Enterprise diligence

Kovera Trust Bundle

Technical evidence pack for security reviews and pilot diligence: infrastructure topology, fail-mode matrix, EU AI Act prEN alignment, OWASP Agentic controls, MCPShield coverage, and published SLOs.

Technical evidence only — not legal advice or an EU AI Act conformity certificate. Customers remain responsible for system classification and legal assessment.

Enterprise trust & operational sovereignty

Verification-first governance. Tamper-evident receipts bound to authorized intent; validate offline with @kovera/verify without relying on a vendor dashboard.
Deployment control & data minimization. Edge-first enforcement; verification can run locally without exporting raw agent payloads or prompt text to third-party analytics. SaaS, dedicated instance, and VPC/on-prem options.
Open evidence for reviewers. This bundle, the Open Evidence API, and liability-receipt specifications for threat models, control mappings, and fail-closed behavior review before a pilot.

Headquartered in Los Angeles, California. Engineering and protocol design are led from the United States.

Core documents (Phase 1 + 2a)

SLO & production posture (summary)

MCP ingress gate p50: ≤ 1.5 ms (CI harness)
MCP ingress gate p99: ≤ 8 ms (harness); < 50 ms end-to-end roadmap target
Fail mode default: fail_closed_regulated — high-risk MCP/tool paths block when Redis or critical deps are unavailable
Offline receipt verify: @kovera/verify in browser — no login on verify.kovera.tech

Full index & roadmap phases

Phase 2b–4 extensions (receipt v2, path policy, witness log) are indexed in the master document.

View full Trust Bundle on GitHub

Open Evidence API verify.kovera.tech Request technical briefing Back to landing page