pliuz
Get started
Menu
Featuresvs DIYSecurityDocsAbout
Sign in

Early access · v0.1.x

Stop building your own approval handler.

Human approval and immutable audit trail for LLM agents in production. Python and TypeScript SDKs, hash-chained logs, EU-hosted. Live in 10 minutes.

Wrap any risky tool call with @pliuz.gated(). Your agent pauses, a human (or your policy) decides in Slack, and every approval lands in a SHA-256 chained audit log your CISO can verify with one SQL call.

Join the waitlistRead the docs (start free)

pip install pliuz · Apache 2.0 · Source on GitHub

my_agent.py·python
from pliuz import gated

@gated(risk="high", policy="finance-approvals")
def send_payment(amount: int, recipient: str):
    return stripe.transfers.create(amount=amount, destination=recipient)

The problem

The agent took the action. You found out at 3am.

47 refunds

The 3am page

Your agent created 47 duplicate Stripe refunds overnight. You got paged at 03:14. You’re the single point of failure when an LLM screws up in production.

SEC-201

The CISO question you can’t answer

Pen-test asks: prove every agent action was either policy-approved or human-reviewed, with provenance. You have Slack history and git blame. You don’t have an answer.

6 months

The 6-month tax you priced as 2 sprints

You opened AGENT-447: "build approval layer (spike). 2 sprints." Six months later it’s still half-built, drowning in Slack-bot reliability tickets and policy edge cases.

The solution

One decorator. One policy file. One audit log.

  1. 1

    Install

    pip install pliuz or npm install @pliuz/sdk. Wrap any risky tool call with @pliuz.gated(). Ships with LangChain and Vercel AI SDK adapters; the decorator is framework-agnostic, so it drops into LangGraph, CrewAI, or Claude Agent SDK loops too.

    pip install pliuz
  2. 2

    Gate

    Your agent pauses. Pliuz evaluates the JSONLogic policy server-side. Low-risk auto-approves. High-risk routes to your approver group in Slack with one-click approve/reject/edit buttons.

    @gated(policy="finance")
  3. 3

    Audit

    Every decision lands in an append-only events table chained by SHA-256. Run pliuz_verify_chain() — it returns OK or names the broken event. Export it as Ed25519-signed JSONL and verify it offline with our open-source verifier — your evidence for SOC2 / EU AI Act Article 12.

    SELECT * FROM pliuz_verify_chain()

Features

Everything the buyer asks for. Nothing they did not.

One decorator. Any framework.

Wrap any tool call in Python or TypeScript with one decorator. Ships with LangChain and Vercel AI SDK adapters; the decorator is framework-agnostic, so it drops into LangGraph, CrewAI, Claude Agent SDK, or custom runners — and any HTTP-capable runner (n8n, etc.) calls the REST API directly.

@pliuz.gated()

pip install pliuz · npm install @pliuz/sdk

Policies that auto-approve the boring stuff.

Write JSONLogic once: amounts under €100 auto-approve, payloads matching prod-customer-* auto-reject, everything else routes to a human. Server-side evaluation, deterministic, no LLM.

{"<": [{"var": "args.amount"}, 100]}

policies/finance.json

Hash-chained audit log your CISO can verify.

Every approval, edit, rejection, and execution lands in an append-only events table chained by SHA-256. Run pliuz_verify_chain() — it returns OK or names the broken event.

SELECT * FROM pliuz_verify_chain()

public verification RPC

Per-event provenance: policy vs tool-flag.

Pliuz only

Every audit event carries an auto_approve_source field — policy, tool_flag, or human. When the CISO asks "why did this action go through without review?" you have an exact answer, not a postmortem.

"auto_approve_source": "policy"

event.payload.auto_approve_source

EU-hosted, RLS on every table, DPA on day one.

Supabase Frankfurt by default. RLS enabled on all 13 tables. SDK-side redaction primitives. DPA available at /legal/dpa before contract. No LLMs in the critical path.

eu-central-1 · RLS × 13 tables

See it work

Install. Decorate. Watch the agent pause.

60 seconds from pip install to first human-gated tool call.

14
PRPs shipped
core backend, SDKs, auth, metrics, docs
29
audit event types
CHECK-constrained at DB level
13
tables with RLS
multi-tenant at the database
4
materialized views
refreshed every 60 seconds
12
JSONLogic operators
whitelisted — no eval, no exec
Apache 2.0
Open-source SDKs
Python + TypeScript on GitHub
pliuz/pliuz-py0pliuz/pliuz-ts0

Security

What we ship to make your CISO sleep.

  • EU-hosted by default
    Supabase Frankfurt (eu-central-1). US region planned, not default.
  • Append-only events table
    Cryptographic source of truth. Convenience tables are projections.
  • SHA-256 hash chain
    Verifiable by you via SELECT * FROM pliuz_verify_chain()
  • RLS on all 13 tables
    Multi-tenant isolation enforced at the database, not in the application.
  • No LLMs in the critical path
    Policy evaluation is deterministic JSONLogic. Your payload never touches an external model.
  • SDK-side redaction
    pliuz.mask("iban", "last4") lands the masked value in our DB. We never see the original.
Read the full security model

FAQ

Honest answers to the questions you would ask.

What happens if Pliuz goes down? Does my agent halt?
Today the SDK fails closed, always: if Pliuz is unreachable, the gated call raises a typed error (PliuzNetworkError / PliuzApprovalTimeoutError) and your tool never executes — for high-risk actions, halting is safer than acting unsupervised. A per-call fail_open mode for low-risk tools (execute on outage, reconcile to the audit chain on reconnect) is on the SDK roadmap but is NOT shipped yet — do not architect around it today. SLA targets: 99.9% on Pro/Team, 99.95% on Enterprise — committed in the MSA at signing. Currently in pre-launch waitlist phase, so a live availability metric is not yet meaningful; we will publish a public status page from launch.
Do you support BYOK / customer-managed encryption keys?
Not in the MVP. BYOK field-level encryption via AWS KMS / HashiCorp Vault is on the roadmap, prioritized by first enterprise prospect ask. If you need it to sign, talk to us — we will ship it for you and you will be the design partner.
Can I self-host or run on-prem?
Not yet. Self-hosted edition (Docker Compose + Helm) is planned for ~month 9-12 at the Enterprise tier. EU-hosted SaaS covers most data-residency asks in the meantime.
Why not build it ourselves?
You can — 2 senior engineers will ship the first cut in 4-8 weeks (€30k-€60k in salaries). What you trade for the time: (1) cryptographically-verifiable audit chain from day one, (2) EU AI Act Article 12/14/26 mapping done by experts not generalists, (3) cross-tenant pattern intelligence we publish quarterly, (4) the maintenance burden absorbed forever as Slack/frameworks/regulators change. Pliuz costs less per month than one day of one of your senior engineers.
What is the pricing?
Launch pricing — billing goes live at GA; today the SDK dev track is free and open-source. Free: 1 agent, 100 approvals/month. Pro €149/mo: 3 agents, unlimited approvals, Slack integration. Team €499/mo: 10 agents, multi-approver routing, audit export. Enterprise: custom (SSO, BYOK, dedicated cluster). No per-approval billing — we do not want you rationing approvals. Join the waitlist to lock in early-access terms.
I am in healthcare/finance. Are you HIPAA / SOC2 compliant?
SOC2 Type I planned for Q4 2026 — auditor selection in progress. HIPAA via BAA available on Enterprise tier once we have the design partner. EU AI Act Article 12 (audit logs) and Article 14 (human oversight) — the product is built to satisfy both; the legal certification is your auditor call, not ours.
Why should I trust a pre-revenue startup with my agent infrastructure?
You probably should not trust any startup with critical infrastructure without an exit path. Our exits: (a) SDKs are open-source so you can fork, (b) your audit data is yours — self-serve Ed25519-signed JSONL export, verifiable offline with our open-source verifier (no need to trust us at verify time), (c) the schema is documented so you can re-implement on top of Postgres if we disappear. We are betting you will stay because the product is good, not because you are locked in.

Early access · v0.1.x

Get on the list before launch.

Get early access — or start free today with the open-source SDKs, no email required. Running 3+ agents in production? You jump the queue.

Want to start today instead? Read the docs pip install pliuz, Apache 2.0, no email required.