ifivo is the runtime control plane for AI agents. It routes agent actions through a gateway that enforces deterministic policies, sends high-risk actions to human approvers, and provides an instant kill switch, with audit-grade logs.

How do I connect ifivo to ChatGPT, Claude, or Gemini?

ifivo exposes an MCP (Model Context Protocol) server at https://www.ifivo.com/api/mcp. Add it as a custom MCP connector in ChatGPT, Claude Desktop, or Gemini with your org API key as a Bearer token. Full copy-paste config is at https://www.ifivo.com/docs/mcp and https://www.ifivo.com/integrate.

How does the Agent Gateway work?

Your agent POSTs intended actions (vendor, action, amount_cents, metadata) to https://www.ifivo.com/api/gateway/actions with the agent's sk_live_ API key. ifivo evaluates policies and returns allow, require_approval, or block. Block-wins precedence applies when multiple policies match.

Is ifivo non-custodial?

Yes. ifivo never holds your money or credentials. It sits in front of the tools your agents already use (Stripe, AWS, ad platforms, OpenAI) and returns an allow/deny decision. Your systems execute the action.

What MCP tools does ifivo expose?

list_agents, list_transactions, list_pending_approvals, approve_transaction, deny_transaction, engage_org_kill_switch, release_org_kill_switch, quarantine_agent, create_policy, summarize_today.

Free 30-day agent audit

What would ifivo have stopped last month?

Upload 30 days of agent activity — OpenAI logs, LangSmith exports, or a JSONL of tool calls. We replay every action through our runtime guardrails and show you what would have blocked, paused for approval, or tripped a prompt-injection signal. No signup. No credit card. Nothing stored past 30 days.

Private link, 30-day auto-delete Results in seconds No signup

Your log file

JSONL up to 10 MB. One JSON object per line. OpenAI chat completions export or generic gateway shape.

Click to upload or drag a file here.

JSONL · up to 10 MB · no binaries

Log format

Policy pack to evaluate against

Email (optional)

Company (optional)

We use these only to send you the report link if the tab closes. We don't add you to a drip campaign. Promise.

Uploads encrypted at rest. Auto-deleted after 30 days.

How the audit works

Three steps. The same policy engine that runs in production.

1 · Upload your log

Drop in an OpenAI chat completions JSONL export, a LangSmith trace dump, or any JSONL where each line is one agent action. Up to 10 MB (roughly 50k actions) per upload.

2 · Pick a policy pack

Three curated starter packs: Production-ready (spend caps, velocity, new-vendor gating), Prompt-injection defense (exfiltration, first-contact, high-confidence-attack block), and Financial services (conservative ceilings, off-hours gates, PII logging).

3 · Read your report

Every action replayed, classified as allow / approve / block, and scored for prompt-injection signals. Shareable link for your security review. No surprises, no hand-waving — every decision cites the exact rule that fired.

What the audit surfaces

The kinds of findings teams tell us were worth the upload.

Spend and action-shape blast radius

How many refunds, charges, or outbound API calls would have been paused for approval. How many would have been hard-blocked. How many hit your daily-spend cap and then kept firing. The number that surprises most teams: how much of it there is.

Prompt-injection-shaped signals in your traffic

Our deterministic detector scans tool outputs, retrieved documents, and support tickets for 15+ injection patterns — instruction-override phrasing, ChatML role markers, egress imperatives, credential-harvest asks, zero-width-char payloads. You see the exact strings and where they came from.

First-contact gaps

The first time an agent wrote to a vendor or recipient. The first new email address it contacted. The first unusual TLD. This is where post-compromise exfiltration starts, and most teams have zero visibility into it today.

Off-hours and velocity anomalies

Actions firing at 3am local, rapid bursts of similar calls, rolling 24h spend exceeding your intended ceiling. The report shows the hour-of-day histogram and the top 20 highest-velocity windows.

A short, honest note about what this audit is and is not.

What it is: a free, self-serve replay that shows you the shape of your agent traffic against a curated starter pack. It runs on the same deterministic policy engine we run in production. No LLM guessing at what your policies “probably should be.”

What it isn't: a pentest, a SOC 2 attestation, or a guarantee that your agents are safe today. It's an honest first look. If it surfaces something alarming, good — that's the point. If it surfaces nothing, also good. Either way, you know more than you did this morning.

Your data: uploaded files are stored encrypted, tied to a one-time share slug, and auto-deleted after 30 days. We don't log prompts or completions to our analytics. We don't train anything on your data — we don't train anything, period.

Audit FAQ

Questions prospects ask before uploading.

What file formats do you accept?

OpenAI chat completions JSONL (including the Responses API shape), and generic JSONL where each line is one agent action with fields like vendor, action, amount_cents, destination, and payload_text. LangSmith trace exports work if you run them through a simple conversion — we document the shape on the upload form. We do not accept binary or zipped archives yet.

How is this different from your shadow mode?

Shadow mode is live — you wire the SDK, traffic flows in real time, policies run in observe-only. The audit is a one-shot replay of historical data you already have on disk, with no integration work. Shadow mode is the right answer if you are ready to integrate; the audit is the right answer if you want a 10-minute read on whether to bother.

Will the audit detect a prompt-injection attack in my logs?

It will detect injection-shaped patterns — the strings attackers use in the wild — with a deterministic 15-pattern scanner and a calibrated score. It will not tell you whether an attack succeeded; only whether the raw materials of one were present in your tool outputs, retrieved documents, or user messages. A high score is a strong signal to investigate; a zero score is not a guarantee of safety.

What does “runtime guardrails” mean vs. NeMo Guardrails or Guardrails AI?

Libraries like NeMo Guardrails and Guardrails AI run inside the model call — they filter content before it reaches the user. ifivo runs after the model decided, at the tool-call edge: it decides whether the action executes at all. Both layers are useful; they solve different problems. The audit focuses on the action layer because that's the one tied to dollars, data, and compliance.

Do I need to be a customer?

No. The audit is fully self-serve and free. You don't create an account, you don't pay anything, and you don't have to talk to us. If you want help reading the report or want a pack tuned to your specific policy, book a call — but that's optional.

Can I share the report with my CISO?

Yes. Every run has a private, unguessable URL. Send it to anyone — they can read the full decision breakdown in the browser with no signup. The link stops working after 30 days.

Ready to see what last month looked like?

Scroll up, drop in your log, and let the policy engine do its work. If you want the full control plane — live enforcement, Slack approvals, kill switch, SSO-grade audit log — start free or read how it integrates.