61 days until EU AI Act enforcement — start today

Start free.
Scale when you need it.

Open-source core covers 95% of teams. Lua Governance Cloud adds fleet analytics, RBAC, and multi-tenancy for regulated industries.

Open SourceMIT License
Freeforever
$npm i governance-sdk
  • Core policy engine13 condition types
  • Before-action enforcement
  • HMAC audit trailopt-in via createIntegrityAudit()
  • 7-dimension scoring
  • Kill switchpriority 999, per-process
  • Injection detection54 patterns (regex F1 ≈ 0.48)
  • EU AI Act mappingself-assessment, 6 articles
  • Framework adaptersMastra, Vercel AI, LangChain, OpenAI Agents, Anthropic, Genkit, LlamaIndex, Mistral, Ollama + MCP & Bedrock
  • PostgreSQL + in-memory storage
  • 1,328 tests, 0 deps
  • RBAC
  • Multi-tenant isolation
  • Fleet analytics
  • Policy templates
  • Priority support
ProMost popular
$12/ agent / month

per registered agent · billed monthly

  • Everything in Open Source
  • RBACrole-based access control
  • Multi-tenant isolationnamespace-isolated per tenant
  • Fleet analyticsenforcement rates, score trends
  • Policy templatesfintech, healthcare, SaaS presets
  • Policy suggestion engineagent-type-aware recommendations
  • Org management
  • Slack alertsenforcement events + kill switch
  • Priority support< 24h response
  • Unlimited saved policies
  • 90-day audit retention
  • Compliance reports
  • On-premise deployment
  • Dedicated CSM
EnterpriseFor regulated industries
Customcontact us
Contact sales
  • Everything in Pro
  • Unlimited agents
  • On-premise deploymentair-gapped environments
  • Compliance reportsEU AI Act self-assessment export
  • Custom policy conditionsextend the engine
  • Dedicated CSM
  • Custom uptime commitmentson annual contract
  • SOC 2 Common Criteria policy templatesaligned with CC6/CC7/CC8
  • SSO / SAML on Lua-hosted cloudself-hosted uses your own IdP
  • Security review
  • Training & onboarding
  • Custom integrations

All tiers include the full open-source SDK (MIT). Lua Governance Cloud is the hosted product — connect via serverUrl + apiKey on createGovernance(). Self-host bundle available for Enterprise.

Common questions

Is the core SDK really free forever?

Yes. governance-sdk core is MIT licensed and will always be free and open source. Lua Governance Cloud is the hosted product that adds team features (RBAC, multi-tenancy, distributed kill switch, ML detection, compliance reporting) on top of the open core — connect via serverUrl + apiKey on createGovernance().

What counts as an 'agent'?

Any registered agent in your fleet — a unique gov.register() call with a distinct name and owner. Static scripts that don't call gov.register() don't count.

Do I need Pro for EU AI Act compliance?

No. The free tier includes all 6 EU AI Act article mappings (Articles 9, 11, 12, 14, 15, 50), HMAC audit trails (Article 12), policy enforcement (Articles 9/15), and human oversight gates (Article 14). Pro adds compliance report exports.

Can I self-host the Cloud features?

Yes. Lua Governance Cloud is available both hosted (heygovernance.ai) and as a self-host bundle for Enterprise tenants. You deploy it on your own infrastructure, run it in your own cloud account. Contact us for the self-host artifact. No SaaS lock-in.

What frameworks are supported?

First-class adapters for the major JS agent frameworks: Mastra (middleware + processor), Vercel AI SDK, OpenAI Agents, LangChain, Anthropic, Genkit, LlamaIndex, Mistral, Ollama — plus MCP (build governed MCP servers) and Bedrock (entry-gate). Every adapter ships pre-scan, post-scan, streaming, and tool-call governance. Python and other languages: call the REST API directly. Rolling your own takes under 50 lines.

Start governed in 5 minutes

Open-source core. No account, no API key, no lock-in.

$npm i governance-sdk
Read quickstart →