NIST SP 800-53 controlsMCP tool-call boundarySelf-hosted, air-gap capableSOC 2 in progress
RUNTIME ENFORCEMENT · VERIFIABLE AUDIT · RUST

Enforce what your AI agents do.
Prove it cryptographically.

Most AI-governance tools document and score policy. Daylite enforces it at runtime and proves what the agent actually did, cryptographically, inside your own environment.

Daylite sits at the MCP tool-call boundary. It checks each agent action against your policy before the action runs. It allows, denies, or routes the call to a human, then writes what happened to a record you can verify later.

That record is append-only, hash-chained, and signed. Think of it as a flight recorder for your agents. An auditor verifies it offline and confirms nothing was changed after the fact.

Daylite gates each tool-call, then records the decision and the result
Agent
requests a tool-call
Daylite gate
policy check before it runs
Tool or LLM
runs only if allowed
What was requested
tool, arguments, actor
What policy decided
allow, deny, or human review
What actually ran
signed, hash-chained record
Runs in your VPC or on-premAir-gap capableData never leaves your environmentOffline-verifiable
Selling AI to enterprises?

Stuck on the AI section of a security review. The AI Security Review Kit answers it in an afternoon.

What Daylite is

Daylite is the runtime enforcement and audit layer for AI agents in regulated enterprises. It is a self-hosted Rust binary that sits at the MCP tool-call boundary. Every time an agent tries to call a tool, Daylite checks the call against your policy and decides whether it runs. Then it writes a tamper-evident, cryptographically signed record of what was requested, what policy decided, and what actually executed.

Enforces policy at runtime, not after the fact
Evidence holds up where mutable logs fail
Runs in finance, healthcare, and defense environments
Deploys in minutes with Docker

How it works

Two jobs, both at the boundary where the agent meets your systems. Gate the call before it runs. Record what happened in a way an auditor can verify.

1 · Gate
Check each tool-call before it executes.
Daylite intercepts the MCP request. It scans the arguments for secrets and PII, checks the data classification, and applies your per-tool policy. The verdict is allow, deny, or send to a human for approval. A denied tool never runs, and it never even appears in the agent's tool list.
Allow, deny, or require human approval
Secret and PII scan on the arguments
Per-tool policy and classification ceiling
Denied tools hidden from the agent
2 · Prove
Emit a record an auditor can verify offline.
Every decision lands in an append-only log. Each entry chains to the one before it with SHA-256 and carries an HMAC-SHA-256 signature. Change any past entry and the chain breaks. Your team exports the record and an auditor checks it offline, with no trust in Daylite required.
Append-only, hash-chained, signed
Records request, decision, and result
Offline verification at /v1/audit/verify
Open evidence format, no lock-in
tool-call responseMCP proxy · JSON-RPC 2.0
# Daylite response headers on /v1/mcp/proxy
X-Daylite-Verdict: deny  # policy blocked the call
X-Daylite-Audit: chained  # recorded in the hash-chain
X-Daylite-Agent: 018f3c4a-...  # UUIDv7 step identity

Document the policy, or enforce it.

The funded governance tools live in the documentation layer. They help legal and risk teams write policies, map them to frameworks, and produce reports. They sit out-of-band from the running system. Daylite sits in the execution path.

Document and score
Vanta, Drata, Credo AI, OneTrust, IBM watsonx.governance
· Map policy to frameworks and produce reports
· Collect evidence from application state and screenshots
· Sit out-of-band from the agent at runtime
· Cannot block a non-compliant agent action

They prove a policy exists. Keep them for that.

Enforce and prove
Daylite
Gates each tool-call against policy before it runs
Produces cryptographic proof of what the agent did
Sits in the execution path, at the tool-call boundary
Self-hosted, so cloud-only tools cannot follow into air-gap

It proves the policy was enforced. Daylite sits beneath the documentation tools, it does not replace them.

Built to map to the controls auditors know

The approach maps to NIST SP 800-53 controls. Daylite ships a control mapping you can query at /v1/compliance/nist-800-53. It also tracks the direction of NIST's emerging Control Overlays for Securing AI Systems (the COSAiS work, NISTIR 8605 series). This is alignment, not a certification claim.

AU-9Protection of Audit Information
Append-only, hash-chained log. Tampering breaks the chain.
AU-10Non-repudiation
HMAC-SHA-256 signature on every entry.
AC-3Access Enforcement
Per-tool policy decides allow or deny at runtime.
AC-4Information Flow Enforcement
Data classification ceiling gates where data can go.
SI-10Information Input Validation
Secret and PII scan on tool-call arguments.
SC-13Cryptographic Protection
Crypto runs through AWS-LC, a FIPS 140-3 validated library.

Daylite is built on AWS-LC, a FIPS 140-3 validated cryptographic library. Daylite itself is not CMVP product-certified. SOC 2 is in progress with Drata, not yet complete.

Who needs this

Teams shipping AI agents into regulated workflows, from AI-native startups in finance, insurance, and healthcare to the institutions they sell into, where a mutable log does not survive an audit and data cannot leave the building.

Finance
DORA · SEC · OCC

Examiners ask you to reconstruct exactly what an autonomous agent did on a given date. Daylite produces a tamper-evident record that answers, and it runs inside your own environment.

Healthcare
HIPAA

PHI cannot leave your perimeter. Daylite gates tool-calls and scans arguments for PHI before anything runs, then keeps a signed record of every decision.

Defense and public sector
Air-gap

Air-gapped networks rule out cloud-only governance tools. Daylite is a single self-hosted binary that runs with no internet and emits evidence you can verify offline.

Regulated AI deployers
EU AI Act

When you put agents in front of consequential decisions, you need to enforce policy at runtime and prove you did. Daylite is that layer.

Why a normal log is not enough

Two questions every technical buyer asks. Here are straight answers.

We already write logs to our SIEM.
Those logs are application state. Anyone with write access can change them, and an auditor knows that. Daylite produces a record where any change to a past entry breaks the hash-chain, so the evidence holds up where a mutable log does not. It also forwards to your SIEM, it does not replace it.
Why not build the hash-chain ourselves?
You can build a hash-chain in a week. Keeping a signed chain of custody that survives a regulator, wiring it to runtime enforcement at the tool-call boundary, and running it air-gapped on FIPS-validated crypto is a product, not a sprint. That is the part Daylite owns.

Deploys in minutes

One container in your environment. Docker ships today. Point your agents at the MCP proxy and the gate and the audit chain are live. No six-month integration.

shellDocker
docker run -p 8080:8080 \
  -e DATABASE_URL=postgres://daylite:secret@db/daylite \
  ghcr.io/daylite-ai/daylite:latest

# MCP proxy live on :8080. Gate active, hash-chain recording.
# Point your agents at /v1/mcp/proxy.

A Helm chart for Kubernetes is on the roadmap. Docker and docker-compose are what ship today, including inside air-gapped networks by transferring the image through approved media.

CRYPTOGRAPHY
AWS-LC, FIPS 140-3 validated library
Library-level validation. Daylite is not CMVP product-certified.
SOC 2
In progress with Drata
Not yet certified. We publish evidence as it lands.
DEPLOYMENT
Self-hosted, air-gap capable
Single Rust binary. Zero egress. Data stays in your environment.

Questions your security and compliance team will ask

How is this different from Vanta, Drata, Credo AI, or OneTrust?

Those tools document and score policy. They map it to frameworks and produce reports, and they sit out-of-band from the running agent. They cannot block a non-compliant tool-call. Daylite enforces policy at the tool-call boundary at runtime, and produces cryptographic proof of what the agent actually did. Keep your governance tool for documentation. Daylite sits beneath it.

What about Runlayer, Operant, or other MCP gateways?

They do runtime interception and access control, mostly cloud or VPC. That overlaps with us, and we compete on depth. Daylite is built for true air-gap, with FIPS-validated crypto and a tamper-evident hash-chained audit as the core artifact you hand a regulator, not just access control. If you need that depth in a regulated environment, that is our lane.

What does 'built on FIPS-validated cryptography' actually mean?

Daylite runs its cryptography through AWS-LC, a FIPS 140-3 validated cryptographic library. Daylite itself is not product-certified under CMVP, and we do not claim a CMVP certificate. Commercial enterprise procurement under SOC 2, HIPAA, and DORA accepts library-level validation. FedRAMP High and certain DoD contracts require product-level CMVP, which is on the roadmap.

How does an auditor actually use the evidence?

Your team runs one command to export the record. The auditor verifies the hash-chain offline with the verify tool, confirms no entry was changed after it was written, and reviews the decisions. The format is open, so there is no lock-in on the evidence itself. No trust in Daylite is required to check it.

Where does the data go?

Nowhere. Daylite is self-hosted and air-gap capable. It runs in your VPC, on-prem, or in a disconnected network. Data never leaves your environment. That is the point, and it is why cloud-only governance tools cannot follow you into banking and defense deployments.

How long does it take to stand up?

Minutes. Docker ships today. Run the container, point your agents at the MCP proxy, and the gate and the audit chain are live. A Helm chart for Kubernetes is on the roadmap.

Talk to us

A working session on your regulatory requirements, your deployment environment, and how the gate and the audit chain fit your agents. Not a sales pitch.

Or reach out directly at hello@daylite.ai