RelayOne · governance plane for AI · v1.x

Know where every AI request goes. Decide where it can.

RelayOne sits in front of every AI call your company makes. It tags where the request came from, where it is going, and what it is allowed to carry. It can rewrite, reroute, or block in flight without breaking the workflow that triggered it.

For compliance leads · platform engineers · heads of AI

Use one governance layer to decide who can use which model, which requests stay in-region, which prompts are rewritten inline, and which calls must be rerouted to an internal agent instead. The proof trail lives in the application and database layer, so the guarantees hold in cloud, on-prem, sovereign, and air-gapped deployments.

01Sovereignty trackingevery request tagged with origin, destination, residency
02Employee AI accesswho can use which model, for which tasks, at what spend
03Network rerouteredirect unsafe calls to internal R1 agents in-flight
04Identity + commerceTrueCom-signed receipts for every agent transaction
See the tamper-resistance chain
See pricing →
Deployment postures
4 · cloud · on-prem · sovereign · hybrid
Control surfaces
9 · sovereignty · identity · network · commerce
Air-gap mode
0 cloud dependencies
Compliance path
SOC 2 Type II in progress
What you control · 02

Four things you can finally answer “yes” to.

🌎 Where did that request go? Every call is tagged with origin region, destination, and residency policy before it leaves the gateway. Cross-border flags surface in real time. In-region-only overrides, sovereign reroutes, and air-gapped deployments keep the same request trail. 9-node tracking chain · see sovereignty → /governance/sovmap/
👤 Who can use which model? Per-user scopes, per-team budgets, and per-category allow, reroute, rewrite, or block decisions. Identity is signed into every session, so every AI request carries the team, user, and policy bundle that made it legitimate. SSO + SCIM · see identity → /features/access/
🔀 What if the request should not leave? ContextWorkers strip PII inline. Sensitive calls reroute to internal R1 agents or sovereign endpoints without breaking the employee flow. Unsafe data never leaves the governed path, but the employee still gets an answer instead of a dead end. inline rewrite · see policy → /features/policy/
✍️ Did that transaction actually happen? Every governed action leaves a signed receipt that ties audit and commerce to the same chain of evidence. TrueCom rails, ed25519 receipts, and replayable evidence make it possible to prove what happened after the fact without reconstructing the day from logs. TrueCom rails · see receipts → /evidence/
The shape of the problem

AI showed up at work. Nobody asked permission.

Right now, somewhere in your company, a support rep is pasting a customer transcript into a chatbot. An engineer is handing a database schema to a public model. A new hire just signed up for their fourth AI tool with a company card.

None of them are trying to cause a problem. They’re trying to get their work done. The real issue is there’s no sensible middle ground between “block everything” and “hope for the best.” RelayOne is that middle ground.

Composite based on customer interviews — not attributed quotes.

“I have no idea how many AI tools our people are actually using, and I’m the one who signs the compliance letter.”
CISO · healthcare, 2,400 staff
“Legal keeps asking if customer data is going to public models. I can’t honestly say no and I can’t honestly say yes.”
VP Engineering · fintech, series C
“The board wants the efficiency wins from AI. The board also wants zero leaks. Both, please. By Q3.”
CFO · manufacturing, public
01 · outcome
Your data stops walking out the door.
Sensitive text — customer records, code, contracts, anything you care about — gets caught before it leaves. Rewritten, rerouted, or blocked. Quietly, in the background, while people keep working.
what the CISO gets · answer for legal
02 · outcome
Employees keep the productivity, without the risk.
When a tool is unsafe, RelayOne swaps in an internal one mid-request. The employee gets an answer. You get a record of what was substituted and why. Nobody gets told “no.”
what your teams feel · nothing changes
03 · outcome
One place to see every AI thing, finally.
Who used which model, for what, at what cost, with what data. One screen. Search by person, team, or policy. The answer to “what are we actually doing with AI?” stops being a guess.
what the CFO gets · one number
04 · outcome
Audit-ready without a month of scrambling.
The evidence is assembled continuously, not written up the week before the audit. Download a signed bundle. Hand it to a regulator. The paperwork is already done.
what the board gets · confidence
§ demo 01 / 07
Tamper resistance · live

Every step signs the previous step’s signature.

This chain is the structural proof behind RelayOne. A request can pass through nine nodes and you can prove afterward exactly what each node did. Break any link and the rest stops verifying.

tamper-resistance · 9 nodes · 0 cloud dependencies hash · signature · lookup · anchor
Nine nodes. Each one lives in your application or database. Toggle cloud off — nothing changes.
Nine nodes. Zero cloud dependencies. Every guarantee holds in the app and DB layer.
A day, before and after

Same people. Same work. Different ending.

You don’t need to understand the plumbing to understand the change. Four ordinary moments, on either side of switching RelayOne on.

Tuesday · 10:47 AM
Before · without governance What actually happens today.
MA
Maya · support tier 2
“I’ll just paste the whole ticket into ChatGPT, it’s faster than writing the reply from scratch.”
3 customer emails · a billing reference · gone
JC
Jordan · senior engineer
“The model needs the schema to answer. I’ll drop it in and clean up the response.”
Production schema · in a US-hosted public model
CF
The CFO
“Finance says AI spend is ‘somewhere around’ $40K this month. Across how many tools? We think six.”
Six shadow subscriptions · zero budget owner
AD
Auditor, 9 AM Monday
“Can you show me, for the last quarter, every AI system that touched personal data?”
Three weeks of scrambling starts here
After · with RelayOne The same moment, governed.
MA
Maya · support tier 2
“I pasted the ticket. I got my answer. I didn’t do anything different.”
Customer names rewritten inline · she never saw it happen
JC
Jordan · senior engineer
“The model answered. Didn’t even notice it was the internal one.”
Schema stayed in-house · request rerouted in 46 ms
CF
The CFO
“One dashboard. Spend by team. Spend by model. I know exactly where the $40K is going.”
One number · one owner per line
AD
Auditor, 9 AM Monday
“Here’s the signed evidence bundle for Q1. Everything’s in it.”
Download · hand over · done before coffee
§ demo 02 / 07
Where it runs · 02 / 07

Four postures. Same product. Same guarantees.

Most governance products have an on-prem mode that's missing half the features. RelayOne's architectural bet means the feature set is identical across postures. Compare your posture to a cloud-dependent stack.

architecture · current posture HYBRID
Highlight for:
Capability
Cloud-dependent governance stack
RelayOne, any posture
Breaks in any posture missing a cloud.
Works in every posture. Same guarantees everywhere.
§ demo 03 / 07
Sovereign traffic · 03 / 07

See where your AI traffic actually goes. Then close the borders.

Every LLM request is a packet crossing a network. Most organizations can't name which ones leave their boundary, which carry private data, and which could be served by internal infrastructure. RelayOne maps the flow, classifies by destination, and — on demand — locks egress and reroutes through RelayGate with PII redaction.

Live · Observe
Requests / min
0
starting…
LLM data egress
0
unrestricted
Sovereign inference
0
internal route
§ demo 04 / 07
Operations · 04 / 07

Manage a RelayGate fleet as one object.

Deploy policy updates atomically across tenants. Rotate credentials through the vault. Watch deployment status across regions. RelayOne's control plane treats every RelayGate instance as part of a coordinated fleet.

acme · production · 9 instances · 5 tenants policy v2.3.1 · rolling
Fleet map regions × instances
Policy deployments last 7 days
Credential rotations signed chain events
Tenant health 24h · evidence · health
Fleet is one object. Policy deploys atomically. Rotations are signed events in the chain.
A breath, in plain English

Everything above, translated.

If the demos start to blur, here’s the through-line. Every arrow, every packet, every policy box exists to deliver three promises — worded for the people who have to sign off on them.
01 promise · to your board
No private data leaves the building—even when your employees try to send it.
RelayOne sits between every employee and every AI model. If the request contains something it shouldn’t, we rewrite it, reroute it, or stop it. The employee doesn’t have to remember a policy. You don’t have to trust they did.
replaces“please don’t paste that” witha wall that does it for you
02 promise · to your CFO
You see the whole AI bill. On one page.
Every model, every team, every dollar, every shadow subscription. One screen, with controls. Route to cheaper tiers automatically. Cap a budget by team. Retire the six duplicate contracts nobody knew you were paying for.
replaces“somewhere around $40K” witha line item, owned
03 promise · to your auditor
The paperwork is already done.
Every decision — every allow, reroute, rewrite, or block — is signed and filed the moment it happens. When an audit shows up, you hand over a signed bundle. You don’t spend three weeks building one.
replacesa Monday of scrambling witha download, a handoff, coffee
What this actually means · your data stays yours your people stay productive your spend stays visible your audits stay boring
§ demo 05 / 07
Reroute engine · 05 / 07

Watch an unsafe AI call get rewritten and rerouted to internal infrastructure.

A request leaves your network headed for a public provider. RelayOne identifies the agent, inspects the payload shape, strips the PII, and redirects the call to an internal R1 agent running inside RelayGate. The employee's workflow keeps running. The sensitive data never leaves. This is what "safe AI use" means operationally.

scenario Engineering agent calls GPT-4o with production DB schema
public / untrusted destination
employee · engineering j.chen · agent-session POST /v1/chat · 2.4KB
public provider gpt-4o · openai-us cross-border · $0.032/1K
RelayOne · gateway inline evaluation · app-layer chain
ingress identity sovereignty payload-scan policy reroute commerce evidence
internal / sovereign destination
RelayGate ContextWorker PII rewrite · cred inject
R1 · STOKE inline agent traced · on Heroa
Veritize output check drift · hallucination
sovereign endpoint claude-sonnet · EU in-region · TrueCom-signed
TrueCom receipt signed · settled
Final verdict
Data exposure
Signed receipts
Evaluation
Every decision in this animation corresponds to a real policy primitive.
§ demo 06 / 07
Employee AI access · 06 / 07

See exactly who is using which model, for what, right now.

Every employee session, every agent, every internal tool call is an object in RelayOne. Per-user policy sets. Per-team budgets. Per-category allow/reroute/block. Network telemetry, identity, and commerce on a single timeline you can actually act on.

live · updating sample dashboard · illustrative
Active sessions
247
Rerouted to internal
38
Blocked
4
PII rewritten
62
Month spend after RelayOne
$12,430
§ demo 07 / 07
Board-ready · 07 / 07

Evidence that compiles into a deliverable.

Toggle the components you need. RelayOne assembles the evidence bundle: audit chain snapshot, policy decision log, fleet configuration digest, deployment provenance, signed receipt archive. Download a PDF. Or pass a signed bundle to your auditor.

evidence-assembler · every component is a real artifact bundle compiles on demand
What's rare here

Five things that don't exist in the rest of the governance market.

Not features. Specific architectural decisions that make RelayOne deployable where most governance products cannot go.

01

Tamper-resistance without a cloud dependency.

Every other AI governance product relies on the cloud provider for the audit backstop: CloudTrail for the event log, KMS for key custody, S3 for retention, cloud-provider IAM for authorization. RelayOne carries its own chain end-to-end in the application and database layer. Turn off the cloud. The guarantees hold. This is why air-gapped, sovereign, and regulated deployments are possible.

02

Flow-level governance, not payload inspection.

RelayOne governs on request shape, origin, destination, metadata, and policy context, not on prompt content. Your customer data stays in the request path. The governance layer evaluates flow properties without needing to see the payload. Sovereignty rules and compliance guarantees hold without adding a data-inspection surface.

03

Deployment control and compliance reporting in one product.

Most organizations run two products: one for fleet deployment and credential rotation, one for compliance reporting and audit. They drift. RelayOne runs both surfaces on the same substrate. Deploying a policy updates both the enforcement plane and the evidence surface atomically.

04

Evidence bundles that compile into a deliverable.

Most audit tools produce a CSV export. RelayOne produces a structured bundle: the audit chain snapshot, the policy decision log, the fleet configuration digest, the deployment provenance, the signed receipt archive. Assembled on demand, rendered as a PDF or passed as a signed bundle. Your auditor reads a deliverable, not a dump.

05

Policy evaluated inline at every phase.

The request lifecycle has clear phases: ingress, identity resolution, scope check, budget check, sovereignty gate, dispatch, response, evidence emit. RelayOne evaluates policy at each phase. A sovereignty violation at the dispatch phase blocks the dispatch; an identity check failure at the start blocks everything. Policy is not a log reader. Policy is a gate function evaluated before action.

Each claim corresponds to a live product mechanic. Security posture details on /security.
The full portfolio

RelayOne is the gateway. The suite is what makes it powerful. In development

Hover any tile to trace the paths. Click a composition below to highlight exactly which products cooperate to solve a specific control problem.

Status (Q3 2026 roadmap): RelayOne ships as a standalone gateway today. The "RelayOne in front of R1", "RelayOne reroute through Veritize", and "TrueCom DID issuance at tenant provisioning" compositions shown below are on the integration roadmap; cross-product control-plane wiring lands progressively. Fleet governance (RelayOne → RelayGate hot policy reload) is partially wired today. Concepts & status →

Gatewayflow governance · sovereignty · identity · evidence
RelayOne
Gateway, router, firewall for every AI call your company makes. Sovereignty tracking, fleet governance, board-ready evidence.
relayone.ai →
Middlewareprogrammable per-request logic · PII · rewrite · inline agents
RelayGate
ContextWorkers: inline scripts, PII scrub, credential injection, response shaping, inline R1 execution inside a single request.
relaygate.ai →
TrueCom
Agent commerce substrate. Discovery, identity, trust, settlement, disputes, signed receipts. OSS protocol, owned rails.
truecom.ai →
Trust + infoverification · grounding · drift · hallucination
Veritize In stealth
Output verification, drift tracking, hallucination detection. Consensus scoring across sources. Evidence attached to every decision. Public access pending.
veritize.app →
DeepTap In stealth
Agent-native search. Configurable depth. Private knowledgebase for on-prem grounding. Hybrid public + private modes. Public access pending.
deeptap.ai →
Runtimeagents · terminals · managed fleets
R1 + STOKE In stealth
Full agent framework. 10-role harness. Content-addressed ledger. Every thought, skill, tool call is auditable. Apache 2.0. Public access pending.
r1.run →
CloudSwarm / CanadianClaw
Managed R1 environment. Template automations. Sovereign BC/Quebec instance (CanadianClaw) for Canadian data residency.
cloudswarm.app · canadianclaw.ca →
CodeR1 In stealth
Long-lived parallel coding terminals on R1. Multiple concurrent agent sessions, mission-control surface. Public access pending.
coder1.app →
Heroa In stealth
Managed agent execution hosting. Ephemeral and long-lived. The substrate under every agent workload in the portfolio. Public access pending.
heroa.ai →
Compositions ·

RelayOne, RelayGate, Heroa, TrueCom, CloudSwarm, and CanadianClaw are commercial. R1 + STOKE is Apache 2.0. The substrate is open. The gateway is what ties it together.

Pricing

Three tiers. Plus on-prem when you need it.

Full pricing and feature matrix on /pricing. Quick preview below.

Team
For teams running AI in production with compliance requirements.
Contact for pricing
  • Up to 5 RelayGate instances managed, standard policy library
  • Weekly evidence bundles, email and community support
  • SOC 2 controls (when available at GA)
Start trial
most popular
Enterprise
For organizations with multi-region or multi-tenant AI deployments.
Custom · contact sales
  • Unlimited RelayGate instances, custom policy library, SSO, SCIM
  • On-demand evidence bundles, dedicated success engineer
  • SLA, quarterly compliance review
sovereign
On-prem
For air-gapped, sovereign, or regulated deployments.
Custom annual contract
  • Fully on-prem deployment, no cloud dependency
  • Tamper-resistant guarantees in app and DB layer
  • Sovereign region options (BC Canada available via CanadianClaw deployment)
Developer preview
Kick the tires. One workspace, one RelayGate instance.
Free while in early access
  • Single workspace, 1 RelayGate instance
  • Chain-verified evidence reports (preview quality)
  • Community support, GA migration path
Request access

See full comparison on /pricing. On-prem and sovereign details on /on-prem.

Two paths. Pick one.

Walkthrough if you want to see it run. Sovereign consultation if you already know on-prem is on the table.

30 minutes · walkthrough

Book a walkthrough.

We show the tamper-resistance chain, the fleet control plane, and the evidence bundle assembly on your actual use case.

45 minutes · sovereign

Book a sovereign consultation.

For regulated, air-gapped, or sovereign deployments. We cover architecture, deployment, and contractual structure.