Approve. Audit. Prove.
Regulated teams don’t adopt AI agents for what they can do — they adopt them once they can prove what they did. MachineCraft puts a human in the loop, a record behind every action, and the whole system inside your perimeter.
Three questions every compliance team asks.
Most AI platforms can’t answer them — a visual builder can’t govern an agent, and an agent framework can’t prove a thing to an auditor. MachineCraft is built around all three.
Will it act without sign-off?
BETAMark any step critical and the agent pauses for a human reviewer before it proceeds — with the approval captured against the reviewer’s identity.
Can you prove what it decided?
SHIPPEDEvery decision, state transition, credential access, and approval lands in an audit trail — who triggered it, what it decided, who approved it, when, and why.
Will it stay in our perimeter?
SHIPPEDThe runtime needs no connection back to the design environment. Deploy the same artifact to cloud, on-prem, or fully air-gapped — your perimeter, your call.
A human signs off before anything critical happens.
Human-in-the-loop approval gates put a reviewer in the path of any decision you choose. The agent doesn’t act on a critical step until a person has seen what it decided and said yes — and that sign-off is bound to their identity in the record.
- 01
Mark a step critical
Flag any node in the agent as an approval gate while you design it.
- 02
The agent pauses
When it reaches the gate, execution stops before the action runs.
- 03
A reviewer is notified
The right human is alerted that a decision is waiting on them.
- 04
They inspect the state
The reviewer sees what the agent decided and why before acting.
- 05
Approve, reject, or modify
The reviewer’s call — and their identity — is recorded against the action.
- 06
It resumes, logged
The agent continues, with the full decision captured in the audit trail.
Shipping in beta. The approve / reject / modify flow is functional and demoable today, and reads checkpointed agent state. Durable, cross-restart execution is on the roadmap — not in yet — so an in-progress approval won’t survive a restart.
A record behind every decision.
Every agent run writes a complete, traceable trail — built on SOC 2 Type I aligned infrastructure, not bolted on after the fact. When an auditor asks what happened, the answer is already written down: who triggered it, what it decided, who approved it, when, and why.
- Agent decisions and the reasoning behind them
- State transitions across every step
- Credential and external-service access
- Human approvals, with reviewer identity and timestamp
Compliance infrastructure, built in.
The controls regulated teams check for are part of the platform, not a future promise. Here’s what holds the trail together.
- ENCRYPTION
- Fernet · AES-128-CBC
- CREDENTIALS
- 18 providers, encrypted at rest
- AUDIT
- Action-level audit log
- COMPLIANCE
- SOC 2 Type I aligned
- STANDARDS
- ISO 27001 · 27017 · 27018 aligned
- DEPLOYMENT
- Cloud · on-prem · air-gapped
- PERIMETER
- No phone-home runtime
- SSO · 2FA
- On the roadmapSOON
Aligned, not yet certified. SOC 2 Type I and ISO 27001 / 27017 / 27018 alignment describe how the platform is engineered; formal certification, along with SSO and 2FA, is on the roadmap.
From audited to provable.
Today’s audit trail records what an agent did. We’re building a governance layer — Machinaut — that records why: the full epistemic chain from observation to outcome, so every decision is replay-grade, not just logged.
- Observations
- Claims
- Evidence
- Beliefs
- Decisions
- Actions
- Outcomes
You keep the keys
Deploy-anywhere parity carries over: the chain can stay inside your perimeter, and you hold the runtime and the approver keys. Governance doesn’t mean handing your data to anyone.
MachineCraft builds agents. Machinaut lets you trust them.
Machinaut is a separate product in active development, not yet part of MachineCraft. This is the direction trust is heading — a roadmap moat, not a shipped feature.
Builds the company and the platform behind it.
The platform for building enterprise AI agents and workflows.
The governance layer being built to make every decision provable.
Where teams will reason with models together.
Straight answers on stage and scope.
We’re in private beta and we say so. Here’s where things actually stand.
- Is MachineCraft SOC 2 certified?
- MachineCraft is built SOC 2 Type I aligned and aligned to ISO 27001, 27017, and 27018 — the controls describe how the platform is engineered. Formal certification is on the roadmap; we don’t claim certifications we don’t yet hold.
- Are the Agent Engine and approval gates production-ready?
- They’re shipping in beta. The approve / reject / modify flow is functional and demoable today, and reads checkpointed agent state. Durable, cross-restart execution is on the roadmap — so an in-progress approval won’t survive a restart yet. We label this everywhere rather than overstate it.
- Can we run it fully air-gapped?
- Yes. The runtime is independent of the design environment and needs no connection back to it. The same container image deploys to public cloud, private cloud, on-prem, or air-gapped networks with env-var differences only — your compliance perimeter is never a blocker.
- What is Machinaut?
- Machinaut is the governance layer Machinise is building to make every agent decision provable — recording not just what an agent did, but what it believed and why. It is in active development and is not yet part of MachineCraft. We present it as direction, not a shipped feature.
Put AI agents in production you can stand behind.
Join the private beta and be among the first teams to run agents that approve, audit, and prove.