How it works

Every action clears one gate before it runs.

Capability, policy, shield, budget, audit — in that order — on every tool call, every payment, every write, before it happens.

Book a demo Security

One gate, every action Signed, tamper-evident audit Self-hosted or air-gapped

The gate

Capability, policy, shield, budget, audit — in that order.

Capability

Attenuate-only tokens. An agent can narrow its rights, never widen them.

Policy

Allow, deny, or require a human — bound to every action.

Shield

Scans for the dangerous action and the prompt injection.

Budget

Hard caps on tokens, dollars, wall-clock, and tools.

Audit

A signed, hash-chained entry you can verify offline.

Every action passes through this gate before it runs. An agent cannot do anything Maverick didn't watch and record.

The platform

Seven parts, one governed spine.

kernel

maverick-core

The runtime that runs and governs the work. It holds without the shield, never requires it.

shield

Scans every action

Inspects each action for the dangerous call and the prompt injection before it clears the gate.

channels

Work in, work out

How work comes in and goes out — the governed surface between agents and your systems.

dashboard

The human control plane

Inboxes and sign-off. Where a person reviews, certifies, and releases what an agent produced.

mcp

Drive it from your editor

An MCP server. Run Maverick from Claude Code, Cursor, or any MCP client.

evolve

The learning lifecycle

The closed, audited loop that lets the workforce improve — and prove it.

knowledge

Per-department & fleet memory

Memory scoped per department, plus fleet memory that governs external agents.

Governance

Least privilege, enforced.

Capability tokens

Attenuate-only. An agent narrows its rights to the task in front of it — and can never widen them.

Policy engine

Allow, deny, or require a human — bound to every action, not bolted on after the fact.

Egress lock

A successful prompt injection still can't move data out. There is no required path off your environment.

The Operating Record

Every action, signed and hash-chained.

Tamper-evident and verifiable offline. Each entry signs the one before it — alter a row and the chain breaks.

operating record● chain verified

# each entry signs the one before it

0xA2 · deny $60k wire✓ signed

0xA3 · require-human $6k✓ signed

0xA4 · cap runaway loop✓ signed

— alter 0xA2 after the fact —✗ CAUGHT

maverick audit --verifyno network required

# offline verification of the chain

read 0xA2 → 0xA4✓ signatures valid

recompute hash chain✓ intact

diff against signed seal✓ match

tamper one byte✗ chain breaks

Provable learning

A workforce that proves it improved.

A closed, audited loop: offline consolidation (“dreaming”), hindsight, and proof, with per-department memory feeding a causal flywheel. Every causal claim survives a placebo test before it changes behavior, and every change is reversible — snapshot and rollback.

The library

1,118 specialists, already built.

1,118

governed packs · 0 lint errors

regulated suites

~29

governed deliverables in the finance suite alone, across 11 roles

Run domains-lint yourself.

Proof

We don't say it's governed. We show it.

A live golden path refuses the dangerous action and leaves a receipt for every decision. One command signs an offline-verifiable evidence bundle.

maverick golden-pathevery row tamper-evident

boot finance specialistSEALED

$60,000 wireDENY

$6,000 releaseREQUIRE_HUMAN

runaway loopCAPPED

alter an audited rowCAUGHT

maverick proof-pack● Ed25519 signed

# PROOF.md — verifiable offline

governance✓ PASS

reliability✓ CERT

performance✓ SLA

shield✓ PASS

Deliverables

Work lands where a human signs off.

A goal's result renders as a typed deliverable, routes to a per-role inbox, and waits for a human to certify it — then routes into Salesforce or ServiceNow, signed and audited.