pactflow
Log inGet started

Agent OS · Policy-Compiled

Every agent in your org, in one control plane

Register, scope, and gate every AI agent against compiled policy. If it isn't in Agent OS, it isn't running.

Get startedRead the docs
agent-os · registry
312Agents
100%Policy coverage
9Teams
support-agent · support-agents governed
billing-agent · finance-strict governed
intake-agent · hipaa-vpc governed
sandbox-bot · quarantined

Governing agents at

NorthwindMeridianHalcyonAtlas BankVeratech

A registry, a policy engine, and an enforcement layer

Central registry

Every agent, its owner, its scopes, and its policy discoverable in one place across clouds and vendors.

Policy engine

Compile guardrails from code and bind them to identity, model, tools, and data at every call.

Real-time enforcement

Decisions happen inline a blocked tool or model never reaches your users, and every call is logged.

Identity-aware

Scopes bound to who, not just what

pactflow resolves the caller's identity through your IdP, then grants each agent only the permissions that identity and policy allow. Least privilege, enforced per request.

How enforcement works
grant agent="support" for="role:agent.cs":
    tools:  allow("zendesk.read", "refund.lt(50)")
    data:   scope("tenant")
    deny:   "export.*"
✓ resolved via Okta · enforced inline

Deploy anywhere

Your cloud, your VPC, your rules

Run Agent OS as managed SaaS or install it entirely inside your own infrastructure. Models can be pinned so data never leaves your boundary. SSO, SCIM, and RBAC are built in.

Compare deployment options
deployment
region: vpc-us-east isolated
SSO · SCIM on
models pinned in-boundary on
audit → Splunk streaming

Put every agent under one roof.

Get startedExplore Change Control