The governance layer for production AI agents.
Risk control today. Regulation-ready tomorrow. Every agent action is scored against policy Canons before it commits. Risky actions trip a circuit breaker. Every decision becomes a signed, hash-chained ledger entry. Operators reduce loss now. Compliance signs deploys when SOC 2 and the EU AI Act ask.
# Trace an agent decision at a point in time $ concordex trace agt_7HxQ --at 14:02 Agent support-triage v2.3.1 Action refund.approve amount=$840.00 Evidence 3 retrieved documents · 2 tool calls · 1 policy check Risk tags financial-action, customer-pii Drift within band (latency p99, refund rate) # Export the evidence packet for a 24-hour window $ concordex audit export agt_7HxQ --window 24h ✓ Packet written. 412 events. Signed. Ready to file.
What Concordex is for.
AI agents now take actions that have financial, clinical, and legal consequences. The operators of those agents need a record that holds up to audit, to incident review, and to the customer asking what happened. Concordex produces that record.
You cannot explain what your agent did.
Application logs are not evidence. Prompt traces are not an audit trail. When an agent approves a refund or escalates an alert, no one on your team should have to reconstruct the reasoning from monitoring dashboards at 2 a.m.
You cannot produce a defensible record.
Auditors and regulators expect signed, time-stamped, evidence-linked records of consequential decisions. Most teams produce these by hand, once per audit cycle, and rebuild them every quarter.
You cannot stop the agent before it acts.
Logging tells you what happened. It does not stop the bad refund, the leaked PII, or the unauthorized escalation. A governance layer scores each action against policy before it commits, trips a circuit breaker on risk, and writes the decision to a signed ledger.
Three modules. One governance layer.
Anima records and scores. Augur recognizes. Concordia enforces. All three run on the same hash-chained ledger, so every score, forecast, and enforcement decision is signed and replayable.
Every agent action, scored against its policy Canon.
Capabilities, signature behaviors, known failure modes, risk tags, and the evidence behind each claim. Each event is signed into a hash-chained ledger that audit can verify.
Recognize when a risky action is about to happen.
Augur scores each pending action against the agent's calibrated history and the active Canons. The score is what Concordia checks before the action commits.
Trip the circuit breaker before the action commits.
Policy Canons run as code against every action. When a score crosses a threshold, the breaker holds the action, escalates to a human, and writes the decision to the ledger. MCP-compatible so any agent runtime can call it.
Three steps. Most teams are in production within a week.
Add the SDK to your agent loop.
Five lines around the agent call. Or run the sidecar proxy when the runtime is closed and you cannot change the agent code.
from concordex import trace
with trace(agent="triage", risk=["pii"]):
result = my_agent.run(input)
Every action becomes a record.
Actions, retrieved evidence, tool calls, policy checks, and drift signals — written to your isolated workspace with cryptographic signing.
POST /v1/events
{ "agent": "triage",
"action": "refund.approve",
"evidence": [...],
"risk_tags": ["financial"] }
Query the record where you already work.
From your incident channel, your audit prep, your on-call view, or your CI gate. The registry follows the team.
$ concordex audit export agt_7HxQ \
--window 24h
✓ 412 events · signed · ready
Built for the team that owns AI in production.
If you are the person paged when an agent misbehaves, or the one who explains it to legal, security, or the customer, Concordex is the record system you do not have yet.
Fleet visibility across runtimes.
One registry for every agent — whether built in-house, taken from an open framework, or supplied by a vendor. Set what "production-ready" means without telling each team how to build.
Audit-ready by default.
SOC 2, HIPAA, EU AI Act Articles 12 and 14, and internal model-risk programs. The record is the artifact your audit asks for.
Replay, do not reconstruct.
When an agent misbehaves, you need the trace, the evidence, and the diff — in your incident channel, in two clicks. Concordex emits to your existing paging and chat tools.
Boundaries you can prove.
Per-workspace data isolation, configurable retention, bring-your-own cloud, and a policy layer your security officer can read without translation. Self-hosted on your network if required.
Mapped to the controls your auditor already asks about.
Concordex ships pre-mapped to common control frameworks. If your audit cycle calls for a different framework, the same event record supports it.
| Framework | Controls supported | Status |
|---|---|---|
| SOC 2 Type II | CC7 (system operations), CC8 (change management), CC9 (risk mitigation) | In progress · evidence under NDA |
| HIPAA | 164.308 administrative safeguards, 164.312 audit controls | Available with BAA on Enterprise |
| EU AI Act | Article 12 (record-keeping), Article 14 (human oversight) | Pre-mapped · crosswalk available |
| NIST AI RMF | Measure 2.1, Measure 2.3, Manage 4.1 | Pre-mapped · self-attestation |
Free to start. Metered after. Canons à la carte.
Three dimensions and nothing else. One — a built-in free tier on every account. Two — per-resource metered rates above the free allowance. Three — optional Canon subscriptions for curated governance packs (for example, the Blockchain Canon at $499 per workspace per month). No fixed plans, no per-seat lock-ins, no minimums, no trial countdown.
Included at no charge
- 10,000behavior events recorded
- 100reasoning passes
- 1,000integration runs
- 10subjects under watch
- 1 GBstorage
- 100,000inbound webhook requests
- 50image-to-text calls
- 30 minaudio transcription
- 1analyst seat
- 1auditor seat
The free allowance renews on the first of each calendar month. A payment method is collected at signup so usage above the free tier is uninterrupted; the card is not charged while your usage stays within the free allowance.
Start free workspace →| Resource | Free / month | Rate | Unit |
|---|---|---|---|
| Behavior events recorded | 10,000 | $0.30 | per 1,000 events |
| Reasoning passes | 100 | $0.04 | per pass |
| Integration runs | 1,000 | $0.01 | per run |
| Subjects under watch | 10 | $0.05 | per subject per month |
| Storage | 1 GB | $0.015 | per GB per month |
| Inbound webhook requests | 100,000 | $0.20 | per 1,000,000 requests |
| Image-to-text calls | 50 | $0.01 | per call |
| Audio transcription | 30 min | $0.008 | per minute |
| Analyst seats | 1 | $40 | per seat per month |
| Auditor seats | 1 | $25 | per seat per month |
Volume rates apply automatically at higher usage thresholds — for example, behavior events drop to $0.20 per 1,000 above 1,000,000 per month, and reasoning passes drop to $0.025 above 10,000.
Canons are curated governance packs from the Library — pre-built policy bundles for a domain such as blockchain custody, healthcare privacy, or financial-services controls. Each Canon is priced per workspace per month, independent of resource metering, and listed on its detail page. The Blockchain Canon anchors the range at $499/mo per workspace; smaller Canons start at $0 (community-maintained) and scale with regulatory scope.
What procurement, security, and legal usually ask.
How long does it take to deploy?
The free workspace is provisioned in under one minute. Most teams
are sending production traces within the first afternoon — either
through the SDK (pip install concordex /
npm install @concordex/sdk) or as a sidecar proxy when
the agent code cannot be changed.
Where is our data stored? Can we run it ourselves?
Hosted workspaces run in us-east-1 or
eu-west-1 with configurable residency. Self-hosted
deployment on your network is available on the Enterprise tier with
the same control plane, your keys, and no outbound data.
What about SOC 2, HIPAA, and the EU AI Act?
SOC 2 Type II is in progress with a target of Q3 2026; evidence is available under NDA today. HIPAA-compliant deployment with a Business Associate Agreement is available on Enterprise. Concordex ships pre-mapped controls for EU AI Act Articles 12 and 14; if your auditor asks, the crosswalk is provided.
How does Concordex fit our existing observability?
Concordex emits OpenTelemetry, integrates with the common observability and paging tools, and exposes webhooks for everything else. It does not replace your monitoring; it adds the layer your monitoring cannot produce — agent decisions, evidence chains, and risk tags.
What happens if your service ends?
Every event is exportable to JSONL or Parquet on demand, without a support request. Self-hosted customers continue to run on their last released image. The registry schema is published.
Why the names Concordex, Anima, Augur, and Concordia?
The names come from the project's founding thesis. The marketing page does not require it. If you want the long-form purpose, see the thesis page.
Begin the record before you need it.
Provision a workspace in a minute. Send the first trace in five. Have a defensible audit packet by the end of the week.
No card required · Cancel any time · SOC 2 Type II in progress