For AI engineering teams
Add governance to your AI stack
in an afternoon, not a quarter
Node, Python, Go, Rust. REST plus MCP 2025-06 native. Typed errors, idempotency on writes, stable request ids, and a policy engine that lives in your SDK call, not in a separate approval queue.
Quickstart
From install to your first assessed call
Paste this into a TypeScript project. Same shape in Python, Go, and Rust. Decision returns typed findings, a signed evidence pack id, and an RFC 7807 problem document on failure.
// Step 1, install pnpm add @korasafe/sdk // Step 2, import import { KoraSafe, assertHighRisk } from "@korasafe/sdk"; const ks = new KoraSafe({ tenant: "acme", policy: "finance.hiring.v3" }); // Step 3, assess an agent const decision = await ks.assess({ agent: "hiring-copilot-v4", surfaces: ["mcp", "ci", "chrome"], inputs: { resume, role }, evidence: true, }); assertHighRisk(decision); // throws w/ RFC 7807 problem+json return decision.findings; // typed Finding[], signed evidence_pack_id
Auth
Two paths in, one audit trail out
Bearer keys for server calls. Short-lived OAuth tokens for user and agent sessions. Every request carries a tenant, a caller identity, and a scope, and every decision logs all three.
- ks_live_ and ks_test_ keys scoped per tenant
- mTLS available on dedicated plans
- Rotate from console or API, no downtime
- Scopes: read, write, dispatch, evidence, admin
- Per-key and per-tenant rate pools
- Short-lived access tokens, 15 minute default
- Refresh tokens bound to device and IP class
- On-behalf-of flow for agent-calling-agent over MCP
- SSO via SAML 2.0, OIDC, SCIM provisioning
- Step-up auth on T4 autonomy and admin routes
# Server call with API key Authorization: Bearer ks_live_9f3ac2b7... Idempotency-Key: 01HXY2... X-Tenant: acme # Agent session, OAuth 2.1, 15 minute TTL Authorization: Bearer eyJhbGciOi... X-Actor: agent:hiring-copilot-v4 X-Scope: assess.create,evidence.verify
Every integration path your stack uses
Ship governed AI in your language and tools
01
MCP gateway
Model Context Protocol, governance-native
Plug governance straight into your MCP network. Every agent-to-agent call carries an identity, a policy decision, and an audit entry, with no wrapper code in the way. Spec-complete on MCP 2025-06 and works with Cursor, Cline, custom agents, and any in-house MCP client.
02
REST
OpenAPI 3.1 with typed errors
Stable request ids (req_xxx). Idempotency-Key header on writes. RFC 7807 problem-details on every non-2xx. Bucketed rate limits published per route. Typed errors your code can branch on.
03
SDKs, first-party
Node, Python, Go, Rust in lockstep
Typed clients with retries and exponential backoff. Pagination helpers. Versioned in lockstep with the API. Published to npm, PyPI, pkg.go.dev, crates.io.
04
CLI
kora, pipe-friendly
Registry CRUD, assess, simulate policy, apply pack, export evidence, tail audit. JSON or human output. Works with jq and fzf.
05
CI, marketplace
GitHub Actions and GitLab pipelines
Fail builds on unapproved model refs. Annotate PRs with risk tier changes. Attach signed evidence packs to releases.
06
Editor and Chrome
Inline assessments where your team works
VS Code extension surfaces decisions where you write prompts. Chrome extension redacts PII in the browser. One identity, one audit trail across surfaces.
Methods and routes
What your code can call
// mcp://korasafe.ai, namespace: registry export interface RegistryEntry { system_ref: string; // sys_hiring_v4 owner: string; // user or team id data_class: DataClass[]; // pii, credit, biometric, minors model_refs: string[]; // claude-3-7-sonnet, gpt-4o, internal tool_scope: ToolScope[]; // mcp, rest, ci, chrome autonomy_tier: "T1" | "T2" | "T3" | "T4"; status: "draft" | "live" | "retired"; } export interface RegistryListQuery { tenant: string; tier?: "T1" | "T2" | "T3" | "T4"; framework?: Framework; cursor?: string; // opaque, stable across inserts limit?: number; // 1..500, default 50 }
// mcp://korasafe.ai, namespace: assess export interface AssessCreateInput { system_ref: string; // registry id (e.g. sys_hiring_v4) frameworks: ("eu-ai-act" | "nist-ai-rmf" | "iso-42001" | "sr-11-7")[]; inputs: InputClass[]; // pii, credit_score, biometric, minors overlays?: SectorOverlay[]; // financial, healthcare, public-sector autonomy_tier: "T1" | "T2" | "T3" | "T4"; evidence?: boolean; // signed, WORM-stored pack on success } export interface AssessResult { req_id: string; tier: "minimal" | "limited" | "high-risk" | "prohibited"; findings: Finding[]; // typed, with obligation node_ids evidence_pack_id: string | null; audit_checkpoint: string; // merkle root, verifiable offline }
// mcp://korasafe.ai, namespace: policy export interface PolicyPack { pack_ref: string; // finance.hiring.v3 version: string; // semver, immutable when tagged rules: RegoRule[]; // compiled and pinned per version frameworks: Framework[]; // eu-ai-act, nist-ai-rmf, iso-42001 overlays?: SectorOverlay[]; } export interface PolicySimulateInput { pack_ref: string; system_ref: string; sample_count: number; // 1..10000, audit default 1000 fixtures?: InputClass[]; } export interface PolicySimulateResult { pass_rate: number; // 0..1 violations: RuleHit[]; // rule_id, count, severity hot_reload_ms: number; // under 2000 on live rollouts }
// mcp://korasafe.ai, namespace: orchestrator export interface OrchestratorPlan { plan_id: string; steps: PlanStep[]; // agents, tools, guardians per step review_required: boolean; // true for T3 and T4 budget_ms: number; // soft cap, per step and per plan reviewers: string[]; // resolved from escalation rules } export interface OrchestratorRun { plan_id: string; review_outcome: "approved" | "rejected" | "conditional"; run_id: string; audit_checkpoint: string; // merkle root per run, append-only }
// mcp://korasafe.ai, namespace: evidence export interface EvidencePack { pack_id: string; // ep_9f3ac2... system_ref: string; frameworks: Framework[]; merkle_root: string; // SHA-256, verifiable offline sealed_at: string; // RFC 3339 retention: "7y" | "custom"; // WORM, seven year default } export interface EvidenceVerifyInput { pack_id: string; proof: MerkleProof; // siblings + indices public_key?: string; // tenant signing key, JWKS-resolved } export interface EvidenceVerifyResult { ok: boolean; signed_at: string; policy_hash: string; // pack version pinned at decision time }
list, get, upsert, retire. The single source every other call reads from. 8k rps, p50 38ms.
create, status, export. EU AI Act Annex III, NIST AI RMF 2.0, sector overlays. 500ms timeout.
list, apply, simulate, violation. Rego policies hot-reloaded in under two seconds.
list, dispatch, status. Direct path when bypassing the orchestrator for low-latency flows.
plan, review, run, record. Default for multi-agent work. Your team sees the plan before any agent runs.
pack, verify, list. SHA-256 Merkle chained. Seven-year default retention.
First call
From import to enforced
import { KoraSafe } from "@korasafe/sdk"; const ks = new KoraSafe({ apiKey: process.env.KS_KEY }); const result = await ks.assess({ system: "loan-decisioning-v4", inputs: ["applicant_pii", "credit_score"], policies: ["eu-ai-act-high-risk"], }); // result.tier === "high-risk" // result.findings.length === 3 // result.evidence_pack_id === "ep_9f3a..."
from korasafe import KoraSafe import os ks = KoraSafe(api_key=os.environ["KS_KEY"]) result = await ks.assess( system="loan-decisioning-v4", inputs=["applicant_pii", "credit_score"], policies=["eu-ai-act-high-risk"], ) # result.tier == "high-risk" # len(result.findings) == 3 # result.evidence_pack_id == "ep_9f3a..."
curl -X POST https://api.korasafe.ai/v1/assess \ -H "Authorization: Bearer $KS_KEY" \ -H "Idempotency-Key: $(uuidgen)" \ -H "Content-Type: application/json" \ -d '{ "system": "loan-decisioning-v4", "inputs": ["applicant_pii", "credit_score"], "policies": ["eu-ai-act-high-risk"] }' # HTTP/1.1 200 OK # X-Request-Id: req_9f3ac2... # { "tier": "high-risk", "findings": [...], "evidence_pack_id": "ep_9f3a..." }
// mcp://korasafe.ai, namespace: assess { "jsonrpc": "2.0", "id": "1", "method": "assess.create", "params": { "system_ref": "loan-decisioning-v4", "frameworks": ["eu-ai-act"], "inputs": ["applicant_pii", "credit_score"], "autonomy_tier": "T3", "evidence": true } } // Returns { tier, findings[], evidence_pack_id, audit_checkpoint }
Rate limits and errors
Predictable, not punitive
- Burst allowance via leaky bucket, not cliffs
- Soft warning at 80% with Retry-After header
- Per-tenant overrides for enterprise plans
- Separate pools for read, write, and agent dispatch
- Public status page reflects current budgets
- RFC 7807 problem-details on every non-2xx
- Stable error codes you can branch on
- request_id echoed in the body and X-Request-Id header
- Violations link to the policy rule that tripped
- No silent failures; surface everything to the caller
Webhooks
Decisions and escalations, pushed to your systems
Subscribe to events your systems care about. Each delivery carries a signed envelope, a replay token, and a pointer into the evidence chain.
// POST https://hooks.example.com/korasafe X-KoraSafe-Event: violation.raised X-KoraSafe-Signature: sha256=b7c4... X-KoraSafe-Delivery: del_9f3ac2b7 X-KoraSafe-Timestamp: 1745010234 { "event": "violation.raised", "tenant": "acme", "system_ref": "hiring-copilot-v4", "framework": "eu-ai-act", "rule": "annex-iii.1.a", "severity": "high", "evidence_pack_id": "ep_9f3a...", "req_id": "req_9f3ac2..." }
Assessment finishes. Decision, tier, and evidence pack id included.
Policy rule tripped. Rule id, severity, and citation attached.
Human review needed. Reviewer queue and SLA attached.
Pack signed and anchored. Merkle root and retention window attached.
System added, retired, or tier changed. Field diff included.
New pack or version applied. Simulator diff attached.
- Retries with exponential backoff, 24 hour budget
- Delivery id stable across retries, safe to idempotently process
- Dead-letter queue browsable in the console
- Replay any delivery from the last seven days, one call
- Per-endpoint secret, rotated without drop
- Dual-signing window of five minutes during rotation
- Timestamp header rejects replays past a five-minute skew
- JWKS-backed option for enterprise plans