Module · Govern

Govern every agent in production

A transparent proxy across OpenAI, Anthropic, Bedrock, and Vertex AI. Apply policies, prevent data leaks, capture full audit trails, and cut token spend without changing a line of agent code.

Request a demo Read the docs
What it does

The control plane for live agents

Govern sits in the request path between your agents and any LLM provider. Point your client at the RenLayer URL, attach a few request headers, and the proxy starts enforcing policies, scanning for sensitive data, capturing audit logs, and optimizing tokens on every call.

There is no SDK to install and no client code to rewrite. The proxy adds under 10ms of latency per request and can be disabled at any time without breaking your agents.

Capabilities

What you get on every request

Full visibility & cost control

See every agent in real time: status, provider, token usage, cost, and errors. One dashboard across the entire fleet, with no sampling and no blind spots.

Intelligent control policies

Block, allow, or flag requests by cost, provider, model, or content. Start from predefined templates or write custom rules; agents run within the limits you set.

Data leak prevention (DLP)

Detect and block sensitive data before it reaches any LLM provider: credit cards, SSNs, API keys, Stripe keys, AWS and GCP credentials, GitHub and Slack tokens, private RSA/EC keys, and high-entropy strings.

Automatic cost optimization

Cut spend without touching code. Request compression, empty-field removal, and prompt-cache optimization reduce tokens sent while preserving output quality.

Compliance-grade audit log

Every request is recorded with structured metadata: agent, session, model, tokens, cost, latency, policy matches, DLP findings, and severity. Configurable retention.

Kill switch and budget caps

Halt a single agent, a team, or your full fleet from a single switch. Set per-agent and per-team budget caps to prevent runaway spend.

What we detect

Provider and DLP coverage

  • LLM providers OpenAI, Azure OpenAI, Anthropic, Google Vertex AI and Gemini, AWS Bedrock, Cohere, Mistral, HuggingFace Forwarding happens at the HTTP layer, so new providers can be added without changes on the client side.
  • Secrets DLP Cloud provider keys, payment platform keys, version-control and chat tokens, private cryptographic keys, high-entropy strings Custom regex detectors are supported per tenant.
  • PII DLP Credit cards, national IDs, email addresses, phone numbers, financial data Every finding is classified by severity so you can block or just alert.
  • Audit metadata Tokens in/out, cost, latency, policy matches, DLP findings, request preview Body persistence depends on deployment tier: managed SaaS keeps a small preview plus cryptographic hashes; Hybrid and on-prem modes leave full bodies on your infrastructure.
How it works

Three steps to production

  1. Point your client at the proxy

    Change the base URL of your LLM client to the RenLayer endpoint. No SDK or framework changes required.

  2. Attach the request metadata

    A few headers tell RenLayer the upstream provider, the agent and the session. Most teams are integrated end-to-end in under 24 hours.

  3. Set policies and watch the dashboard

    Define DLP rules, cost caps, and per-agent policies in the console; oversee every request in real time.

Frequently asked questions

Frequently asked questions

Which LLM providers are supported?

OpenAI, Azure OpenAI, Anthropic, Google Vertex AI and Gemini, AWS Bedrock, Cohere, Mistral, and HuggingFace. Because the proxy forwards at the HTTP layer rather than wrapping an SDK, new providers can be added without client-side changes.

How much latency does Govern add?

Less than 10ms per request in production. Enrichment, logging, and optimization happen asynchronously after the response is streamed, so clients never wait on governance logic.

Do I have to change my agent code?

No. You change the base URL and attach a few request headers. RenLayer is framework-agnostic and works with LangChain, LlamaIndex, CrewAI, Mastra, the Vercel AI SDK, the OpenAI Agents SDK, or any custom client.

Where is request data stored?

It depends on the deployment tier. In managed SaaS, full bodies are not persisted; only a small preview and cryptographic hashes are kept. In Hybrid mode, full bodies stay on your infrastructure and only metadata crosses the network. In on-prem deployments, nothing leaves your VPC.

Can I roll Govern back without breaking my agents?

Yes. Govern is a transparent proxy: switch the base URL back to the provider and your agents keep working. There is no lock-in.

Join our Design Program

Join the Design Program View documentation