Skip to content
Kaldros
Book a demo
Platform

Three layers. One promise: we kept the receipt.

Kaldros sits between your agents and the tools they reach for. It captures the request and the response, writes both into an append-only hash chain, and keeps that chain cryptographically attestable for as long as your framework demands.

01 · Intercept

Between your agent and anything it touches.

Deploy as an MCP gateway, a language SDK in your app, or a straight HTTP endpoint. Calls go through Kaldros in-line (enforcement) or side-channel (observation) — your call per environment.

  • MCP server: drop into your agent runtime, zero app changes.
  • SDKs for Python, TypeScript, Go; OpenTelemetry-compatible trace propagation.
  • Synchronous policy enforcement with block / allow / redact outcomes.
  • Asynchronous capture for dev and staging with no latency tax.
  • On-prem deploy option for regulated institutions.
02 · Record

Append-only. Hash-chained. Timestamp-attested.

Each event is canonicalized (RFC 8785-style), SHA-256 hashed, and linked to the previous event for the workspace. Every fifteen minutes the chain head is published to an RFC 3161 trusted timestamp authority and countersigned into our public log.

  • SHA-256 content hash + linked chain hash, per org.
  • Canonical JSON serialization — deterministic across runtimes.
  • TSA-signed timestamps every 15 minutes; on-chain anchor nightly.
  • Events are immutable at the storage layer — Postgres WORM model.
  • Classification tags (PII / PHI / PCI / sensitive) indexed for retrieval.
03 · Prove

Evidence packs your auditor can verify without us.

One click exports a pack: a signed PDF summary, a machine-readable JSON bundle, and the raw slice of the chain. Your auditor runs our open verifier and arrives at the same hash — without calling us.

  • Signed PDFs, per framework, with cited controls and sampled evidence.
  • JSON manifest with checksums for every file in the pack.
  • Offline verifier tool (open source) that re-computes the chain.
  • Redaction workflows that preserve hash validity.
  • Legal hold, retention policies, and purpose-limited access by role.

The whole platform, under a CISO's desk by Monday.

Book a demoRead the docs