Your AI policy,
running as infrastructure.
Every enterprise has an AI policy — usually a PDF nobody can enforce. Manifesto is the governance runtime between your applications and every LLM provider: the policy is declared once, enforced on every request, and proven to any auditor.
OpenAI-compatible: point any SDK at /v1 with your app key.
No SDK migration. No provider lock-in.
Policy as versioned law
Author in plain language or YAML. Publishing creates an immutable version — compliance packs can be tightened, never loosened, and no override flag exists.
# gdpr-pii-baseline when: detectors.pii: { exists: true } provider.region: { notEquals: eu } then: verdict: deny
Sanitized before it leaves the building
Detectors find the email and the card number; policy replaces them mid-flight. The provider receives a prompt that was never dangerous — and the decision names the exact rule that fired.
Every decision leaves evidence
Append-only audit records with content hashes — never raw text by default — and per-execution exports a regulator can hold: JSON, HTML, PDF. Nothing is ever deleted; nothing is ever edited.
An instrument panel, not a black box
Per-stage latency, verdict streams, overhead SLOs. Your governance layer is something you watch, not something you trust blindly.