Skip to main content
Ovra
[ CONTROL · PRIVATE BETA ]

Guardrails that enforce, not just advise.

Every charge an Ovra agent attempts is evaluated against a declarative policy before authorization— outside the agent's runtime, memory, and reach.

Join the private betaRead the docs
policy.jsonSCHEMA
{
"name": "vendor-spend",
"perTransactionMax": "€500",
"dailyMax": "€1,000",
"monthlyMax": "€15,000",
"merchantAllowlist": ["github.com", "vercel.com"],
"mccAllow": [5734, 5969],
}
01[ POLICY SCHEMA ]

One declarative object. Every guardrail.

Bind a policy to an agent or a card. The Ovra runtime evaluates every rule on every charge, in order, fail-closed.

policy/vendor-spend.json
{
"name": "vendor-spend",
"perTransactionMax": "€500",
"dailyMax": "€1,000",
"monthlyMax": "€15,000",
"merchantAllowlist": ["github.com", "vercel.com"],
"mccAllow": [5734, 5969],
"country": ["DE", "FR", "NL"],
"window": "Mon-Fri 09:00-19:00",
"cooldownSeconds": 60,
"approveAbove": "€250",// human review
}
RULES·12 SUPPORTED
Per-transaction max
max €500 / charge
Daily aggregate
≤ €1,000 / 24h
Weekly aggregate
≤ €5,000 / 7d
Monthly aggregate
≤ €15,000 / 30d
Merchant allowlist
github.com, vercel.com
Merchant blocklist
casino.*, *.crypto
MCC restriction
5734, 5969 only
Country restriction
EU + CH only
Time-of-day window
Mon–Fri · 09:00–19:00
Cooldown interval
≥ 60s between charges
Max-usage count
≤ 10 charges / card
Auto-approve threshold
human review > €250

Rules compose. Bind a policy at the workspace, the agent, or the card — the engine evaluates the union, narrowest scope wins.

Enforce

Hard block. Authorization is denied before the network ever sees the request.

Approve

Held pending human approval. Charge waits in the queue until a maintainer signs off.

Warn

Proceeds with an advisory. Webhook fires and the event lands in the audit trail.

02[ ENFORCEMENT LAYERS ]

Three layers. None of them trust the agent.

Defense in depth: the API layer denies first, the network catches what slips through, settlement reconciles what shipped.

L1·APPLICATION POLICY ENGINE

Application policy engine

Synchronous, fail-closed evaluation in the authorization path. Every charge resolved against the bound policy before money moves.

  • Runs inside the API request, not after
  • Fail-closed: a missing policy denies the charge
  • Decision + reason persisted to the audit trail
COVERAGEmedian 12ms
L2·CARD-NETWORK CONTROLS

Card-network controls

BIN-level limits configured with the issuer: hard amount caps, MCC blocks, country restrictions. Enforced even if the API is bypassed.

  • Per-card spend ceiling at the issuer
  • MCC and country filters at the BIN
  • Backstop if a higher layer fails open
COVERAGErail-level
L3·POST-PAYMENT VERIFICATION

Post-payment verification

Settlement events reconcile against the original intent. Drift, duplicate charges, or merchant substitutions trigger reversal and alert.

  • Webhook-driven reconciliation per settlement
  • Detects amount drift and merchant mismatch
  • Auto-revoke on anomaly, page on chargeback
COVERAGEevery settlement
03[ REAL-TIME EVALUATION ]

Evaluated on the request. Decided in milliseconds.

Every rule, in order. The decision and reason persist to the audit trail before the network ever hears about the charge.

INTENT
charge €49.99 · vercel.com · MCC 5734
POLICY ENGINE
01load policy(vendor-spend)
02evaluate 7 rules · sequential · fail-closed
03persist decision to audit log
APPROVE
authorize
REVIEW
queue + page
DENY
decline + log
trace · int_4a8f...c3e1EVAL
PASSperTransactionMax €49.99 ≤ €5001.2ms
PASSmerchantAllowlist vercel.com0.8ms
PASSmccAllow 57340.6ms
PASScountry DE0.5ms
PASSwindow Wed 14:22 CET0.4ms
PASSdailyMax €312 / €1,0001.1ms
PASSapproveAbove €49.99 < €2500.3ms
APPROVEDtotal 12ms · authorize

You can't trust the entity you're trying to constrain to enforce its own constraints.

Prompt-based guardrails are suggestions. Ovra policies live in the request path at the API layer — outside the agent's runtime, memory, and context. The agent never sees the rules, can't modify them, and has no mechanism to circumvent them.

Define the rules. Ship the agent.

Get a sandbox workspace in the private beta. Write your first policy and watch every charge resolve against it.

Request beta accessRead the docs