Everything You Need to Govern AI at Scale
One SKU. Every governance capability in the box from day one — from your first API call to enterprise audit and compliance.
YAML DSL for model allowlists, token limits, MCP tool restrictions, budget-based downgrades, and time-of-day rules. Dry-run mode before activation. Draft → Active → Shadow lifecycle with versioning and rollback.
In-process PII detection (regex always-on + Phileas opt-in with 17 filter types), prompt-injection and jailbreak detection, content filters, output-schema enforcement, and grounding/hallucination checks. OWASP LLM05 / LLM07 / LLM10 patterns. Optional ML classifiers (Lakera, Shield Gemini) and HTTP plugins.
Every request HMAC-SHA256 signed with hash-chain integrity verification. Tamper detection built in. SOC2, HIPAA, and GDPR evidence packages generated on demand.
MCP server registry and governed tool-call proxy with PII scanning on arguments and responses, human approval gates, and credential centralisation. Agent loop detection with auto-kill, session tracking across LLM and MCP calls, full session timeline.
Row-level tenant isolation on every query. Each tenant brings their own provider keys (AES-256-GCM at rest or vault-reference). Strict-BYOK rejects platform fallback when enabled. 3-level config hierarchy: global → tenant → API key.
Real-time per-request cost calculation. Budget caps per tenant, team, or API key. Automatic model downgrade at soft limit. Chargeback reports and cost forecasting.
Drop-in OpenAI-compatible endpoint. Route to OpenAI, Anthropic, Gemini, Azure, Bedrock, Ollama and 8 more with zero code changes. Streaming, structured outputs, and vision built-in.
Round-robin, weighted, capability-aware, latency-aware, and cost-aware routing. Circuit breakers, failover, and retry with exponential backoff. Canary and A/B testing.
Prometheus metrics, OpenTelemetry distributed tracing, structured JSON logging. Reference Grafana dashboards in dvara-examples. Unified traces spanning LLM turns and MCP tool calls.
Two Governed Data Planes. One Control Plane.
The LLM Gateway sits at the edge for model traffic. The MCP Proxy sits inside your perimeter for tool calls. Both share the same policies, audit trail, and API keys.
Built for Production Scale
Governance with zero performance tax. Every layer is optimised for throughput — lightweight concurrency, tamper-evident audit, multi-layer caching, and zero-copy streaming.
Governance Is the Architecture, Not a Feature
In every competitor, governance is bolted onto a proxy. In DVARA, governance is the design constraint that shaped every layer.
Full YAML DSL with version control, conflict detection at load time, and dry-run mode that evaluates the policy against a provided context before activation. Your auditors get proof that policies were tested before deployment.
Every record HMAC-SHA256 signed and hash-chained on the response path. Chain continuity is verifiable end-to-end — any gap or alteration is detectable. Append-only by application invariant, not by hopeful convention.
Separately deployed, centrally governed MCP Proxy. Every tool call audited, policy-checked, and PII-scanned. Credential centralisation. Human approval gates enforced at execution.
Full OpenTelemetry trace spanning LLM turns + MCP calls. Agent loop detection with auto-kill. Human-in-the-loop approval for high-risk tool calls. Session-level cost and compliance summary.
Audit-Ready from Day One
Generate compliance evidence packages on demand. Every request is immutably logged, every policy decision recorded, every PII event tracked.
How DVARA Compares
The structural gaps in every competitor are not feature gaps — they require architectural redesigns to close.
| DVARA | LiteLLM | Portkey | Kong AI | Cloudflare | Helicone | AWS Bedrock | Bifrost | TrueFoundry | Databricks | |
|---|---|---|---|---|---|---|---|---|---|---|
| Core Gateway | ||||||||||
| OpenAI-compatible unified API | ✓ | ✓ | ✓ | ∼ | ✓ | — | — | ✓ | ✓ | ✓ |
| SSE streaming (zero-copy pass-through) | ✓ | ✓ | ✓ | ✓ | ✓ | — | ✓ | ✓ | ✓ | ✓ |
| Structured outputs on Anthropic + Gemini | ✓ | ∼ | ∼ | — | — | — | — | — | — | — |
| Multi-provider (OpenAI, Anthropic, Gemini, Bedrock, Azure, Ollama) | ✓ | ✓ | ✓ | ∼ | ∼ | ✓ | ∼ | ✓ | ✓ | ∼ |
| Designed for 10K+ RPS per node | ✓ | ∼ | ∼ | ✓ | ✓ | — | ✓ | ∼ | ∼ | ✓ |
| Routing & Resilience | ||||||||||
| Weighted routing + failover | ✓ | ✓ | ✓ | ✓ | ∼ | — | — | ✓ | ✓ | — |
| Latency-aware routing (EWMA P95) | ✓ | ∼ | ∼ | — | — | — | — | ∼ | — | — |
| Cost-aware routing | ✓ | — | ∼ | — | — | — | — | — | — | — |
| Canary + A/B routing | ✓ | — | ∼ | — | — | — | — | — | — | — |
| Per-provider circuit breaker | ✓ | ∼ | ∼ | ✓ | — | — | — | ∼ | ∼ | — |
| Capability-aware route filtering | ✓ | — | — | — | — | — | — | — | — | — |
| Policy & Governance | ||||||||||
| Policy-as-Code engine (YAML DSL) | ✓ | — | — | ∼ | — | — | — | — | ∼ | — |
| Policy dry-run before activation | ✓ | — | — | — | — | — | — | — | — | — |
| Policy versioning + rollback | ✓ | — | — | ∼ | — | — | — | — | — | — |
| RBAC access control | ✓ | ∼ | ∼ | ✓ | — | — | ✓ | — | ✓ | ✓ |
| SSO (OIDC / SAML) | ✓ | ∼ | ✓ | ✓ | — | ✓ | ✓ | — | ✓ | ✓ |
| PII & Data Protection | ||||||||||
| PII detection + redaction (LLM + MCP) | ✓ | — | ∼ | — | — | — | ∼ | — | ∼ | — |
| DLP custom patterns per tenant | ✓ | — | — | — | — | — | — | — | — | — |
| Reversible tokenisation | ✓ | — | — | — | — | — | — | — | — | — |
| EU data residency guaranteed | ✓ | — | — | ∼ | ∼ | — | ∼ | — | ∼ | ∼ |
| Right to erasure (GDPR) | ✓ | — | — | — | — | — | — | — | — | — |
| MCP Proxy & Tool Governance | ||||||||||
| MCP tool calls proxied & governed | ✓ | — | — | — | — | — | — | — | — | — |
| MCP server registry + credential store | ✓ | — | — | — | — | — | — | — | — | — |
| MCP argument-level policy rules | ✓ | — | — | — | — | — | — | — | — | — |
| MCP PII scanning (args + response) | ✓ | — | — | — | — | — | — | — | — | — |
| MCP rate limiting + circuit breaker | ✓ | — | — | — | — | — | — | — | — | — |
| Agentic AI Governance | ||||||||||
| Human approval gate (enforced at exec) | ✓ | — | — | — | — | — | — | — | — | — |
| Agent loop detection + kill switch | ✓ | — | — | — | — | — | — | — | — | — |
| Multi-agent session tracking | ✓ | — | — | — | — | — | — | — | — | — |
| Full OTel trace: LLM turns + MCP calls | ✓ | — | ∼ | — | — | ∼ | — | — | ∼ | ∼ |
| Audit & Compliance | ||||||||||
| Immutable HMAC-signed audit log | ✓ | — | — | — | — | — | ∼ | — | — | ∼ |
| SOC2 / HIPAA / GDPR evidence packages | ✓ | — | ∼ | — | — | ∼ | ∼ | — | — | ∼ |
| SIEM export (Splunk, CloudWatch, Kafka) | ✓ | — | ∼ | ∼ | — | ∼ | ✓ | — | ∼ | ✓ |
| Scheduled compliance reports (PDF + JSON) | ✓ | — | — | — | — | — | — | — | — | — |
| FinOps & Cost Control | ||||||||||
| Real-time cost per request (USD) | ✓ | ✓ | ✓ | — | — | ✓ | ∼ | — | ✓ | ∼ |
| Budget caps (soft + hard) per tenant | ✓ | ∼ | ∼ | — | — | ∼ | — | — | ∼ | — |
| Auto model downgrade on budget threshold | ✓ | — | — | — | — | — | — | — | — | — |
| Chargeback reports per tenant/team | ✓ | — | ∼ | — | — | ∼ | — | — | ∼ | — |
| Guardrails & Safety | ||||||||||
| Prompt firewall (pre + post filter pipeline) | ✓ | — | ∼ | ∼ | ∼ | — | ✓ | — | ∼ | ∼ |
| Jailbreak detection | ✓ | — | ∼ | — | — | — | ✓ | — | ∼ | ∼ |
| Output sanitization (XSS, SQLi, SSRF) | ✓ | — | — | — | — | — | — | — | — | — |
| System prompt leakage detection | ✓ | — | — | — | — | — | — | — | — | — |
| Content policy filters per tenant | ✓ | — | ∼ | — | ∼ | — | ✓ | — | ∼ | ∼ |
| Deployment & Infrastructure | ||||||||||
| Air-gapped / on-prem deployment | ✓ | ∼ | — | ✓ | — | — | — | — | ✓ | — |
| Multi-region active-active | ✓ | — | ∼ | ✓ | ✓ | — | ✓ | — | ∼ | ✓ |
| Kubernetes Helm chart + HPA | ✓ | ✓ | ∼ | ✓ | — | — | — | — | ✓ | — |
| Hot config propagation (< 5s) | ✓ | — | — | ∼ | — | — | — | — | ∼ | ∼ |
| Observability | ||||||||||
| Prometheus metrics + Grafana dashboards | ✓ | ✓ | ∼ | ✓ | — | ∼ | ∼ | — | ✓ | ∼ |
| OpenTelemetry distributed tracing | ✓ | ∼ | ∼ | ∼ | — | — | ∼ | — | ∼ | ∼ |
| Per-tenant analytics | ✓ | ∼ | ✓ | — | — | ✓ | ∼ | — | ∼ | ∼ |
| Anomaly detection for traffic patterns | ✓ | — | — | — | — | — | — | — | — | — |
Developers Love It. Compliance Requires It.
Every stakeholder gets exactly what they need from the same platform.
One endpoint. Drop-in compatibility. Route to any provider with automatic failover. Add streaming, rate limiting, and observability in minutes.
Two governed data planes, one control plane. LLM Gateway at the edge, MCP Proxy inside the perimeter. Adopt incrementally — add tool governance when agents go to production.
Immutable audit trail with tamper-evident signatures. PII detected and redacted before reaching providers. Compliance evidence packages generated on demand.
Hard policy enforcement at the gateway. PII blocked before it leaves your network. Role-based access to authorised models only. Every request logged and auditable.
Real-time cost tracking per request. Budget caps that automatically enforce. Monthly chargeback reports. Smart caching reduces repeated token spend by up to 40%.
Two governed data planes — AI at the edge, tools inside the perimeter — managed as one. Production-grade performance. Enterprise-ready from day one.
See It in Action.
Start Your Free Trial Today.
Full access for 30 days. No credit card. Deploy in under 2 minutes and see governance working on your first request.