pliuzv0.1.x
Get started
Menu
Featuresvs DIYSecurityDocsAbout
Sign in

The control plane for AI agents

Stop building your own approval handler.

Join the waitlist

Human approval and immutable audit trail for LLM agents in production. Python and TypeScript SDKs, hash-chained logs, EU-hosted. Live in 10 minutes.

01 — The problem

The agent took the action. You found out at 3am.

47 refunds

The 3am page

Your agent created 47 duplicate Stripe refunds overnight. You got paged at 03:14. You’re the single point of failure when an LLM screws up in production.

SEC-201

The CISO question you can’t answer

Pen-test asks: prove every agent action was either policy-approved or human-reviewed, with provenance. You have Slack history and git blame. You don’t have an answer.

6 months

The 6-month tax you priced as 2 sprints

You opened AGENT-447: "build approval layer (spike). 2 sprints." Six months later it’s still half-built, drowning in Slack-bot reliability tickets and policy edge cases.

02 — The solution

One decorator. One policy file. One audit log.

01

Install

pip install pliuz or npm install @pliuz/sdk. Wrap any risky tool call with @pliuz.gated(). Ships with LangChain and Vercel AI SDK adapters; the decorator is framework-agnostic, so it drops into LangGraph, CrewAI, or Claude Agent SDK loops too.

pip install pliuz
02

Gate

Your agent pauses. Pliuz evaluates the JSONLogic policy server-side. Low-risk auto-approves. High-risk routes to your approver group in Slack with one-click approve/reject/edit buttons.

@gated(policy="finance")
03

Audit

Every decision lands in an append-only events table chained by SHA-256. Run pliuz_verify_chain() — it returns OK or names the broken event. Export it as Ed25519-signed JSONL and verify it offline with our open-source verifier — your evidence for SOC2 / EU AI Act Article 12.

SELECT * FROM pliuz_verify_chain()

03 — What you get

Everything the approval layer needs. Nothing it doesn't.

Pliuz only

Per-event provenance: policy vs tool-flag.

Every audit event carries an auto_approve_source field — policy, tool_flag, or human. When the CISO asks "why did this action go through without review?" you have an exact answer, not a postmortem.

"auto_approve_source": "policy"

SHA-256 AUDIT CHAIN

0x9f…

gate

0x3a…

policy

0xc7…

human

0x1e…

exec

pliuz_verify_chain() -> OK

One decorator. Any framework.

Wrap any tool call in Python or TypeScript with one decorator. Ships with LangChain and Vercel AI SDK adapters; the decorator is framework-agnostic, so it drops into LangGraph, CrewAI, Claude Agent SDK, or custom runners — and any HTTP-capable runner (n8n, etc.) calls the REST API directly.

@pliuz.gated()

pip install pliuz · npm install @pliuz/sdk

Policies that auto-approve the boring stuff.

Write JSONLogic once: amounts under €100 auto-approve, payloads matching prod-customer-* auto-reject, everything else routes to a human. Server-side evaluation, deterministic, no LLM.

{"<": [{"var": "args.amount"}, 100]}

policies/finance.json

Hash-chained audit log your CISO can verify.

Every approval, edit, rejection, and execution lands in an append-only events table chained by SHA-256. Run pliuz_verify_chain() — it returns OK or names the broken event.

SELECT * FROM pliuz_verify_chain()

public verification RPC

EU-hosted, RLS on every table, DPA on day one.

Supabase Frankfurt by default. RLS enabled on all 18 tables. SDK-side redaction primitives. DPA available at /legal/dpa before contract. No LLMs in the critical path.

eu-central-1 · RLS × 18 tables

Oversight, built in

The exact flow from our docs — gate, decide, govern.

This is the real product — the same gate, decision and policy from the quickstart docs ↗.

agent.py
+2-0
1from pliuz import gated14@gated(redact=["customer.iban"], timeout_s=300)15def issue_refund(customer, amount_cents):16 return stripe.refunds.create(...)# blocks here until a human decides in Slack
open in dashboarda approve · r reject · ← → switch

04 — Security & trust

What we ship to make your CISO sleep.

  • EU-hosted by default

    Supabase Frankfurt (eu-central-1). US region planned, not default.

  • Append-only events table

    Cryptographic source of truth. Convenience tables are projections.

  • SHA-256 hash chain

    Verifiable by you via SELECT * FROM pliuz_verify_chain()

  • RLS on all 18 tables

    Multi-tenant isolation enforced at the database, not in the application.

  • No LLMs in the critical path

    Policy evaluation is deterministic JSONLogic. Your payload never touches an external model.

  • SDK-side redaction

    pliuz.mask("iban", "last4") lands the masked value in our DB. We never see the original.

  • Per-event auto_approve_source

    Every audit row says whether a human, a policy, or a tool flag approved the action.

  • Sub-processors listed publicly

    Supabase (EU), Cloudflare, Slack API at /legal/subprocessors

  • DPA at /legal/dpa

    Signable. Required for any EU customer; available before contract.

  • Encryption at rest AES-256

    TLS 1.3 in transit, no exceptions.

  • No training on customer payloads

    No payload inspection for "product improvement". No retention beyond your configured policy.

0

PRPs shipped

core backend, SDKs, auth, metrics, docs

0

audit event types

CHECK-constrained at DB level

0

tables with RLS

multi-tenant at the database

0

materialized views

refreshed every 60 seconds

0

JSONLogic operators

whitelisted — no eval, no exec

Apache 2.0

Open-source SDKs

Python + TypeScript on GitHub

05 — FAQ

Questions, answered straight.

What happens if Pliuz goes down? Does my agent halt?

Today the SDK fails closed, always: if Pliuz is unreachable, the gated call raises a typed error (PliuzNetworkError / PliuzApprovalTimeoutError) and your tool never executes — for high-risk actions, halting is safer than acting unsupervised. A per-call fail_open mode for low-risk tools (execute on outage, reconcile to the audit chain on reconnect) is on the SDK roadmap but is NOT shipped yet — do not architect around it today. SLA targets: 99.9% on Pro/Team, 99.95% on Enterprise — committed in the MSA at signing. Currently in pre-launch waitlist phase, so a live availability metric is not yet meaningful; we will publish a public status page from launch.

Do you support BYOK / customer-managed encryption keys?

Not in the MVP. BYOK field-level encryption via AWS KMS / HashiCorp Vault is on the roadmap, prioritized by first enterprise prospect ask. If you need it to sign, talk to us — we will ship it for you and you will be the design partner.

Can I self-host or run on-prem?

Not yet. Self-hosted edition (Docker Compose + Helm) is planned for ~month 9-12 at the Enterprise tier. EU-hosted SaaS covers most data-residency asks in the meantime.

Why not build it ourselves?

You can — 2 senior engineers will ship the first cut in 4-8 weeks (€30k-€60k in salaries). What you trade for the time: (1) cryptographically-verifiable audit chain from day one, (2) EU AI Act Article 12/14/26 mapping done by experts not generalists, (3) cross-tenant pattern intelligence we publish quarterly, (4) the maintenance burden absorbed forever as Slack/frameworks/regulators change. Pliuz costs less per month than one day of one of your senior engineers.

What is the pricing?

Launch pricing — billing goes live at GA; today the SDK dev track is free and open-source. Free: 1 agent, 100 approvals/month. Pro €149/mo: 3 agents, unlimited approvals, Slack integration. Team €499/mo: 10 agents, multi-approver routing, audit export. Enterprise: custom (SSO, BYOK, dedicated cluster). No per-approval billing — we do not want you rationing approvals. Join the waitlist to lock in early-access terms.

I am in healthcare/finance. Are you HIPAA / SOC2 compliant?

SOC2 Type I planned for Q4 2026 — auditor selection in progress. HIPAA via BAA available on Enterprise tier once we have the design partner. EU AI Act Article 12 (audit logs) and Article 14 (human oversight) — the product is built to satisfy both; the legal certification is your auditor call, not ours.

Why should I trust a pre-revenue startup with my agent infrastructure?

You probably should not trust any startup with critical infrastructure without an exit path. Our exits: (a) SDKs are open-source so you can fork, (b) your audit data is yours — self-serve Ed25519-signed JSONL export, verifiable offline with our open-source verifier (no need to trust us at verify time), (c) the schema is documented so you can re-implement on top of Postgres if we disappear. We are betting you will stay because the product is good, not because you are locked in.

Early access · v0.1.x

Your agent is already acting. Start watching it.

Join the waitlist to lock in early-access terms. Running 3+ agents in production? You jump the queue.

pip install pliuz · Apache 2.0 · SDKs open-source on GitHub