Why not just build this myself?

You will, partially. Every team shipping agents ends up with some logging, some permission checks, some kill switches. The question is whether you want to maintain that across every agent, every tool, every feature — and whether you want it to be consistent, auditable, and improvable, or scattered and ad hoc. We built it as infrastructure so you don’t have to keep rebuilding it for each feature.

How much latency does this add?

Policy evaluation runs locally in your environment. Single-digit microseconds for most evaluations. The hosted service handles policy sync, audit storage, and suggestions in the background — never on your hot path.

What frameworks does this work with?

Anything that takes actions. LangChain, OpenAI Agents, Anthropic tool use, MCP servers, CrewAI, custom agent loops, CI/CD pipelines, automated workflows. hiitl is framework-agnostic — if your code takes an action, you can wrap it with evaluate().

Use AI on work that matters.

/ˈhɪt.əl/

Move from prototype to production.

Get governance created automatically.

Prove compliance to any auditor, anytime.

Do it yourself with free tools. Or have us deliver the whole thing.

Scan your AI system — free Talk to us about delivery →

Read the docs →

One integration point. Every stakeholder served.

The same action matters to security, product, compliance, finance, operations, engineering, leadership, and audit — simultaneously, for different reasons. Each perspective generates requirements. hiitl serves all of them through a single control boundary.

The scan runs as a CLI tool, a Claude Code skill, or through the GitHub App, executing in your own environment. hiitl identifies action points, governance gaps, and regulatory exposure — no tokens burned on our side for complex codebases, no IP exposure, and you maintain control of your code. The scan output is the foundation for every path: implementation, services delivery, or compliance proof.

After the scan, three paths.

Any persona. Any path. The scan output is the starting point for each of them.

I'll implement it

You scanned your system. You see the gaps. Close them yourself — hiitl generates the controls calibrated to your traffic and ships them through your normal PR review. Free SDK, observe mode, paid intelligence layer when you're ready. Two integration paths: SDK or MCP.

See how it works →

We'll handle it

You scanned your system. You see the gaps. We close them. Three engagement tiers from assessment to full governance delivery. Every engagement installs the platform — you get a running governed system with compliance evidence flowing, not a report.

See engagement tiers →

Prove I'm compliant

You scanned your system. Here's your regulatory exposure mapped against EU AI Act, NIST, ISO 42001, and state-level AI laws. Continuous compliance posture with audit-grade evidence — not a point-in-time PDF.

See regulatory mappings →

The Problem Most Teams Don't See

Your agents have rules. Rate limits, approval thresholds, workflow requirements, compliance constraints. Where do those rules live?

If they're in your system prompt, they're suggestions. The model reads them, weighs them against the current task, and sometimes follows them. Sometimes doesn't.

Context-window guidance is probabilistic. Infrastructure-layer policy is deterministic.

hiitl moves the rules that must be enforced from the context window — where they compete for attention — to the control point — where they're gates.

See the difference →

from hiitl import HIITL

hiitl = HIITL()

result = hiitl.evaluate("send_email", parameters={
    "recipient": "external@partner.com",
    "recipient_type": "external",
    "contains_pii": False,
})

if result.allowed:
    send_email(...)

Add the SDK. Wrap your actions. Every call is logged — add policies when you're ready.

See every action before it executes.

hiitl dashboard

Allowed1,247

Blocked23

Escalated8

2s agosend_emailcustomer-serviceALLOWEDrecipient: "user@example.com"

5s agoprocess_paymentbilling-agentBLOCKEDamount: 15000, currency: USD

12s agodeploy_serviceci-pipelineREQUIRE_APPROVALenv: "production", version: "2.4.1"

15s agoapprove_claimclaims-workflowALLOWEDclaim_id: "CLM-4829", amount: 2400

18s agoquery_databaseanalyticsALLOWEDquery: "SELECT count(*) ..."

22s agocreate_api_keyprovisioningREQUIRE_APPROVALscope: "admin", ttl: 3600

Every action. Every parameter. Every decision. One place.

From your codebase to full governance. Two PRs.

Your total effort: two PR reviews to go from zero to governed.

Scan

One command

Run the codebase scan. hiitl identifies every point where your system takes real-world action — tool calls, API requests, database writes, external service invocations.

PR #1 — Integrate

One PR review

Merge the integration PR. Adds evaluate() wrappers around your action points. Your system is now observable — every action logged, behavior unchanged.

Observe

Watch your system run. Every action logged automatically. Dashboard populates with tool calls, parameters, frequency patterns, and behavioral data.

Generate

Review suggestions

Intelligence layer analyzes your observed patterns and generates policies calibrated to your actual traffic, recommends route connections, and suggests context enrichment for your code.

Test

Backtest generated policies against historical traffic. Grade coverage. See exactly which actions would be blocked, allowed, or escalated before anything changes.

PR #2 — Enforce

One PR review

Merge the enforcement PR. Policies active. Routes connected. Human collaboration configured. Your system is governed.

Continuous

Ongoing intelligence: drift detection alerts when behavior changes, new policy recommendations as patterns evolve, compliance mapping updates as regulations change.

Everything your AI system needs to run safely, scale confidently, and stay compliant.

Enforcement

Deterministic policy evaluation. Rules compose — a fraud score from one rule can trigger a compliance check from another.

Human Collaboration

Any policy can require approval. hiitl pauses the action, routes it to your tools, resumes when the decision comes back.

Service Ecosystem

coming soon

Connect security, compliance, billing, and observability services through a single routing layer.

Compliance

Immutable audit trails, policy version history, and exportable evidence packages for auditors.

Billing & Metering

coming soon

Cost controls, spending thresholds, and billing events. Know exactly what your AI system costs to operate.

Visibility

Dashboard makes your control layer visible to compliance officers, legal counsel, auditors, and leadership.

Testing & Rollout

coming soon

Backtest policies against historical traffic. Stage in observation mode. Roll out progressively. Roll back instantly.

Continuous Intelligence

coming soon

Drift detection, new policy recommendations, and compliance mapping that evolves with your system.

Ecosystem Orchestration

coming soon

Coordinate external services through policy. External calls happen precisely when policy says they’re needed.

LATENCY & ARCHITECTURE

Single-digit millisecond evaluation. External services only when policy says they're needed.

Local-first. No API call for evaluation.·Fail-safe. Local evaluation continues if cloud is unreachable.·Open source. Runs in your environment, forever, for free.

Hybrid by default

Policy evaluation runs locally in your process — sub-millisecond latency with no network round-trips. The hosted service syncs policies, collects telemetry, and provides the management layer.

↔

Architecturally neutral

Works with any agent framework, any LLM provider, any orchestration pattern. hiitl is additive — three lines of code, no architecture changes.

≡

Deterministic

Decisions are made by rules and explicit signals, not by another LLM making a judgment call. Predictable, auditable, debuggable.

THREE ARTIFACTS

Every action produces an envelope, is evaluated against a policy, and can be routed to any service.

DEPLOYMENT ARCHITECTURE

Evaluation happens locally. Everything else syncs in the background.

Open source. Run locally forever. Pay for the services that make it easy.

Local execution is always free because it's open source running in your environment — there's nothing for us to meter. We earn the right to charge through value we add.

Free

$0forever

Open source. Run in production. No caps.

•Full control point: evaluate(), policies, enforcement
•Local evaluation — microsecond latency
•Codebase scan (CLI)
•Observation mode
•Local dashboard
•Unlimited local evaluate() calls
•Community support

Start Free

Pro

$79/mo per org

Hosted platform + intelligence automation.

•Everything in Free
•Hosted dashboard with recommendation cards
•250K cloud-synced actions/month
•Unlimited intelligence layer
•20 backtests/month
•PR generation via GitHub App
•Change detection — drift alerts
•90-day cloud audit retention
•3 dashboard users
•Email support, 48-hour SLA

14-day free trialsoon

Scale

$399/mo per org

Compliance, RBAC, and managed routes.

•Everything in Pro
•2M cloud-synced actions/month
•Unlimited backtesting
•Managed routes marketplace
•Compliance evidence packages
•RBAC for policy management
•10 dashboard users
•1-year cloud audit retention
•Priority support, 24-hour SLA

Coming soonsoon

Enterprise

Customannual contract

Compliance-required infrastructure.

•Everything in Scale
•Unlimited cloud sync
•SSO (SAML/OIDC)
•Advanced RBAC — approval workflows
•Multi-region data residency
•Private deployment option
•Certified reviewer network
•Configurable audit retention
•Dedicated support + CSM
•Guided onboarding

Talk to us

All paid tiers are per organization, not per seat. Add your whole team.

Frequently asked questions

Policy evaluation runs locally in your environment — single-digit milliseconds, no network call. External services are only invoked when a specific policy routes a specific action to them. Background services (monitoring, compliance, billing) are async and add zero latency. Most actions evaluate against local policy and proceed immediately.

hiitl works with LangChain, LangGraph, CrewAI, AutoGen, MCP, LlamaIndex, and custom frameworks. The SDK wraps your existing tool calls. Your framework handles orchestration. hiitl handles control. They’re complementary — hiitl operates underneath your framework, not inside it.

Local evaluation continues. The SDK evaluates policy in-process without any cloud dependency. If the hosted platform is unreachable, cloud sync pauses but enforcement continues locally. Configurable fail-open or fail-closed per policy. Your system never stops because of hiitl.

With the free SDK: yes, you author policies in YAML. With the Pro tier: no. hiitl’s intelligence layer generates policies from observing your system, calibrated to your actual traffic. You review and adjust. You can also mix — accept generated policies for some areas and write custom policies for others.

Only what you send in the evaluate() envelope. The developer controls exactly which fields are included. Sensitive parameters can be redacted or hashed. Local-only mode means no data leaves your environment at all. Cloud sync is opt-in per field.

Framework HITL is a checkpoint the developer places at specific points in the agent’s execution graph. It exists where you decided to put it, works within one framework, and handles the approval/denial at that node. hiitl is infrastructure that every action passes through — governed by policy, working across all frameworks, with rate limiting, kill switches, service connections, compliance mapping, and audit trails that framework-level checkpoints don’t provide.

The codebase scan is free and runs in your environment. The open-source control point is free forever with no caps. The Pro tier has a 14-day free trial. Everything you build during the trial keeps working on the free tier — you’d lose ongoing automation, not your control layer.

The core control point — evaluate(), policy engine, enforcement, collaboration, route connections, local storage — is open source. Run it locally in production, forever, for free. The hosted platform (cloud sync, intelligence layer, managed services delivery, compliance infrastructure) is a paid service built on top of the open-source core.

No. Rules in system prompts are probabilistic guidance — the model reads them and decides whether to follow them based on the current context. Sometimes the rule wins. Sometimes the task wins. hiitl moves the rules that must be enforced from the context window to the control point, where they’re enforced unconditionally — without taking away the reasoning guidance the model still needs.

Two disciplines. Context engineering is how you make agents smart — system prompts, memories, skill files, examples. Probabilistic by design, because you want the model to weigh guidance against the situation. The control point is how you make agents reliable — financial thresholds, rate limits, workflow requirements, compliance gates. Deterministic by design, because “the model sometimes skipped it” is unacceptable. hiitl is the deterministic discipline. You bring the context engineering. We deliver the gates and the managed governance around them.

See what your AI system does.

Scan Your AI System Read the Docs Star on GitHub

Free. Runs in your environment.