Control what your AI agent is allowed to do.

Your AI agent can send emails, move money, and reach the open internet — on its own. VENZX checks every action before it runs: allow it, block it, cap the spend, or pause for a human. One line of code, any framework.

See how it works

500 free checks·No card required·No subscription, no lock-in

A real verdict, in ~8ms

Human askedbefore the agent acted
POST /v1/inspect · stage=tool_callREVIEW
01Agent wants to run a tool
toolsend_email
tocustomer@acme.com
run_idrun_a1b2c3d4e5f6
high-risk action · spend so far $0.40 / $5.00 · ~8ms
02VENZX verdict
decision: needs_review

“send_email” needs human approval before it runs. The agent is paused and you’ve been pinged — it won’t send until someone says yes.

Proof recorded in a tamper-evident log

Sits in front of the tools you already build with

OpenAIAnthropicLangChainLlamaIndexCrewAILangGraph

Without a checkpoint, you're one bad turn away.

The more an agent can do on its own, the more there is to go wrong. None of these are hypotheticals — they're happening in production right now.

It burns your budget

A stuck agent loop can run up real money fast — one developer's hit $26 in a single turn. With no ceiling, nothing stops it from doing it again.

It acts without asking

A hidden instruction buried in a document or email is all it takes for an agent to fire off an email, hit an API, or delete something — no one asked, no one approved.

You can't prove what it did

When a customer asks “how do I know your AI didn't do something it shouldn't?”, a model gives you nothing to show. That silence can cost you the deal.

A bouncer in front of your agent.

Say which tools run freely, which need a human first, and a hard spend cap. VENZX decides before every action — and you get a signed receipt of each one.

terminal
$ pip install venzx
agent.py
from venzx import Venzx, Policy

vx = Venzx()
guard = vx.guard_for(policy=Policy(
  tools_allowlist=["search"],            # run freely
  tools_require_approval=["send_email"], # pause for a human
  max_tool_calls_per_run=20,           # circuit breaker
))

guard.tool_call("send_email", {...})  # -> ApprovalRequired: paused

A checkpoint on every action.

Your agent doesn't talk to the outside world directly. It goes through VENZX first.

01

The agent acts

It tries to send an email, call an API, or use a tool.

02

VENZX inspects

It checks the action against your rules, your spend cap, and your approval list.

03

Allow, block, or ask

Safe actions pass. Dangerous ones are stopped. Risky ones pause for a human to approve.

04

Log + alert

Every decision is recorded, and you're pinged the moment it blocks.

Three jobs. Done well.

Decides every action

You say which tools run freely. VENZX allows the safe ones and blocks the dangerous ones — before they happen.

Pauses for a human

High-risk actions — send, pay, delete — wait for a person to approve. You're pinged the moment one is held.

Caps the spend

A hard ceiling on calls and cost per run, so a runaway loop can't quietly burn through your budget.

Proof you can
actually trust.

Each entry in the log is sealed to the one before it with a fingerprint. If anyone edits or deletes a line — even an insider — the chain breaks and it shows. So the record of what your agent did is one you can stand behind.

Tampering on entry #1043 detected — the chain no longer lines up.

Start free. Pay only for what you check.

No subscription. Sign up free, get credits to try it, then top up when you need more. Stop one bad action and it's paid for itself.

Free to start
Everything you need to try it on a real workload.
500 free checks
no card required
  • Tool control & human approval
  • Spend caps & custom rules
  • Tamper-evident audit log
  • Works with any agent or framework
Try the live demo →

Credits are non-refundable except as required by law — see our Terms.

Questions, answered.

Will it slow my agent down?

Each check runs in a few milliseconds and happens in line with the action your agent was already taking, so in practice you won't notice it. Measure it on your own workload before you depend on a specific number.

Where does my data go?

VENZX runs as a hosted API. You send the action or text to be checked, it returns a verdict, and a record of the decision is stored so you can search and export it. Sensitive values are masked in what's stored — the log keeps proof of what happened, not the raw content itself.

Which frameworks does it work with?

VENZX sits at the point where your agent calls a tool or model, so it isn't tied to one framework. It's designed to slot in front of common stacks like LangChain, LlamaIndex, and CrewAI, as well as direct API calls.

How does pricing work?

Signing up is free and includes 500 free checks, no card required — enough to properly try it on a real agent. After that, you load credits whenever you want — for example $10 for 1,000 checks. No subscription, and credits never expire.

How exactly is the log tamper-evident?

Every entry carries a fingerprint of the entry before it, forming a chain. Changing or removing any past entry breaks the chain at that point, which is detectable. It doesn't prevent tampering — it makes tampering impossible to hide.

Ship your agent without holding your breath.

One line of code. 500 checks free, no card. It fails open by default, so an outage can never take your app down — and you can pull it out just as fast if it's not for you. The only risk is shipping without it.

Free to start·No card required·Set up in one line

VENZX — Control what your AI agent can do