v0.1.2 Beta · Apache 2.0 · Python 3.10+

The governance layer LLMs were missing.

IronFrame sits between any LLM and your domain application — enforcing tool risk, logging every decision, and producing compliance-ready audit trails. Works with Claude, GPT-4o, Gemini, Llama, and any model your organization uses.

Get started → Enterprise & Compliance

pip pip install ironframe

141/141

Tests passing

Components

Compliance adapters

0ms

Hook latency target

The problem

Prompts don’t produce audit trails.

Most “AI reliability” products try to fix hallucination with more AI. IronFrame takes a different approach: deterministic enforcement outside the LLM context window. A model cannot rationalize around hooks it never sees.

Capability	Prompt Engineering	RAG / Chain-of-Thought	IronFrame
Enforces tool boundaries at hook level	✗	✗	✓
Tamper-resistant audit trail	✗	✗	✓
Persists state across sessions	✗	Partial	✓
Compliance-ready out of the box	✗	✗	✓
Model-agnostic (any LLM)	✓	✓	✓
MRM / supervisory audit export	✗	✗	✓

Architecture

Above the model. Below your application.

IronFrame is a governance stratum. The enforcement logic executes outside the LLM context window. The model never sees the rules it can’t break.

Claude/ GPT-4o/ Gemini/ Llama↓ Tool Risk (C21)→ Capability Fence (C24)→ MRM Log (C22)→ Audit Export (C23)→ ✓ Governed Output

18 components · 4 pillars

Everything LLM infrastructure needs.

Enforcement

Hook Engine — deterministic pre/post hooks outside LLM context Open-core library
Tool Risk Tier System (C21) — LOW / MED / HIGH classification Commercial runtime
Capability Fence (C24) — exploit, recon, credential patterns blocked Commercial runtime
State Machine · Agent Trust · I/O Schema Open-core library

Observability

Immutable Audit Log — write-before-release, SHA-256 integrity Open-core library
MRM Metadata (C22) — SR 11-7 & EU AI Act Art. 12 aligned Commercial runtime
Supervisory Audit Export (C23) — tamper-resistant, CLI exportable Commercial runtime
Conformance & Drift Engine · Context Budget Open-core library

Model Access

Model Abstraction Layer — fast / smart / cheap / verification routing Open-core library
Budget Manager — per-request, per-session, per-day spend caps Open-core library
Error Recovery Open-core library

Verification

Self-Audit Engine — confidence scoring on every output Open-core library
Logic Skills · Eval & Regression Open-core library
KB Grounding Open-core library

Ask IronFrame AI

Have a question? Ask the AI.

Ask about architecture, compliance mapping, or whether IronFrame solves your deployment challenge. Unbuilt capabilities go directly to the roadmap.

🤖

IronFrame Assistant

🤖

Hi — ask me anything about IronFrame: architecture, compliance mapping, LLM support, or whether IronFrame can solve your specific challenge. If something isn’t built yet, I’ll flag it as a roadmap item.

For Developers

Production-grade LLM governance in minutes.

Open-source core, Apache 2.0. Install, wire up your API key, and every LLM call is audited, budget-capped, and enforcement-gated from line one.

Install from PyPI View source →

Quickstart

Up in 3 lines.

Python

# Install
pip install ironframe

from ironframe import IronFrameConfig
from ironframe.mal.client_v1_0 import IronFrameClient

config = IronFrameConfig.from_env()
client = IronFrameClient(config)

response = client.complete(
    prompt="Summarize key contract risks.",
    capability="smart",  # fast|smart|cheap|verify
)

print(response.content)
print(f"Confidence: {response.confidence}")
print(f"Cost: ${response.cost:.4f}")
# Every call: audited, budget-capped, confidence-scored.

Extras

pip install "ironframe[openai]"   # GPT-4o / Perplexity
pip install "ironframe[z3]"      # Symbolic verification
pip install "ironframe[all]"     # Everything

What you get free (Apache 2.0)

✓

Session Methodology Registry (C19)

Methodology injection on every session startup — no more context drift.

✓

Dependency Registry + Scanner (C20)

Tracks project dependencies, scans for drift automatically.

✓

Tool Risk Tier System (C21)

LOW / MED / HIGH enforcement — PreToolUse hooks, audit events on every HIGH execution.

✓

Immutable Audit Log

Write-before-release. SHA-256 per event. If logging fails, the operation does not complete.

✓

Budget Manager

Per-request, per-session, per-day spend caps. Mandatory — not optional.

✓

Model Abstraction Layer

Capability routing across Claude, GPT-4o, Gemini, Llama — swap models without code changes.

Licensing

Open core. Commercial power.

Apache 2.0 — Free forever

C19 Session Methodology Registry
C20 Dependency Registry + Scanner
C21 Tool Risk Tier System (core)
Hook Engine · Self-Audit Engine
Model Abstraction Layer · Budget Manager
Base compliance classes (build your own adapters)

Commercial license

C22 MRM Metadata + Decision Log
C23 Supervisory Audit Export (SHA-256, CLI)
C24 Offensive Capability Fence
HIPAA, FINRA, SOC2, SEC, GDPR adapters
C25 Bank Reference Architecture
Multi-user management · Hosted tier (coming)

EU AI Act full application: August 2, 2026

LLM governance for regulated industries.

IronFrame’s commercial tier is built for financial services, healthcare, and government — organizations that cannot deploy AI without a verifiable audit trail, risk management log, and explainable output chain.

Request a demo Ask our AI →

Industries

Built for regulated environments.

IronFrame is purpose-built for organizations where an unaudited AI decision has legal, financial, or patient-safety consequences.

Financial Services

Trading, Risk & Compliance

Model risk management documentation, supervisory audit exports, and capability fencing for trading desk AI. Built to BCBS 350, SR 11-7, and FINRA requirements.

FINRASR 11-7BCBS 350

Banking, Credit Unions & Fintech

Model Risk, Supervision & Audit

Model risk management documentation, supervisory audit exports, and capability fencing for community banks, credit unions, regional banks, and fintech compliance teams. Built to BCBS 350, SR 11-7, FINRA Rule 3110, and NCUA examination requirements.

FINRASR 11-7BCBS 350NCUA

Healthcare

Clinical & Administrative AI

HIPAA-native audit schema, PHI access logging, and session methodology enforcement for clinical decision support and administrative automation.

HIPAASOC2

Government & Defense

Policy & Operations AI

FedRAMP-aligned architecture, immutable audit trails for AI-assisted decisions, and tool risk enforcement for sensitive government workflows.

FedRAMPNIST AI RMF

Enterprise Technology

AI Platform Teams

Multi-model governance, compliance reporting, and deployment guardrails for AI platform teams building on Claude, GPT-4o, Gemini, or open-weight models.

SOC2GDPREU AI Act

Regulatory mapping

Which component satisfies which requirement.

The components below are part of IronFrame’s runtime/commercial surface. The open-core library at github.com/briancarter456546/ironframe provides the SDK foundation — model abstraction, hook engine, audit log primitives, conformance — while runtime/commercial deployments add MRM logging (C22), supervisory export (C23), capability fencing (C24), and per-tier tool risk enforcement (C21).

Regulation	Requirement	IronFrame Component	Notes
EU AI Act Art. 9	Risk management system	C21 Tool Risk C24 Capability Fence	Tool tier classification + offensive capability blocking
EU AI Act Art. 12	Logging & traceability	C22 MRM Log C23 Audit Export	6-month retention, SHA-256 integrity, supervisory export
EU AI Act Art. 14	Human oversight	C21 HIGH gate C22 MRM Log	TOOL_APPROVAL_REQUIRED blocks until human approves
EU AI Act Art. 15	Cybersecurity & robustness	C24 Capability Fence	Exploit/recon/credential patterns blocked by allowlist
SR 11-7 / BCBS 350	Model risk management	C22 MRM Metadata C23 Audit Export	MRMSession + MRMDecision; JSON/YAML supervisory export
FINRA Rule 3110	Supervision & records	C23 Supervisory Export	--supervisory flag strips internal metadata for regulators
HIPAA	PHI audit trail	Compliance Adapter Audit Log	HIPAA fields captured natively in audit schema
FedRAMP Moderate	Continuous monitoring	C23 Audit Export C24 Fence	LLM-agnostic — works on approved models, not Anthropic-locked

Custom engagements

Full runtime governance surface.

pip install ironframe ships the open-core library — C1–C18 + SAE, the SDK foundation. A custom IronFrame engagement deploys the full runtime governance surface below: 32 built components plus the hook layer that fires outside the LLM context window plus the audit transport hardened on dedicated infrastructure. Components are listed honestly: Live in our own production ops today, Wiring for components that are tested but whose runtime invocation is still being completed, Roadmap for components included for transparency.

✓ Live in our ops today

Wired into PC + Minerva right now. Claim-safe in audit trail.

C19 Session Methodology InjectionUserPromptSubmit hook, 13 governance rules per session
C20 Dependency Registry + Scanner
C21 Tool Risk Tier Registry35 tools classified, LOW / MED / HIGH, PreToolUse enforcement
C22 MRM Metadata + Decision LogAuto-starts on every session; SR 11-7 / EU AI Act Art. 12 aligned
C23 Supervisory Audit ExportThree-branch resolver, no silent fallback, FileNotFoundError on missing source
C24 Offensive Capability FenceOffensive-code, recon, credential patterns blocked in NORMAL_DEV
C25 Bank Reference ArchitectureEU AI Act / SR 11-7 / BCBS 350 doc mapping
C26 Topology VisibilityManifest + verifier + cron
C26.1b Governance Layers 4–6Admin gate + freeze flag (the armed emergency-stop)
C26.2 Asset Registry
C27 Append-Only Audit CollectorHMAC-signed O_APPEND, hardened systemd unit, deployed since 2026-04-18
C30 Preflight Speed-Check HookAST + runtime-history Red/Yellow/Green scoring on Python invocations
C31 Worker-Count Guard Hookpsutil PreToolUse cap on concurrent worker processes
C32 DACI Domain-Aware Context InjectionDomain-keyed context loaded once per session at moment of entry
SAE Self-Audit Engine Phase 1 CLI5 subcommands: judge / confidence / verify / tier / evaluate-session
Designer Contract v1 + Lane disciplinePre-design 7-question checklist + lane-discipline-guard hook (informs delivery quality)

⏳ Built & tested, wiring in progress

Honest state — we’ll tell you which apply to your deployment.

C11 Security / Injection DefenseLibrary-only today; runtime hook wiring in queue
C13 Eval & Regression Harness141 tests run on-demand; CI cron pending
C17 Agent Trust + KillSwitchKillSwitch class exists; not armed today — the armed emergency-stop is C26.1b freeze flag
C18 Spec Conformance + DriftCLI exists; cron pending
HIPAA / FINRA / SOC2 / SEC / GDPR adapter loadersTested; runtime loading is the post-FINRA-first wiring work
SAE Phase 2 samplerPostToolUse hook + in-MAL sampler — task #875

◯ Roadmap (for transparency)

Specced — not yet built. Listed so prospects can see the trajectory.

C28 User Attribution + Human Approval GateNamed-human attribution layer for SR 11-7. The gate primitive itself works today via C21 HIGH tier.
C29 Dashboard + Multi-User TokensSelf-serve commercial tier
C36 MCP Governance ServerExternal-distribution wedge: deployable MCP server that wraps any MCP deployment with IronFrame governance
C37 Hook Telemetry Feedback LoopSelf-improvement loop: aggregates audit events, flags hooks with high false-positive rates
C38 Design Doc EnforcementSpec only, warn-only mode today; gates new high-impact changes on a 7-section design doc

Day one deployment checklist

The boxes your legal team will ask about.

✓

Tool boundary enforcement

Every tool call classified LOW/MED/HIGH. HIGH tools require explicit approval or log TOOL_HIGH_RISK_EXECUTED.

✓

Tamper-resistant audit log

Write-before-release. SHA-256 hash per event. verify_integrity() CLI command.

✓

MRM session documentation

SR 11-7 and EU AI Act Art. 12 aligned. JSON/YAML export for supervisory review.

✓

Human oversight gates

TOOL_APPROVAL_REQUIRED events block execution and wait for human approval.

✓

Offensive capability fencing

Exploit, scan, credential, and recon patterns blocked by default. Allowlist only.

✓

Model-agnostic governance

Works with your approved model — Claude, GPT-4o, Gemini, or open-weight. Not Anthropic-locked.