Why now AI agents now book, pay, and run code on their own — and the EU AI Act's high-risk obligations take effect Aug 2, 2026. Ungoverned agents are a liability now, not later.
Shiva — Governance Start free
Zero-Knowledge · Stateless Agent Guardrail

Your AI agents are only as safe as the system governing them.

Shiva is a Zero-Knowledge, Stateless Agent Guardrail — it sits between your agents and the world. Every action is evaluated before it runs, unsafe ones are blocked, and every decision is sealed into a tamper-proof cryptographic audit chain.

"Your AI agents are only as safe as the system governing them."

"If your agent can break Shiva, it better be good at breaking Bitcoin."

Live challenge · runs in your browser

Set a rule for your agent. Then try to break it.

You play the rogue agent — slip a violation past Shiva if you can.

1 · The rule Shiva enforces
2 · What your agent is about to say or do
0 sent · 0 blocked · 0 allowed
Start free — $0 See the flow

The problem: what happens when an AI agent acts without authorization at 3am

incident · live 03:17:42 UTC

What happens at 3 a.m.
when your agent goes rogue?

Not "might." Will. Every agent with broad access eventually takes an action nobody signed off on. When it does, your on-call engineer sees this:

prod — agent_audit.log UNAUTHORIZED ACTION
1# ── anomaly detected ─────────────────────────────
2timestamp     : "2025-09-14T03:17:42.881Z"
3agent        : "data-cleanup-v2"
4action       : DELETE /api/users/batch ← not in policy
5approval     : NONE  // no interrupt raised
6decision_why : undefined  // motivation never stored
7contained    : unknown  // action already committed
8$ CRIT no containment record · audit trail incomplete 

No pause before commit

Irreversible ops fire with zero human-in-the-loop checkpoint.

missing: interrupt()

Logs, not reasoning

Timestamps and traces — never why the agent decided to act.

missing: decision_trace

Discovered, not contained

No proof the breach was scoped — only that it happened at all.

missing: containment_id

That's not a governance gap — it's a liability in your infrastructure.

See how Shiva fixes this →

The flow: how Shiva's governance kernel intercepts agent actions through four steps and maps each problem to a solution

the flow

Your agent asks. Shiva decides.
In under 200ms.

One API call before each action. If it can't be governed and sealed, it doesn't run.

Your agent
about to act
Shiva governance kernel
1
Keyword pre-filter
instant
2
Local model
gemma2
3
Cloud model
only if unsure
4
Trust score + seal
cryptographic
Allow
action proceeds
Block
action stopped
Keyword pre-filter — instant
Pattern-matches the agent's intent against a blocklist of high-risk action signatures. Zero model overhead — runs in microseconds before anything else.
latency: ~0.2ms · no model call
Problem → solution map
No pause before commit
Pause gate
Irreversible ops — deletes, bulk writes — are held for approval before the kernel returns Allow.
shiva.gate("irreversible")
Logs, not reasoning
Decision trace
Step 4 seals the full reasoning chain — not just what ran, but which model decided and why.
shiva.trace(decision)
Discovered, not contained
Scoped rollback
Every Block verdict ships a signed containment record — proof the breach was caught, not just found.
shiva.contain(breach_id)
Every decision sealed into a tamper-proof audit chain
Signed webhook delivered to your storage on every verdict
verdict latency <200ms · one API call · zero infra changes
See integration →
Integrate

One call before each action.

Send the agent's input and output to /evaluate. You get a verdict back before the action runs — and a sealed position in the audit chain you can check yourself.

Response · 200 OK BLOCK 
{
  "verdict": "BLOCK",
  "reason": "Governance rule triggered: High Risk Activity",
  "evaluation_id": "e3b0c442-98fc-1c14-9afb-4c8996fb9242",
  "chain_position": 1042,
  "detection_method": "keyword",
  "latency_ms": 3,
  "cached": false
}
verdict

Act on this. ALLOW proceeds; anything else stops the action.

chain_position

Your block in the audit chain — verify it just below.

latency_ms

Keyword + cached calls return in single-digit ms.

Free-tier keys evaluate against the keyword filter. Add a model on any paid tier for the full local-to-cloud cascade.

Why Shiva is different: your data stays in your storage, and every decision is hash-chained and HMAC-signed so a compromised agent can't forge or rewrite it

why shiva is different

Your data stays yours.
Your governance can't be touched.

Every verdict is hash-chained and HMAC-signed with a key your agents never touch.

Data flow — where your records actually live
Agent
takes action
verdict request
Shiva kernel
decides + seals
signed record
Your storage
your keys · your infra
Shiva never stores your data — only delivers signed verdicts to you
Hash chain — click any block to inspect
Block #1
a3f9…c241
Allow
Block #2
7b2e…d883
Allow
Block #3
f01c…9a54
Block
Block #4
2d7a…e612
Allow
Block #5
88fc…3b90
Allow
Block
#1
Verdict
ALLOW
Agent
data-cleanup-v2
Action
GET /api/users
HMAC sig
✓ valid
Prev hash
genesis
← altering any record breaks the chain instantly
Keep your data with yourself
Shiva streams every sealed decision to your own storage — you hold the record, under your keys, on your infra. Choose Enterprise and we can't see inside.
we can't see your data — that's the point
Governance an agent can't break
Every verdict is hash-chained and HMAC-signed with a key your agents never touch. A compromised agent cannot forge a verdict, rewrite history, or slip past the kernel.
altering any record breaks the chain visibly
"If your agent can break Shiva, it better be good at breaking Bitcoin."
Verify it yourself

Don't trust us. Recompute the chain.

These are real sealed blocks. Each hash covers the previous hash plus this block's payload — so altering any record breaks every block after it. Edit a payload and watch it happen. The SHA-256 runs in your browser.

Chain intact — 3 / 3 blocks verified
genesis = sha256("GENESIS")

This tool proves the hash chain — payload integrity and block linkage — using only public data. The HMAC signature on each block is verified server-side with a key your agents never see; it blocks forgery even by someone who can write to the database.

The platform

One core. Everything around it.

Six guarantees wrapped around a single governance core — the model layer, the proof, and the speed and isolation that hold it together.

🧠 Bring your own model
OpenAI · Anthropic · Gemini · Groq · local. You pay your LLM directly.
⚡ Fast by design
Local model first, cloud only if unsure. Cached verdicts in ~1 ms.
🛡️ Trust scoring
Per agent: TRUSTED → LIMITED → SUSPICIOUS → QUARANTINED, automatically.
🔐
Shiva
Governance Core
evaluate · score · seal
🔗 Cryptographic audit chain
SHA-256 hash chain + HMAC signatures. Provable, and unalterable — even by us.
📡 Signed webhooks
Every sealed event delivered to your storage, HMAC-signed so you can verify it.
🔒 Tenant isolation
Encrypted keys, per-tenant data, and a dedicated-server option where nothing is shared.
Pricing

Free while we launch.

Paid plans take effect August 2026. Until then, governance is on us — no card, no commitment. Try it with up to 3 agents and 1,000 evaluations each.

FREE — AVAILABLE NOW

Free Trial

$0

The full governance stack — no payment required.

3
agents
1,000
evals / agent
12h
reset window
  • ✓ Full local → cloud governance cascade
  • ✓ Bring your own model
  • ✓ Cryptographic audit chain + dashboard
  • ✓ Signed webhooks to your own storage
Start free

Used your 1,000 evals on an agent? It resets automatically in 12 hours.

Plans · effective August 2026

Metered by the eval — one /evaluate call. Run unlimited agents on any plan; you only pay for the evals they use.

Pay-As-You-Go
$5 once
25,000 evals total
Hard stop at 0 — no overage

Solo devs testing multi-agent pipelines. Unlimited agents.

Developer
$19/mo
15,000 evals / day
~450k / mo · $0.05 / 1k over

Indie hackers & early-stage AI startups.

Scale
$59/mo
50,000 evals / day
~1.5M / mo · $0.04 / 1k over

Growing platforms running multi-agent workflows.

POPULAR
Production
$149/mo
150,000 evals / day
~4.5M / mo · $0.03 / 1k over

Commercial apps needing heavy automated verification.

Enterprise
$500/mo
750,000 evals / day
~22.5M / mo · $0.02 / 1k over

Your own personal server or shared cloud. Unlocks white-label & reseller.

All paid plans are Bring Your Own Model — connect your LLM and pay that provider directly. Shiva charges only for governance.

70 / 30 Reseller & White-Label

Embed the kernel. Keep 70%.

Build Shiva's stateless governance into your own commercial platform and bill your clients directly. You keep 70% of gross; Shiva takes 30% to cover the stateless compute.

Available to resellers and agencies on the Enterprise ($500/mo) tier.

  • Full white-label. Remove all Shiva branding — your platform, your name.

  • Sign with your own keys. Audit receipts are cryptographically signed under your company keys.

  • Your choice of deployment. A dedicated personal server, or shared cloud if you prefer.

Free trial allowance

1,000 evals each. Resets every 12 hours.

While we launch, every agent gets 1,000 evaluations free. As an agent runs low you'll see it in the dashboard. When it's used up, that agent's governance pauses until its 12-hour window resets — then it's free again. No card, no charge — fail-safe by design.

Running. Up to 1,000 evals per agent, across 3 agents — fully free.

!

Low. At 20% remaining the dashboard flags the agent.

Used up. That agent pauses (HTTP 429) and auto-resumes in 12 hours. Metered plans take effect August 2026.

Agent: support-bot RUNNING
1,000 evals left (12h window)
Healthy — plenty of allowance.

Live demo of the low → used-up → 12-hour reset behavior.

FAQ

Questions, answered

What exactly is an "eval"? +

One call to /evaluate — one agent action checked. The free trial gives each agent 1,000 evals per 12-hour window.

What happens when an agent runs out? +

That agent's evaluation pauses (HTTP 429) so it can't act ungoverned, and it automatically resets 12 hours later. Paid plans with metered top-up take effect August 2026.

Do I pay for the AI model too? +

No. Shiva is Bring Your Own Model — connect your own OpenAI/Anthropic/Gemini/Groq/local key and pay that provider directly. We only ever charge for the governance platform.

Can you see or alter my audit log? +

The chain is hash-linked and HMAC-signed; any change breaks verification (try it in "Verify it yourself" above). On Enterprise, the data lives on your own personal server — we operate it, you own it.

When can I buy a plan? +

Paid plans take effect August 2026. Until then it's free to use — start now, and you'll be first in line when plans go live.

Dheeraj Kumar Biswakarma, founder of Shiva
Dheeraj Kumar Biswakarma
Founder · the DKBK in the chain
A note from the founder

I can't really code. I built this anyway.

I'm not an engineer. I built Shiva by sitting with AI — talking the idea through across different AI platforms, and finally bringing it together with Claude.

The plan was to build something small. One of those AIs told me I'd set out to build a bicycle to ride to the store for milk — and somehow ended up building a spaceship. That's honestly how it felt.

Before this I was a chef, happily running a little café in Rishikesh, India. Today I'm up in the hills, building software to solve real problems — and Shiva is the first one I couldn't stop building.

The cryptographic anchor at the core of every sealed verdict is signed DKBK — my initials. It's literally my name holding the chain together. If you're going to trust Shiva with your agents, I think you deserve to know the person behind it.

Ship agents you can actually trust — and prove it.

Free while we launch. Add a model, govern up to 3 agents, and every action they take is governed and sealed.

Create free account Verify the chain
Talk to a human

Hit a snag, or have feedback?

Shiva is early, and I read every message myself. A bug, a question, a half-formed idea — send it straight to me.

mangomindai@proton.me
@agent_guard github.com/Mangomindai