§ DOCUMENTATION
Documentation.
Everything you need to integrate, configure, and operate Execlave.
Quick Start Guide
Go from zero to your first traced LLM call in under 5 minutes. Includes copy-paste prompts for your AI coding assistant.
Get started →Already know what you're doing?
Integrate Execlave into my project. Install @execlave/sdk (npm) or execlave-sdk (pip). Initialize with: const ag = new Execlave({ apiKey: process.env.EXECLAVE_API_KEY, baseUrl: 'https://api.execlave.com' }); Register my agent: await ag.registerAgent({ agentId: 'my-agent', name: 'My Agent', type: 'chatbot', platform: 'custom' }); Wrap LLM calls: const trace = ag.startTrace({ agentId: 'my-agent' }); trace.setInput(userMessage); const response = await llm.call(userMessage); trace.setOutput(response).setModel('gpt-4').finish(); Add shutdown handler: process.on('SIGTERM', () => ag.shutdown()); See full guide: /docs/getting-startedGetting Started
Policies & Governance
Policy Engine
19 built-in policy types — injection scanning, access control, cost limits, PII protection, output classification, budget caps, tool integrity, runtime tool guardrails, CEL expressions, response groundedness, OPA Rego policies, agent-lineage controls, and more. Four enforcement modes: block, warn, monitor, require_approval.
Agent Governance Suite
NewTiered autonomy levels, real-time cost circuit breaker, agent registry & lifecycle, permission-drift detection, eval-to-policy suggestions, and data-access lineage — the AMP control plane.
Prompt Injection Detection
NewIntent-aware and multilingual. Tells a definitional question ("what is a system prompt?") from an attack ("reveal your system prompt"), covers 13 languages, and escalates ambiguous cases to an LLM semantic layer.
PII Detection
NewChecksum-validated national IDs across the US, EU, and India (SSN, cards, Aadhaar, IBAN, NINO, DNI/NIE, Codice Fiscale, IdNr, INSEE), plus opt-in name/address NER via Presidio + GLiNER.
Expression Policies (CEL)
Write custom governance rules using CEL expressions. Access 11 context variables including input, output, cost, tools, environment, and metadata.
Policy Chaining
Evaluate multiple policies in sequence. Control ordering, short-circuit behavior, and how violations from different policies interact.
Custom Validators (BYOV)
Register external HTTP endpoints as policy validators. Execlave calls them during enforcement with HMAC-signed payloads and retries on failure.
Runtime Governance & Identity
Approval Workflows 2.0
NewHuman-in-the-loop approvals with computed risk scores, tier routing, SLA escalation, and a continuous authorization-certificate verification loop.
Agent Identity
NewIssue short-lived RS256 exe_agt_ credentials and verify them offline against a public JWKS endpoint — verifiable identity for machine-to-machine and agent-to-agent calls.
Policy-as-Code
NewAuthor policies as JSON/YAML bundles, validate with execlave policies lint, reconcile with sync, and audit every change through tamper-evident version history.
Runtime Guardrails
NewPer-agent tool-invocation allow/deny policy, tool-output PII/injection scanning, and agent-to-agent credential authorization.
Agent Passport
NewDelegation chain-of-custody, capability inheritance, revocation cascade, declared-vs-observed shadow-tool diff, and a non-human-identity inventory.
Red-Team Gate
NewRun an adversarial probe suite with execlave test; gate promotion to the autonomous tier on a minimum resilience score (0.9 by default).
AI FinOps
NewAttribute spend by cost center, project, and team; export chargeback CSV; set budget caps; and forecast month-end spend.
Drift Signal
NewDetect behavioral drift — new tool usage, denial-rate shifts, new data classes — and automatically downgrade an agent’s autonomy on high-severity drift.
IAM Binding (Workload Identity)
NewBind agents to Microsoft Entra workload identities and exchange Entra-issued tokens for short-lived Execlave credentials — no static API keys to rotate or leak.
Observability & Incidents
Execution Traces
Capture inputs, outputs, token usage, cost, latency, and policy evaluations. Supports hierarchical spans, trace trees, similarity search, and CSV/JSON export.
Webhooks
Subscribe to 16 event types (policy_violated, kill_switch_triggered, budget_exceeded, and more). Deliveries are HMAC-SHA256 signed and retried with exponential backoff.
Alerts & Notifications
Define alert rules on metrics with configurable thresholds, severity levels, and time windows. Supports email, Slack, and webhook notification channels.
Anomaly Detection
ML-powered detection using EWMA with seasonal decomposition. Includes root cause analysis, time-series forecasting, and configurable baselines.
Splunk Integration
NewStream enforcement decisions and traces to Splunk via HTTP Event Collector, with SPL saved searches for violation bursts, cost spikes, and blocked agents.
Microsoft Sentinel
NewRoute governance events into Sentinel through the Azure Monitor Logs Ingestion API, with KQL analytics rules ready for your SOC queue.
Incident Response Workflow
NewA six-stage runbook for agent incidents: detect, route, triage, contain, collect evidence, and close with a hash-chained audit export.
Security & Compliance
Authentication & API Keys
Authenticate via Logto JWT or environment-scoped API keys (exe_dev_, exe_stg_, exe_prod_). Four-role RBAC hierarchy: Owner > Admin > Developer > Viewer.
Compliance Frameworks
Generate digitally signed evidence reports for SOC 2, GDPR, HIPAA, ISO 27001, and EU AI Act. Verify report authenticity via the compliance API.
Audit Logs
Tamper-evident, append-only audit trail with cryptographic chain verification. Export as CSV/JSON or as a signed compliance package for auditors.
Approvals
Human-in-the-loop workflows for require_approval policies. SDKs poll for the decision while admins approve or deny from the dashboard.
Integrations
LangChain
Callback handler that instruments chains, LLMs, tools, agents, and retrievers — Python and TypeScript.
OpenAI Agents SDK
Tracing processor that captures agent/tool/generation spans and blocks disallowed tools before they run.
CrewAI
One call to instrument_crew() wires in step and task callbacks, chaining your existing callbacks.
AutoGen
Instrument AutoGen multi-agent conversations with trace capture and policy enforcement per agent turn.
LlamaIndex
Callback handler for LlamaIndex query engines, retrievers, and synthesis steps.
n8n
Gate your n8n AI workflows with Execlave policies and trace logging — no-code templates included.
MCP (Model Context Protocol)
Govern MCP tool servers — trace tool calls and enforce allow/deny policies on MCP tools before they execute.
OpenAI Chat Completions
Drop-in wrapper for direct OpenAI chat completion calls — traces, cost capture, and policy checks without a framework.
All Integrations
Browse every first-party framework integration and what is on the roadmap.
Reference
SDK Reference
Full API reference for the TypeScript and Python SDKs — methods, config, error types.
REST API Reference
Every endpoint with request/response examples and cURL snippets.
CLI Reference
Install the execlave CLI, authenticate via env var, and run all 11 command groups from the terminal.
Comparisons
See how Execlave compares to other AI governance solutions, including Microsoft Agent Governance Toolkit.
Reference Deployment
NewA governed two-agent production architecture end to end: stack, autonomy tiers, policy set, measured enforcement latency, and SIEM routing.
Quick Reference
| Endpoint | Method | Description |
|---|---|---|
| POST /api/v1/agents | REST | Register a new AI agent |
| PATCH /api/v1/agents/:id/pause | REST | Kill switch — pause an agent |
| POST /api/v1/agents/authorize | REST | Agent-to-agent authorization check |
| POST /api/v1/policies | REST | Create a governance policy |
| POST /api/v1/policies/enforce | REST | Pre-execution policy enforcement |
| POST /api/v1/policies/test | REST | Dry-run policy test |
| POST /api/v1/policies/generate-from-text | REST | AI-generated policy from natural language |
| POST /api/v1/traces/ingest | REST | Submit execution traces (batched, up to 100) |
| GET /api/v1/traces/:id/tree | REST | Get hierarchical trace tree |
| POST /api/v1/webhooks | REST | Register a webhook endpoint |
| POST /api/v1/webhooks/:id/test | REST | Send a test delivery |
| POST /api/v1/alerts/rules | REST | Create an alert rule |
| GET /api/v1/alerts/history | REST | View alert history |
| GET /api/v1/incidents | REST | List incidents |
| GET /api/v1/approvals/pending | REST | List pending approvals |
| POST /api/v1/approvals/:id/decide | REST | Approve or deny an action |
| GET /api/v1/compliance/report | REST | Generate compliance evidence report |
| GET /api/v1/audit-logs/chain/verify | REST | Verify audit log chain integrity |
| POST /api/v1/anomaly/detect | REST | Run anomaly detection |
| POST /api/v1/anomaly/forecast | REST | Run time-series forecast |
| POST /api/v1/custom-validators | REST | Register a BYOV endpoint |
| GET /api/v1/analytics/overview | REST | Operational analytics overview |
Install
JavaScript / TypeScript
npm install @execlave/sdkPython
pip install execlave-sdkCLI (npm)
npm install -g @execlave/cliCLI (login)
execlave login