migrating deploys. The production CI/CD pipeline takes a Postgres backup, runs Alembic migrations against the new image, and only swaps containers if the migration succeeds. A failed migration leaves old containers running with the backup preserved.

Pricing

All features on every plan. You pay by operation — any billable event on your monthly counter.

What counts as an op: a case run, an authorized agent action (including denied and held-for-approval), a chat message, a compliance bundle, a Merkle settlement, or a drift check. What doesn't: reads, approvals, drift baselines, and retries with the same idempotency_key. See Billing for the full table.

Worked examples. A solo dev on Free running one agent (~95 ops/month) pays €0. A production team on Pro with eight agents at ~8,200 ops/month pays the flat €299. A scaling org on Business running 50 agents at ~122K ops/month pays €699 + 22K × €0.03 = ~€1,359.

Why Aira vs. doing it yourself

• Only transparent provider. Every Aira receipt has a public verification URL. No account needed. Competitors either don't sign receipts at all or require a dashboard login to inspect them. You can't audit what you can't see.
• One API, not five. Audit layer + policy engine + approval flow + drift detection + compliance bundles + Merkle settlement — all sharing the same action id, the same cryptographic chain, the same signing keys. Rolling your own with LangChain callbacks + a custom DB + Datadog + a homegrown approver bot gets you 20% of the way there and takes six months.
• Compliance is an output, not a project. One click produces a Merkle-rooted EU AI Act Article 12 bundle. Your competitor is still writing a Confluence doc.
• Real cryptography, not a checkbox. Ed25519 with distinct keys for gateway and policy evaluator, RFC 3161 timestamps, JWKS endpoint, public verification URL. Not "we sign things with HMAC and store them in S3".
• Provably tamper-evident. An auditor can verify a single receipt, a batch of receipts, or an entire settlement without ever talking to us. If we go dark tomorrow, your compliance evidence keeps working.

Next steps

• Try it: Quickstart — 43 minutes to your first signed receipt.
• Read the API reference: API Reference.
• Self-host: Self-hosted guide.
• Talk to us: customers@softure-ug.de — custom contracts, self-hosted licensing, integration support, compliance advisory.

Built in Germany. Ships everywhere.