Comparison

governance-sdk vs the alternatives

Inline enforcement is different from a gateway proxy, different from observability, and different from offline evals. Here's exactly how we compare — strengths, weaknesses, and who each tool is actually for.

The key architectural distinction

Inline (before execution)

Policy runs in the same process, before the tool executes. No network round-trip. Cannot be bypassed. governance-sdk model.

Gateway proxy (perimeter)

Requests route through an external service. Adds ~5–50ms network round-trip. Can be misconfigured around. Runlayer model.

Observability (after the fact)

Watches what agents do and reports it. Doesn't block anything. Useful for debugging. AgentOps / Braintrust model.

Competitor breakdown

RunlayerAPI Gateway$11M SeedEnterprise MCP security gateway

Strengths

+Strong SOC 2 / HIPAA credentials
+MCP co-creator advisory
+Unicorn customer logos

Weaknesses

−Proxy adds network latency
−MCP-only — not framework-native
−No agent scoring or fleet analytics
−Doesn't deploy agents — security wrapper only

Best for

MCP-heavy enterprise teams that need a standalone security perimeter

AgentOpsObservabilityYC W24Observability for AI agents

Strengths

+Great session replay UX
+Multi-framework support
+Easy to instrument

Weaknesses

−Observability only — watches, doesn't block
−No policy enforcement
−No audit chain integrity
−No injection detection

Best for

Teams that need visibility before they need enforcement

BraintrustEvaluationSeries AAI evaluation and logging

Strengths

+Best-in-class eval workflows
+Human feedback collection
+Good dataset management

Weaknesses

−Evals run offline — not before execution
−No runtime enforcement
−No compliance module
−No kill switch

Best for

Teams building evals and collecting ground truth for model fine-tuning

Custom middlewareDIY—Build your own enforcement layer

Strengths

+Full control over logic
+No external dependency
+Can be tailored exactly

Weaknesses

−Months of engineering time
−No audit chain out of the box
−No injection patterns library
−No compliance mapping
−Maintenance burden

Best for

Large platform teams with dedicated infra engineers and 6+ months runway

Feature matrix

Feature	@lua/gov	Runlayer	AgentOps	Braintrust	DIY
Inline enforcement (before execution)	✓	✗	✗	✗	~
Zero runtime dependencies	✓	✗	✗	✗	~
In-process enforcement (no network)	✓	✗	n/a	n/a	~
64+-pattern injection detection	✓	✓	✗	✗	~
HMAC-chained tamper-evident audit	✓	✗	✗	✗	~
Agent governance scoring (L0–L4)	✓	✗	✗	✗	✗
EU AI Act compliance module	✓	✗	✗	✗	✗
Kill switch + fleet revive	✓	✓	✗	✗	~
Mastra / Vercel AI SDK adapters	✓	✗	✓	✗	~
LangChain + OpenAI Agents SDK	✓	✗	✓	✗	~
Enterprise RBAC + multi-tenancy	✓	✓	✗	✗	~
Open source (MIT)	✓	✗	✓	✓	✓
Free tier	✓	✗	✓	✓	✓

✓ supported✗ not supported~ partialn/a — not applicable

Try it in 2 minutes

Inline enforcement. Zero dependencies. MIT license. Start free.

npm install governance-sdkQuickstart →