Vaara

If you're shipping AI agents in the EU or selling to public-sector buyers who care about auditability, this proxy wraps your MCP servers and gates every tool call against a configurable policy (allow, block, escalate). It writes a hash-chained, tamper-evident audit trail that an outside auditor can verify without trusting your infrastructure, and it can anchor the chain head to an RFC 3161 timestamp authority for provable time. The engine blends five scoring signals and adapts as real outcomes come back. It produces article-level EU AI Act compliance reports in JSON, PDF, or HTML, marking gaps honestly instead of rubber-stamping them. Runs locally, no telemetry. The benchmarks show 84.7% recall at 4.1% false positives with 140 microsecond overhead per call.