Enterprise-grade, from day one

Agents request approval to access protected data. Reviewers see context, approve or deny, and every decision is logged.

Global and per-service emergency stop with instant propagation across all running instances. Satisfies EU AI Act Article 14 requirements for immediate human intervention.

State machines govern action sequences with deny-by-default for unknown states. Supports EU AI Act Article 9 risk management across healthcare, legal, and financial domains.

Strict tenant isolation with no data leakage. Dedicated encryption, scoped baselines, metered billing, and complete data residency controls.

Docker and docker-compose for one-command setup. Distributed rate limiting supports horizontal scaling across multiple instances.

Upload adapter code with automatic validation. Security-checked and sandboxed at runtime, with 25+ prebuilt service adapters included.

Four admin roles with separation of duties. Timing-safe authentication and high-entropy tokens as standard.

Every agent's permissions trace back to a named human and an organisational mandate. Grants have independent lifecycles — suspend, revoke, or renew without touching the agent itself.

Agents carry short-lived signed tokens that downstream services verify without calling back to Vortalis. Every attestation is tied to an active authority grant. Tokens can be revoked instantly by ID.

Full conformance test suite validates every governance guarantee against the AGAP specification. 1000+ tests. Published results.

Metrics-driven canary deployments with progressive traffic shifting. Configure error-rate and latency thresholds — Vortalis auto-promotes healthy releases and auto-rolls back bad ones. No manual intervention required.

Manage PrivateLink endpoints and VPN tunnels across AWS, Azure, and GCP from a single API. Health monitoring, connectivity dashboards, and zero public-internet exposure for backend services.