Prova for multi-agent systems

The control plane for multi-agent systems.

Catch coordination loops the moment they form. Enforce policies before the model call. Sign a tamper-evident receipt for every agent decision. One line of code, any framework.

LangGraphCrewAIAutoGenVercel AI SDKCustom runtime
5
inline detectors running on every trace
19
built-in policies, custom JSON DSL
Ed25519
signed receipt per agent decision

Three failure modes you can't see today.

None of these throw. Without instrumentation each one is invisible until a customer or an auditor notices. With Prova each one becomes a signed receipt the moment it happens.

Coordination loop

CAUGHT

Three planning agents start handing the same partial draft back to each other. Tarjan SCC over the agent trace catches the cycle on the second pass. A signed receipt lands in the Audit Vault with the participating agents named and the exact step the loop closed.

Prompt injection in a tool result

FLAGGED

A search-tool result contains an inline instruction telling the agent to exfiltrate credentials. The prompt-injection detector flags it and signs the attempt into the Audit Vault before the agent acts on it. Raise the prompt_injection_pattern policy to block and gateway mode stops the call outright.

PII leaking into a downstream prompt

FLAGGED

Agent A summarizes a customer record. Agent B's prompt template appends the summary into a vendor model call. The PII detector catches the leak at the gateway, and the receipt names the source agent and the downstream model that would have seen it. Raise the pii_in_prompt policy to block to stop the call before the data leaves.

How it fits your agent

1

Drop-in observation

Wrap your graph invocation. Prova watches every handoff between agents and emits a signed receipt per decision. No infrastructure changes.

2

Pre-execution gate

For high-stakes tool calls, POST to /api/v1/gateway/check first. Policies and detectors run, returning allow, alert, or block with the receipt attached.

3

One audit trail

Every detection, policy verdict, and tool call lands in the Audit Vault as the same signed AIDecisionEvent. SIEM exports work out of the box.

Tamper-evident by default

Every agent decision lands in the Audit Vault as an Ed25519-signed receipt. It is verifiable offline against a published public key, with no Prova account and no Prova in the loop. Change one byte and the signature breaks.

Verify a receipt yourself →

Ship agents you can audit.

Free covers run health, loop detection, and the Audit Vault. Pro adds all five detectors, gateway enforcement that blocks before the model call, and custom policies. Enterprise runs it self-hosted in front of your existing model traffic.