CtrlAi
Try free

Your company's brain

Your AI runs
your company's rules.

Not its training data. Not prose. Not hallucinations.
Every answer is a typed function your expert signed.

Drop your first policy Watch how it works
Or book a demo
discount-policy.pdf · §3

Discounts above 10% require VP approval. SDR cap is 5%.

Awaiting · type-checking…
Awaiting · signature…
Awaiting · invocation from a surface…
247Signed Ctrls47Companies1.2MInvocations · 7d0Audit failuresBacked by a public transparency log. Auditable forever.
Spec v0.4.1Evidence on every receipt7 Ctrl kindsRBAC-scoped tool surfacePortable to GitHubW3C Verifiable Credential

The primitive

A Ctrl is one signed rule.

Your AI doesn't make decisions. It invokes these.

Every answer your AI gives is the typed output of a function your expert signed. Watch one form, end to end.

01Your policy
discount-policy.pdf · page 3

Human prose · ambiguous · re-interpreted every time
02Typed function
Awaiting…
03Signed by your expert
Awaiting…
04Invoked
Awaiting…
Step 1 of 400:00 / 00:12

Now every AI surface in your company invokes the same Ctrl.
Slack, voice, email, web chat, MCP partners — one signed library, one decision.

Provenance

Click any sentence. See what made it true.

Every factual claim your AI emits binds to the receipt of the Ctrl that produced it. Open the receipt and you see the signers, the post-conditions that passed, and the literal paragraphs the runtime read — signed and hashed alongside.

/ask · synthesis from ⌃ Sales

Q3 ARR is $2.87M against the $4.5M target — a $530K gap. Two deals totaling $415K are flagged at-risk — Acme renewal (champion left) and Brightline (budget freeze).

Recommend doubling down on the two at-risk deals this week and accepting that Q3 lands ~12% under plan.(uncited — synthesis)

Receipt · data_lookup
lookup-crm-pipeline-summary
invocation: inv_lookup_pipeline
verified
Signed by Mark Liu· VP Sales · Sales
Post-conditions
  • non-negative-arr
  • currency-usd
Evidence the runtime consulted
Source [1] · data_lookup
Salesforce · Q3 2026 Pipeline view

Total Q3 closed: $2,870,000. Target: $4,500,000. Gap: $530,000 (12% behind plan).

sha256: f1d2…a6e3
Ed25519 · spec v0.4.1 2026-05-18 12:00:08Z
This is what your auditor sees.Public verifier

The drawer your auditor opens is the drawer your team opens.
No separate compliance product. The receipt is the audit trail.

The library

Your company's brain. It grows every day.

Every doc you upload, every rule your expert signs — a new Ctrl, bound to a real human in a real department.
Every AI surface in your company gets smarter together. Green pulses are invocations happening right now.

+12signed · this week1.2Minvocations · 7d0audit failures
Signed Ctrls269
SalesSarah Chen
47
Customer SuccessMarcus Webb
52
EngineeringYuki Tanaka
48
FinanceJia Park
38
LegalAlex Rivera
19
MarketingPriya Reddy
23
PeopleTom Kowalski
14
OperationsLena Mueller
28

The hub

Every model. Every system. Every answer. Through your signed library.

Watch an invocation route through your signed library to a specific Ctrl — which decides whether to call a model, pull from data, or both — then return as a typed reply with a sealed receipt.

⌃ Ask
⌃ Slack
⌃ Voice
⌃ Email
⌃ Web
⌃ MCP
Routerscope · trust · model
CClaude 4.7
HHaiku 4.5
OGPT-5.5
GGemini 3.1
SSalesforce
HHubSpot
SStripe
NNotion
PPostgres
Active Ctrl · deterministic · Denoapprove-discount@v4
Sarah Chen
Can I give 15% off this $50K deal?
deno · executing
const CAP = { SDR: 0.05, AE: 0.10, VP: 0.20 };
if (discount_pct <= CAP[role])
  return { approved: true };
return { approved: false, required_signer: "CRO" };
Typed reply · awaiting…Blocked · escalate to Sarah Chen (CRO)
Receipt · awaiting…

What makes this different

Every SaaS has AI now. Only one has signed Ctrls.

ChatGPT, Slack AI, Monday AI, HubSpot AI — all run a language model on someone's data. None are signed. None are typed. None can tell you who's accountable.

01 · LLM only

ChatGPT, Claude, Gemini

An averaged voice with no company knowledge.

internetwikipediaredditblogstweets
? question
⤓ answerfabricated
Source-grounded✕ No
Signed by a human✕ No
Typed input/output✕ No
Auditable receipts✕ No

02 · SaaS AI

Slack AI · Monday AI · HubSpot AI

Each app makes decisions independently. No audit trail. No signed rules.

SlackSlack AI
MondayMonday AI
HubSpotHubSpot AI
NotionNotion AI
Source-grounded Partial
Signed by a human✕ No
Typed input/output✕ No
One library, every surface✕ No

03 · Ctrl AI

Your signed library

One library. Signed by your team. Invoked from every surface.

Slack
Voice
Email
Web
MCP
discount
refund
expense
clause
deploy
Sarah
Marcus
Jia
Alex
Yuki
Source-grounded Yes
Signed by a human Yes
Typed input/output Yes
One library, every surface Yes

They build AI on their data.
We build the library your data signs.

The router

The cheapest model that's safe enough.

Every signed Ctrl declares its trust requirement. The router picks the cheapest frontier model that satisfies it.
Most Ctrls run on Haiku — 5× cheaper and 5× faster than Opus. Opus only when the Ctrl explicitly requires it.

cheaperfaster0accuracy lost

BYOK at every tier — your model spend is your bill from your provider, not us. We don't mark up tokens.

Your 247 signed Ctrls · by modelRouter-decided
82%Haiku 4.514%Sonnet 4.64%Opus 4.7
Model spend · 1.2M invocations · last 7 days5× lower
Without router$5,000per weekPaying Sonnet rates for every invocation
With Ctrl AI router$1,000per weekTrust-level-driven model selection
BYOK — model spend bills directly to your Anthropic / OpenAI / Google account. We never mark up.How the router works

Lifecycle

When your docs change, your AI changes.

But only after a human signs.

No silent updates. No drift. When the policy moves, the Ctrls bound to it move to review pending. Your AI keeps the old rules until your expert reads the diff and re-signs. The receipts chain shows every version forever — and every past receipt is replayable against the new policy. Drift shows up automatically, before your auditor asks.

State 1 of 300:00 / 00:13

Today

Signed and current

discount-policy v3 is signed. All bound Ctrls are verified.

Policy documentdiscount-policy.pdfversion v3

Ctrls bound to this policy · 3

Ctrlapprove-discountverified · v3
Ctrlqualify-dealverified · v2
Ctrlsend-contract-quoteverified · v1
Signed bySarah ChenLast signed 2026-04-12

The standard

Your signed Ctrls live in version control.

A signed Ctrl exports as .ctrl — a canonical YAML file with the schema, the signature, the fixtures, the regulatory citations. Commit it to your repo. PR review for policy. CI fixture runs gate every change. Merge to deploy.

commons/v0/fintech/kyc-check.ctrlon branch · author-kyc-v1
apiVersion: ctrl.dev/v0
kind: Ctrl
metadata:
  slug: commons-kyc-check
  name: KYC Check (Commons v0)
  description: |
    Returns a KYC verification status, including
    PEP and sanctions screening.
  version: 1
  domain: compliance
  dataSensitivity: confidential
  containsPii: true
  riskClass: high
  appliesToJurisdictions: [EU, UK, US]
  satisfiesClauses:
    - framework: amld6
      clause: art-13
spec:
  inputSchema: { … }
  outputSchema: { … }
  implementation:
    kind: data_lookup
    connectorId: PLACEHOLDER-kyc-connector
    toolName: verify
  postConditions:
    - id: review-required-on-pep
      severity: error
      expr: outputs.pepStatus !== "pep" || outputs.reviewRequired === true
  fixtures:
    - name: clear-customer
    - name: pep-flag-triggers-review
signatures:
  author:
    userId: usr_sarah
    signedAt: 2026-05-01T12:00:00Z
Canonical YAML · stable byte order · Ed25519-signable
Add KYC Ctrl with PEP screening
#142 · author-kyc-v1 → main · 1 file changed, +84 −0
Checks · 4 passing
  • Ctrl AI Fixtures· 3 .ctrl files validated · 6 fixtures green
  • typecheck· No type errors
  • build· next build · 38s
  • lint· 0 errors · 0 warnings
Reviewers
⌃ Sarah Chen requested changes resolved · approved
Squash & merge→ triggers org · ctrl:import

Same artifact your auditor verifies. Same artifact the GitHub Action runs fixtures against on every PR. Same artifact any W3C VC verifier can validate offline.

npm run ctrl:export.github/actions/ctrl-fixturesdid:web:<org>Ed25519Signature2020

Cross-org by construction

Audit by graph. Authority by passport.

Every decision an AI makes for your company traces back to the chain of Ctrls that produced it. And every external agent — your consultant's Claude Code, your vendor's Cursor — carries one passport across every client org, with per-Ctrl grants signed independently by each.

Decision DAG

Click any answer. See the chain that produced it.

From the receipt drawer → "Why this decision?" → opens /decisions/[invocationId]

Session envelope · sealed
merkle: 9c2a…b074 · 4 receipts
sessionstep 1
lookup-loan-applicant
Lookup Loan Applicant
verifieddata_lookup
⌃ Sarah · CRO
pre-flightstep 2
refuse-pii-export
Refuse PII Export
groundedrefusal
⌃ Mark · GC
rootstep 3
score-credit-risk
Score Credit Risk
groundedgrounded_llm
⌃ Sarah · CRO
triggerstep 4
send-denial-email
Send Denial Email
verifiedexternal_action
⌃ Sarah · CRO
/decisions/[invocationId]Open the live page
Agent passport

One agent. Every client. One passport.

Ed25519-signed by the issuing org. Each client grants per-Ctrl access, independently.

Agent passport
urn:ctrl-passport:pass_abc
Subjectclaude-codevendor · Anthropic
Issued byAcme Consultingdid:web:ctrl.dev:orgs:acme-consulting#receipts-2026
Ed25519Signature2020 · W3C VC v2
Per-org grants matrix
  • Acme Corp
    7 Ctrls granted · read · forecast Ctrls
    live
  • Beta Industries
    12 Ctrls granted · read · audit Ctrls
    live
  • Gamma Holdings
    4 Ctrls granted · read · KYC pack
    live
inter_org_grants · per-row signed by each org

The audit story isn't a separate product.
The Decision DAG falls out of the receipt chain. The grants matrix falls out of the passport table. Compliance is shape, not feature.

Pricing

Every tier ships the same receipts.

Three tiers. The transparency log, the signed Ctrls, the audit trail — every tier gets the full system. Tier is signers and library size, never features.

Team

$199/mo
Small teams getting started
  • Up to 5 signers
  • 25 signed Ctrls
  • Community packs
  • BYOK
Start free trial

Company

Recommended
$399/mo
50-200 person companies
  • Up to 25 signers
  • 100 signed Ctrls
  • Premium packs (SOC 2, GDPR)
  • Slack · voice · email · web · MCP surfaces
  • Audit-grade transparency log
Start free trial

Enterprise

Custom
200+ person companies
  • Unlimited signers + Ctrls
  • SSO + SAML + audit roles
  • Dedicated infrastructure
  • Custom packs + co-signed by your experts
  • Procurement / DPA / red team support
Book a demo
See full pricing Book a demo

Start in 60 seconds

Drop a doc.
Be running in 60 seconds.

Upload your first policy. Three signed-Ctrl drafts come back. Sign one — your AI is now invoking your rules. From every surface.

Or fork a Ctrl Commons pack — KYC, AML, sanctions screening, FX, audit-cadence — signed scaffolds you re-sign for your jurisdiction.

Try with your policies Or explore a sample company
Or book a demo
PDF / MD / DOCXDrop a doc60 secondsSign one CtrlSlack · voice · email · MCPInvoke from anywhere
Drop a policyor use sample