Enterprise AI Governance

The governance layer for production AI

Rynko sits between your autonomous agents and the real world — providing deterministic guardrails where libraries like Pydantic stop. Governance, Visibility, and Human-in-the-Loop infrastructure for mission-critical deployments.

Get Started Free Security Details

99.9%

Uptime SLA

4 roles

RBAC granularity

TLS 1.3

Encryption in transit

GDPR

Compliant

Dynamic Agent Orchestration via MCP

Your validation logic becomes auto-discoverable agent tools

Connect any MCP-compatible agent and Rynko instantly exposes every Flow gate as a functional tool — no code changes, no redeploys. Business rules update live.

Auto-Discovery

Connect Claude Desktop, Cursor, or Windsurf via SSE and Rynko exposes every gate as a distinct MCP tool at session start. Gate description = tool description — the LLM picks the right gate from context automatically. Zero hardcoded tool IDs: in testing, an LLM discovered gates, submitted validation data, and self-corrected on rejection — all without a single line of integration code.

Live Registry

Update business rules or schemas in the Rynko UI and they broadcast to your agents at the next session. Logic lives outside your application code — iterate without touching a deployment pipeline.

Multi-Agent Governance

Orchestrators like LangGraph and CrewAI query the Rynko registry to discover and enforce specific gates — "Legal Review" or "Compliance Check" — across an entire swarm of agents. Deterministic guardrails at fleet scale.

MCP Setup Guide Multi-Agent Integration

Multi-Layer Validation Stack

Move beyond basic schema checks

Four validation layers that catch different classes of failure — from structural integrity to business logic to human judgment to agent tampering.

Schema Enforcement

Import existing Pydantic or Zod schemas in seconds. Every AI output is checked for structural integrity before anything downstream runs.

Logic Gates

Define business rules using plain-text expressions (e.g. amount <= 10000) that exist outside your application code — updateable without deploys.

Human-in-the-Loop

Automatically route high-stakes decisions to a human approval inbox via magic links or email. Reviewers need no Rynko account.

Downstream Verification

Your receiving system verifies the validation_id before accepting data — catches agent bypass and payload tampering with one API call.

Layer 4 — Downstream Verification

HMAC tamper-proof · Catches agent bypass · One API call

Layer 3 — Human-in-the-Loop

Magic link approvals · No account needed · Conditional routing

Layer 2 — Logic Gates

Expression rules · No-deploy updates · Approval conditions

Layer 1 — Schema Enforcement

Pydantic · Zod · JSON Schema · Structural integrity

Layers 1–3 run at the gate. Layer 4 runs at your destination.

Projects

The top-level boundary

A Project is the root container for your team, billing, and settings. Everything — gates, templates, API keys, members — lives inside a project. You can be a member of multiple projects (e.g. your own company and a client you consult for).

Billing is per-project. Each project has its own Flow subscription tier and Render Pack add-ons, so teams stay fully isolated from each other.

Complete data isolation between projects
Switch between projects in one click
Per-project billing and usage tracking
Personal project created automatically on signup

Your projects

Acme Corp

Growth plan · 4 members

Active

TechStart Inc

Starter plan · 2 members

My Personal Project

Free plan · 1 member

Environments in Acme Corp

Production

12 gates · 3 API keys

Live

Staging

8 gates · 2 API keys

Testing

Development

5 gates · 1 API keys

Local

Environments

Dev, staging, production — properly isolated

Each project can have multiple Environments (also called Workspaces). Gates, templates, API keys, and runs all belong to a specific environment — so a config change in staging never touches production.

Environments share the project's billing plan but maintain separate gate configurations and run histories. Promote a gate from staging to production with a single action.

Isolated gates, runs, and API keys per environment
Promote gates across environments
Separate run quotas tracked per environment
Templates and assets scoped to environment

Role-Based Access Control

Four roles. Right access for everyone.

Invite teammates and assign roles that match what they actually need. Reviewers get magic-link access to approval inboxes with no account required.

Owner

Full control: billing, members, settings, all resources. One per project.

Admin

Manage members, API keys, gates, templates. Cannot transfer ownership or delete the project.

Member

Create and edit gates and templates, submit runs, view analytics. Cannot manage billing or members.

Viewer

Read-only access to gates, templates, and run history. Cannot modify anything.

Gate Approvers are not team members — they receive magic links via email and review runs directly without a Rynko account.

Permission matrix

Action	Viewer	Member	Admin	Owner
View gates & templates	✓	✓	✓	✓
Submit runs (API)	—	✓	✓	✓
Create/edit gates	—	✓	✓	✓
Publish gate versions	—	✓	✓	✓
View run history	✓	✓	✓	✓
View analytics	✓	✓	✓	✓
Create/edit templates	—	✓	✓	✓
Manage API keys	—	—	✓	✓
Manage members	—	—	✓	✓
Billing & plan	—	—	—	✓
Delete project	—	—	—	✓

Activity log

Gate published

invoice-gate v3 by john@acme.com

2 min ago

Run approved

flw_01jt4… approved by reviewer@legal.com

14 min ago

Document generated

invoice-2024-0042.pdf via API key prod_…

31 min ago

API key created

Production key by admin@acme.com

2 hr ago

Member invited

designer@acme.com as Member

5 hr ago

Gate paused

contract-gate paused by admin@acme.com

Yesterday

Operational Visibility & Audit Trails

Turn black-box agents into auditable processes.

Every action across the platform — gate changes, run approvals, API key creation, document generation, member invites — is recorded with a timestamp, actor, and context. Know exactly who did what, and when.

Immutable audit log — gate publishes, approvals, key changes, member actions
Visual trace timeline — every run with sub-millisecond latency and pass/fail breakdown
Analytics & insights — pipeline health, pass rates, and performance trends across your fleet
Run submission, approval, and rejection decisions
Exportable for compliance and incident review

API Keys

Scoped, named, revocable.

Create as many API keys as you need. Each key is scoped to an environment and can be named (e.g. "CI pipeline", "Production webhook") so you always know which system is using which key. Revoke any key instantly — no downtime elsewhere.

Per-environment key isolation
Named keys for traceability in logs
Instant revocation without affecting other keys
Usage tracked in audit log per key

# Authenticate with any Rynko endpoint

Authorization: Bearer rk_prod_...

Webhooks

Events pushed to your systems.

Subscribe to events and receive real-time HTTP notifications to any endpoint. Every delivery is signed with HMAC-SHA256 so you can verify authenticity. Failed deliveries are retried automatically.

Flow: run completed, run rejected, approval decided
Render: document generated, document failed
HMAC signatures on every request
Automatic retry with exponential backoff
Delivery history and manual retry in dashboard

Document Logs

Every document. Full history.

Every Render generation is recorded — template used, API key, duration, format, and status. Download any generated file directly from the log. Filter by template, status, or date range.

Status: completed, processing, failed
Download link per job (time-limited signed URL)
Filter by template, format, date, API key
Retention based on your plan tier
Batch generation tracked as a single job group

Document Logs

invoice-2024-0047.pdf

Invoice Template

completed

426ms

report-q4-2024.xlsx

Quarterly Report

completed

891ms

contract-draft.pdf

Contract Template

processing

—

invoice-2024-0046.pdf

Invoice Template

completed

381ms

certificate-001.pdf

Certificate

failed

—

Built on modern infrastructure

We use the best tools so you inherit their security and reliability.

Railway

Private networking, auto-scaling

Cloudflare R2

Edge storage with auto-expiration

PostgreSQL

Row-level security, encrypted at rest

Redis + BullMQ

Async processing with retry logic

Security by default

Every layer designed with security in mind.

TLS 1.3 Everywhere

All API calls encrypted in transit with modern TLS.

Signed Download URLs

Time-limited URLs with cryptographic signatures for document downloads.

Data Isolation

Row-level security ensures environment and project boundaries are strictly enforced.

Auto-Expiration

Artefacts and documents auto-delete after plan-configured retention periods.

GDPR Compliant

Data processing agreement and sub-processor list available on request.

Webhook Signatures

HMAC-SHA256 signatures on all outbound webhook deliveries.

Full security overview

Rynko Flow

Gate your AI agents

Schema validation, expression-based business rules, and human-in-the-loop approvals — all scoped to an environment.

See Flow use cases

Rynko Render

Generate documents from data

Visual template designer. Native PDF and Excel engine. Sub-second generation. One API call.

Explore the engine

Start building on Rynko

Free plan includes 500 Flow runs, 3 gates, full platform features. No credit card required.

Get Started Free View Pricing