Capabilities

Everything You Need to Govern AI at Scale

From quickstart to enterprise compliance. Full-featured gateway with governance layers that grow with your requirements.

🔄

Multi-Provider Unified API

Drop-in OpenAI-compatible endpoint. Route to OpenAI, Anthropic, Gemini, Azure, Bedrock, or Ollama with zero code changes. Streaming, structured outputs, and vision built-in.

🛡

Policy-as-Code Engine

YAML DSL for model allowlists, token limits, MCP tool restrictions, budget-based model downgrades, and time-of-day rules. Dry-run against historical traffic before activation.

🔏

Immutable Audit Trail

HMAC-SHA256 signed, append-only audit records. PostgreSQL RLS prevents tampering. SOC2, HIPAA, and GDPR evidence packages generated on demand.

🤖

MCP Tool Call Governance

Separately deployed MCP Proxy governs every tool call. PII scanning on arguments and responses. Human approval gates for high-risk operations. Credential centralisation.

💰

FinOps & Cost Control

Real-time per-request cost calculation. Budget caps per tenant, team, or API key. Automatic model downgrade at soft limit. Chargeback reports and cost forecasting.

🚨

PII Detection & Redaction

Detect and redact emails, phone numbers, SSNs, credit cards, and custom patterns before they reach any provider. Configurable per-tenant: block, redact, or flag.

⚡

Intelligent Routing

Round-robin, weighted, capability-aware, latency-aware, and cost-aware routing. Circuit breakers, failover, and retry with exponential backoff. Canary and A/B testing.

🔍

Full Observability

Prometheus metrics, OpenTelemetry distributed tracing, structured JSON logging. Pre-built Grafana dashboards. Unified traces spanning LLM turns and MCP tool calls.

🌀

Agentic AI Governance

Agent loop detection with auto-kill. Session tracking across LLM and MCP calls. Human-in-the-loop approval gates enforced at execution. Full session timeline and analytics.

Architecture

Two Governed Data Planes. One Control Plane.

The LLM Gateway sits at the edge for model traffic. The MCP Proxy sits inside your perimeter for tool calls. Both share the same policies, audit trail, and API keys.

LLM Data Plane

</>

Your App

Agent / API Client

{ }

LLM Gateway

:8080

Providers

OpenAI · Anthropic · Gemini

Control Plane

PoliciesAuthAuditBudgetsPII

MCP Data Plane

</>

Your App

Agent / IDE

{ }

MCP Proxy

:8070

Tools

DB · FS · Slack · APIs

Performance

Built for Production Scale

Governance with zero performance tax. Every layer is optimised for throughput — lightweight concurrency, non-blocking audit, multi-layer caching, and zero-copy streaming.

10,000+RPS

per node on 4 cores

Lightweight concurrency model handles thousands of simultaneous requests with minimal memory overhead.

<10ms

added gateway latency

Policy checks in under 3 ms. Audit writes in under 1 µs. Governance adds near-zero overhead to your AI calls.

<1µs

audit write latency

Append-only, crash-safe audit writes that never block the request path — even at peak throughput.

99.99%

uptime SLA

Multi-region active-active with automatic failover in under 30 seconds. Data residency preserved during failover.

Lightweight Concurrency

Handles 10,000+ concurrent connections per node with minimal memory per request. No thread pool tuning required.

Zero-Copy Streaming

SSE tokens flushed immediately with no buffering or rewriting. First token arrives the instant the provider emits it.

Non-Blocking Audit

Append-only, crash-safe audit writes that happen off the critical path. Sub-microsecond latency with no performance impact.

Multi-Layer Caching

95%+ hit rate on policy, auth, and config lookups. In-process cache eliminates network round-trips on every request.

Automatic Failover

Per-provider health monitoring with instant failover on degradation. Requests reroute seamlessly — your users never notice.

Fast Cold Start

Sub-100 ms startup with a minimal memory footprint. Ideal for auto-scaling, serverless, and edge deployments.

Why DVARA

Governance Is the Architecture, Not a Feature

In every competitor, governance is bolted onto a proxy. In DVARA, governance is the design constraint that shaped every layer.

Policy-as-Code with Dry-Run

Competitors: config flags or basic allowlists.

Full YAML DSL with version control, conflict detection at load time, and dry-run mode that tests against real historical traffic. Your auditors get proof that policies were tested before deployment.

Immutable, HMAC-Signed Audit

Competitors: log to stdout or a mutable database.

Every record HMAC-SHA256 signed at write. PostgreSQL RLS blocks UPDATE/DELETE. Chronicle Queue writes < 1 microsecond with zero GC pressure. Tamper-evident by design.

MCP Proxy — No Competitor Has This

Competitors: governance stops at the LLM boundary.

Separately deployed, centrally governed MCP Proxy. Every tool call audited, policy-checked, and PII-scanned. Credential centralisation. Human approval gates enforced at execution.

Agentic AI Governance

Competitors: nothing meaningful for agent loops.

Full OpenTelemetry trace spanning LLM turns + MCP calls. Agent loop detection with auto-kill. Human-in-the-loop approval for high-risk tool calls. Session-level cost and compliance summary.

Compliance

Audit-Ready from Day One

Generate compliance evidence packages on demand. Every request is immutably logged, every policy decision recorded, every PII event tracked.

Compliance OverviewLive

SOC2

SOC 2 Type II

Ready

HIPAA

Ready

GDPR

Ready

EU AI

EU AI Act

Ready

99.97%

Audit Coverage

<1µs

Write Latency

Tampered

24/7

Reports

Recent Audit Events

12:04:32LLM Requestpolicy: ALLOWpii: CLEANHMAC signed

12:04:31MCP Tool Callpolicy: ALLOWpii: REDACTEDHMAC signed

12:04:29LLM Requestpolicy: DENYpii: CLEANHMAC signed

12:04:28MCP Tool Callpolicy: ALLOWpii: CLEANHMAC signed

12:04:26LLM Requestpolicy: ALLOWpii: CLEANHMAC signed

12:04:24LLM Requestpolicy: ALLOWpii: REDACTEDHMAC signed

12:04:22MCP Tool Callpolicy: DENYpii: CLEANHMAC signed

12:04:20LLM Requestpolicy: ALLOWpii: CLEANHMAC signed

12:04:32LLM Requestpolicy: ALLOWpii: CLEANHMAC signed

12:04:31MCP Tool Callpolicy: ALLOWpii: REDACTEDHMAC signed

12:04:29LLM Requestpolicy: DENYpii: CLEANHMAC signed

12:04:28MCP Tool Callpolicy: ALLOWpii: CLEANHMAC signed

12:04:26LLM Requestpolicy: ALLOWpii: CLEANHMAC signed

12:04:24LLM Requestpolicy: ALLOWpii: REDACTEDHMAC signed

12:04:22MCP Tool Callpolicy: DENYpii: CLEANHMAC signed

12:04:20LLM Requestpolicy: ALLOWpii: CLEANHMAC signed

Immutable Audit Trail

HMAC-SHA256 signed, append-only records. PostgreSQL RLS prevents tampering.

Scheduled Reports

Weekly or monthly compliance report delivery in PDF and JSON.

PII Detection Log

Every redaction event logged with action taken, pattern matched, and tenant context.

Policy Decision Records

Every request logs ALLOW/DENY with rule ID and reason. Full dry-run history.

Right to Erasure

GDPR tenant data purge pipeline with confirmation and audit trail.

Data Residency

Per-tenant region pinning. EU tenant traffic never leaves EU — enforced during failover.

Comparison

How DVARA Compares

The structural gaps in every competitor are not feature gaps — they require architectural redesigns to close.

	DVARA	LiteLLM	Portkey	Kong AI	Cloudflare	Helicone	AWS Bedrock	Bifrost
Core Gateway
OpenAI-compatible unified API	✓	✓	✓	∼	✓	—	—	✓
SSE streaming (zero-copy pass-through)	✓	✓	✓	✓	✓	—	✓	✓
Structured outputs on Anthropic + Gemini	✓	—	—	—	—	—	—	—
Multi-provider (OpenAI, Anthropic, Gemini, Bedrock, Azure, Ollama)	✓	✓	✓	∼	∼	✓	∼	✓
Virtual thread concurrency (10K+ RPS)	✓	∼	∼	✓	✓	—	✓	∼
Routing & Resilience
Weighted routing + failover	✓	✓	✓	✓	∼	—	—	✓
Latency-aware routing (EWMA P95)	✓	∼	∼	—	—	—	—	∼
Cost-aware routing	✓	—	∼	—	—	—	—	—
Canary + A/B routing	✓	—	∼	—	—	—	—	—
Per-provider circuit breaker	✓	∼	∼	✓	—	—	—	∼
Capability-aware route filtering	✓	—	—	—	—	—	—	—
Policy & Governance
Policy-as-Code engine (YAML DSL)	✓	—	—	∼	—	—	—	—
Policy dry-run before activation	✓	—	—	—	—	—	—	—
Policy versioning + rollback	✓	—	—	∼	—	—	—	—
RBAC + ABAC access control	✓	—	∼	✓	—	—	✓	—
SSO (OIDC / SAML)	✓	—	✓	✓	—	✓	✓	—
PII & Data Protection
PII detection + redaction (LLM + MCP)	✓	—	—	—	—	—	—	—
DLP custom patterns per tenant	✓	—	—	—	—	—	—	—
Reversible tokenisation	✓	—	—	—	—	—	—	—
EU data residency guaranteed	✓	—	—	∼	—	—	∼	—
Right to erasure (GDPR)	✓	—	—	—	—	—	—	—
MCP Proxy & Tool Governance
MCP tool calls proxied & governed	✓	—	—	—	—	—	—	—
MCP server registry + credential store	✓	—	—	—	—	—	—	—
MCP argument-level policy rules	✓	—	—	—	—	—	—	—
MCP PII scanning (args + response)	✓	—	—	—	—	—	—	—
MCP rate limiting + circuit breaker	✓	—	—	—	—	—	—	—
Agentic AI Governance
Human approval gate (enforced at exec)	✓	—	—	—	—	—	—	—
Agent loop detection + kill switch	✓	—	—	—	—	—	—	—
Multi-agent session tracking	✓	—	—	—	—	—	—	—
Full OTel trace: LLM turns + MCP calls	✓	—	∼	—	—	∼	—	—
Audit & Compliance
Immutable HMAC-signed audit log	✓	—	—	—	—	—	∼	—
SOC2 / HIPAA / GDPR evidence packages	✓	—	—	—	—	—	∼	—
EU AI Act compliance engine	✓	—	—	—	—	—	—	—
SIEM export (Splunk, CloudWatch, Elastic)	✓	—	∼	∼	—	∼	✓	—
Scheduled compliance reports (PDF + JSON)	✓	—	—	—	—	—	—	—
FinOps & Cost Control
Real-time cost per request (USD)	✓	✓	✓	—	—	✓	∼	—
Budget caps (soft + hard) per tenant	✓	∼	∼	—	—	∼	—	—
Auto model downgrade on budget threshold	✓	—	—	—	—	—	—	—
Chargeback reports per tenant/team	✓	—	∼	—	—	∼	—	—
Guardrails & Safety
Prompt firewall (pre + post filter pipeline)	✓	—	∼	∼	∼	—	✓	—
Jailbreak detection	✓	—	∼	—	—	—	✓	—
Output sanitization (XSS, SQLi, SSRF)	✓	—	—	—	—	—	—	—
System prompt leakage detection	✓	—	—	—	—	—	—	—
Content policy filters per tenant	✓	—	∼	—	∼	—	✓	—
Deployment & Infrastructure
Air-gapped / on-prem deployment	✓	∼	—	✓	—	—	—	—
Zero-dependency standalone mode	✓	—	—	—	—	—	—	—
Multi-region active-active	✓	—	∼	✓	✓	—	✓	—
Kubernetes Helm chart + HPA	✓	✓	∼	✓	—	—	—	—
Hot config propagation (< 5s)	✓	—	—	∼	—	—	—	—
Observability
Prometheus metrics + Grafana dashboards	✓	✓	∼	✓	—	∼	∼	—
OpenTelemetry distributed tracing	✓	∼	∼	∼	—	—	∼	—
Per-tenant analytics	✓	∼	✓	—	—	✓	∼	—
Anomaly detection for traffic patterns	✓	—	—	—	—	—	—	—

DVARA vs LiteLLM →DVARA vs Portkey →DVARA vs Kong AI →DVARA vs Cloudflare →DVARA vs AWS Bedrock →DVARA vs Helicone →DVARA vs Bifrost →

Built For Your Team

Developers Love It. Compliance Requires It.

Every stakeholder gets exactly what they need from the same platform.

Developer

"I'm calling five LLM providers with five different SDKs and no fallback."

One endpoint. Drop-in compatibility. Route to any provider with automatic failover. Add streaming, rate limiting, and observability in minutes.

Platform Engineer

"12 teams calling LLMs directly. Agents hitting databases with no governance."

Two governed data planes, one control plane. AI gateway at the edge, tool proxy inside the perimeter. Adopt incrementally — add tool governance when agents go to production.

Compliance Officer

"Auditors want proof of what AI systems were used and that no PII was leaked."

Immutable audit trail with tamper-evident signatures. PII detected and redacted before reaching providers. Compliance evidence packages generated on demand.

CISO

"Developers are calling GPT-4 from their laptops. We have no idea what data is leaving."

Hard policy enforcement at the gateway. PII blocked before it leaves your network. Role-based access to authorised models only. Every request logged and auditable.

CFO / FinOps

"AI spend is $40K/month and we can't tell which team is spending what."

Real-time cost tracking per request. Budget caps that automatically enforce. Monthly chargeback reports. Smart caching reduces repeated token spend by up to 40%.

CTO

"We need the governance layer we'd build in 18 months — but we need it now."

Two governed data planes — AI at the edge, tools inside the perimeter — managed as one. Production-grade performance. Enterprise-ready from day one.

Get Started

Start Your Free 30-Day Trial

Full access to all features. No credit card required. Set up in under 60 seconds.

Request Trial Access

Get your trial API key and deployment credentials within minutes.

30-day trial · No credit card · Full feature access · Cancel anytime

Pricing

Simple, Transparent Pricing

Every plan includes the full platform. Pick the tier that matches your scale. No per-pod charges. No surprise invoices.

Included in every plan

✓Multi-provider unified API

✓Streaming + structured outputs

✓Intelligent routing + failover

✓Policy-as-Code engine + dry-run

✓Immutable audit trail

✓PII detection + redaction

✓SSO / RBAC / ABAC

✓MCP tool governance

✓Agent loop detection + kill switch

✓Cost engine + budget enforcement

✓Advanced routing (latency, cost, canary)

✓Human approval gates

✓Multi-region active-active

✓Air-gapped / on-prem deployment

✓Observability + metrics

✓Response caching

	Free Trial	Starter	Most PopularGrowth	Scale	Enterprise+
Tenants	Unlimited	1 – 3	4 – 20	21 – 100	100+
Token Ceiling	Unlimited	500M / month	2B / month	10B / month	Negotiated
Deployment	Self-hosted	Self-hosted	Self-hosted	Self-hosted	Self-hosted
Support	Community	Standard SLA	Standard SLA	Priority SLA	Dedicated SLA
Cloud Managed	Coming Soon	Coming Soon	Coming Soon	Coming Soon	Coming Soon
Volume Discounts	—	—	—	✓	✓
SaaS Reseller Licensing	—	—	—	✓	✓
Dedicated Success Manager	—	—	—	✓	✓
Custom Integrations	—	—	—	✓	✓
On-Site Onboarding	—	—	—	—	✓
Best For	Evaluate all features for 30 days	First production deployment. Single team.	Platform team governing multiple teams.	Large enterprise or internal AI platform.	Global enterprise. Financial services. Government.
	Start Free Trial	Talk to Sales	Talk to Sales	Talk to Sales	Talk to Sales

Add-On Modules

Compliance Pack

SOC2, HIPAA, GDPR evidence packages. EU AI Act engine. Scheduled report delivery. SIEM connectors. Right-to-erasure workflows.

Talk to Sales

Semantic Cache

Vector similarity caching. Configurable threshold per route. Cache hit rate and cost-avoided dashboards. Reduce repeated token spend by up to 40%.

Talk to Sales

See It in Action.
Start Your Free Trial Today.

Full access for 30 days. No credit card. Deploy in 60 seconds and see governance working on your first request.

Start Free Trial Talk to Sales

Everything You Need to Govern AI at Scale

Two Governed Data Planes. One Control Plane.

Built for Production Scale

Governance Is the Architecture, Not a Feature

Audit-Ready from Day One

How DVARA Compares

Developers Love It. Compliance Requires It.

Start Your Free 30-Day Trial

Simple, Transparent Pricing

Add-On Modules

See It in Action.Start Your Free Trial Today.

See It in Action.
Start Your Free Trial Today.