IAGA Sentinel
Docs

Frequently asked questions

The questions engineers and DPOs ask first, answered plainly.

Yes. The standalone iaga-verify binary checks the Ed25519 signatures and the Merkle chain against one public key, with no database, no server, and no call home. The receipt chain works even if IAGA disappears.

Soft enforcement runs in userspace and is bypassable if the process is compromised. Hard enforcement uses eBPF/LSM kernel hooks and is trustworthy even if userspace is compromised. The open build ships soft enforcement and marks the distinction honestly in every receipt; the real kernel loader is Enterprise and roadmap.

No. The core is deterministic policy. ML models are opt-in: bring your own ONNX models in the open build, where they emit evidence and never verdicts. The curated, pre-trained model library is Enterprise.

No. It does not route, load-balance, or cache model traffic. It is an evidence layer that sits on top of whatever routes or enforces underneath, signing what happens. Point any SDK at the HTTP sidecar, or sign MCP tool calls.

The evidence stays in your hands, verifiable offline with no call home. The open build is BUSL-1.1 converting to Apache-2.0, so you can run it air-gapped, fork it if needed, and reduce third-party infrastructure exposure.

Sixteen frameworks ship with copy-paste adapter examples: Claude Code, Claude Agent SDK, OpenAI, OpenAI Agents, OpenAI Codex, Vercel AI, LangChain, LangGraph, CrewAI, AutoGen, LlamaIndex, MCP, Microsoft Agent Framework, PydanticAI, and more, plus a Rust client crate. Codex is the first bidirectional integration: it both observes and acts inside the agent's loop. Enforcement is identical everywhere: allow runs, review and block do not, and every tool call gets one signed receipt.

Yes, behind the default-off cost-control feature. Token and dollar spend is priced locally against a built-in pricing table (no external billing API), lands in the signed receipt and the audit ledger, and surfaces through /v1/cost/*, the dashboard, and iaga cost. Session budgets are enforceable in Dictum, stricter-wins.

The open verifier needs no network at all. Packaged air-gapped distribution, with signed offline update bundles, is an Enterprise feature.

The open build is source-available under Business Source License 1.1, with a Change License of Apache-2.0 and a Change Date four years after each release is published. The conversion is written into the license itself.