AI Agent GovernanceTrack 0 · Pre-flightTrack 1 · In-EditorTrack A · PR GateTrack B · Runtime

Stop runaway AI agents
before they ship.

Permission envelope before writing. Live alerts while coding. Policy gate at PR. Production audit after deploy. Four tracks. Five editors.

Request Early Access
Works with:
🤖 Claude Code
🐙 GitHub Copilot
Cursor
🌊 Windsurf
🔮 Augment
12
Capability types governed
5
AI coding editors
4
Enforcement layers
100
Agent quality score (0–100)
60s
Permission cache TTL
The Problem

AI agents are coding blind — and nobody is watching.

Copilot, Cursor, Claude Code, Windsurf — each operates in isolation. They don't know your IAM policy, your off-limits services, or your runbook. Worse: when they generate 80 files for a 5-file ticket, or create the seventh version of the same utility function, there's nothing stopping them.

🔑

Capability Sprawl

Agents request IAM roles, write secrets, and modify infrastructure with no pre-flight check against your policy.

🕵️

Zero Provenance

When an incident hits, you can't trace which agent wrote the code, under what context, or with what declared intent — it's a black box.

🍝

Spaghetti Code

Unconstrained agents create N+1 utility functions, touch dozens of files, and generate duplicates. Without session budgets and abstraction scoring, sprawl compounds daily.

The Governance Pipeline

Four tracks. One source of truth.

VertaAI intercepts the AI coding workflow at every stage — from the first keystroke to production. Tracks 0 and 1 live inside the editor. Tracks A and B enforce at PR time and runtime.

Governance pipeline — left to right

Start
Open Editor
Track 0
Permission Envelope
Code
Agent Writes Code
Track 1
In-Editor · Live
Track A
PR Gate · 5 Checks
Ship
Merge + Deploy
Track B
Runtime Audit
Track 0
Pre-flight Permission Envelope
Before any code is written, the agent receives a permission envelope compiled from active Policy Packs. Blocked capabilities are off the table from keystroke one.
  • Compiled from workspace Policy Packs
  • Injected into 5 editor config files
  • 5 blocked + 7 declaration-required caps
  • Session budgets: max files + abstractions
Track 1
In-Editor Governance Feedback
When production drift is detected, VertaAI pushes the alert directly into the developer's editor in real-time via SSE — no context switch, no Slack tab hunting.
  • Real-time SSE push to open editors
  • CodeLens: agent · PR · quality score
  • Closes the governance loop
  • Alert surfaced where code lives
Track A
YAML Policy Gate at PR Review
At pull request time, 5 automated comparators check intent parity, abstraction risk, churn, imports, and infra ownership. Posts as a blocking GitHub Check.
  • Intent ↔ capability parity
  • Spaghetti prevention (abstraction risk)
  • Churn + complexity thresholds
  • Over-permissioned import detection
Track B
Runtime Drift Detection
In production, VertaAI monitors CloudTrail, GCP Audit Logs, and DB query logs for undeclared capability usage. PagerDuty + Slack when CRITICAL drift appears.
  • AWS CloudTrail + GCP Audit ingestion
  • Decay-weighted severity scoring
  • Cross-service correlation signals
  • Auto-close when drift resolves