Run the auditing where your AI runs. Add the gateway when you want the whole record.

Add the gateway for the full ecosystem

The managed MCP gateway is optional. Add it when you want the evidence to come from how your AI runs.

The standalone collector watches your governed sources from the outside. The managed MCP gateway puts a control plane directly in the path of every AI and agent action — so the ledger entries are not periodic observations but the actual record of every tool call, every policy decision, every credential issuance, and every denial. Compliance as a record of how your AI runs, not a reconstruction.

• Per-call policy

  Deterministic policy evaluation on every invocation

  Per-tenant rules — prod-write blocks, IP allowlists, budget ceilings, approval gates, PII redaction — run in document order with no external calls in the decision path. An operator kill-switch can deny everything on that control plane instantly. Every decision, including every denial, is audited.

  Private beta
• Credential brokering

  Short-lived, scoped tokens — raw keys stay vaulted

  Downstream credentials are envelope-encrypted per tenant. The gateway issues a short-lived, tool-scoped token per call. The agent never receives a raw key. Every issuance is a ledger entry.

  Private beta
• Sandboxed execution

  Tools run deny-by-default with a hard timeout

  Each tool executes in an isolated runtime. Network and filesystem access are granted per tool, never assumed. A hard timeout caps execution. Capabilities cannot be escalated at runtime.

  Private beta
• One family, one record

  Collector + gateway events land in the same hash chain

  When you add the gateway, its runtime events join the same per-tenant, independently verifiable ledger that the standalone collector writes to. One control plane, one evidence record, one auditor view — across both the governed sources the collector watches and every AI action the gateway brokers.

  Private beta

Multi-tenant by design

Built for many companies, not one. Each with its own isolated, verifiable record.

One Cytra account models a whole organization: a client at the top, the companies it governs beneath it — subsidiaries, portfolio companies, business units — and the people in each, with roles. Every company runs one or more collectors, and each company writes to its own tamper-evident ledger. A company's auditor verifies that company's chain; nothing is mixed across companies. The client sees a rollup across all of them without ever breaking that isolation.

• Organization model

  Client, company, user

  One contract spans many companies. Each company is its own governance, policy, and evidence boundary. Users hold roles scoped to a single company or across the whole client — a parent overseeing every subsidiary, or one company seeing only its own.

• Fleet provisioning

  Self-service collector enrollment

  A company admin registers a collector from the console and gets a single-use, company-scoped enrollment token. On first boot the collector generates its own signing key — the private key never leaves your environment — exchanges the one-time token, and registers only its public key. From then on it signs every check-in. Rotate or revoke any collector from the console.

• Tenant isolation

  One hash chain per company

  Every company writes to its own SHA-256 hash-chained ledger. A collector authenticates to its company; its signed events can only append to that company’s chain. Reordering, deleting, or mutating a record breaks verification for that company alone — and an outside party can verify it without trusting Cytra.

• Data residency

  You choose what leaves

  Per company, choose what the collectors send home: the full signed evidence, or digest-only — cryptographic roots and aggregate statistics — with the underlying evidence staying entirely in your environment and shipped only on request for an audit. Outbound-only either way; no inbound ports.

• Register & mint a token

  01

  A company admin adds a collector in the console and mints a single-use, company-scoped enrollment token — no Cytra-side step.

• Deploy the collector

  02

  Drop the token into the collector config and start it. It generates its own Ed25519 identity locally, exchanges the token once, and registers its public key.

• Continuous check-in

  03

  The collector makes outbound-only, signed check-ins into its company’s ledger — full evidence or digests, your choice — and you can revoke it anytime.

And it all runs in your environment, not only in Cytra's cloud — the compliance collector is the early-access (v1) product. Deploy it on your own infrastructure, behind your firewall, outbound-only, and run it locally today; the managed MCP gateway is optional and ships later. Cytra describes its posture as aligned and audit-ready, not certified.

Packaging

One collector, three ways to run it.

The compliance collector ships in the format that fits your environment. Docker is available today for early-access tenants. The Kubernetes Helm chart is available for teams already on a cluster. The Go single binary — for air-gapped and locked-down environments — is in development and is planned for Phase 2.

• Docker

  Available now (early access)

  A single container image. Pull it, configure two environment variables (your outbound ledger endpoint + a signing key), and run it wherever Docker runs — on a VM, a laptop, or inside your existing container platform.

• Kubernetes / Helm

  Available now (early access)

  A Helm chart for teams already running a cluster. One-command install, automatic restarts on failure, and standard Kubernetes RBAC for access control. No cluster-level privileges required.

• Go single binary

  In development

  A self-contained executable with no runtime dependencies — intended for air-gapped or locked-down on-premises environments where container runtimes are unavailable or restricted. Currently in development.