Documentation

Build and run sovereign agent workloads with clarity

This is the in-product knowledge base for architects, security engineers, and application owners. It is written to answer diligence questions, not to hide product gaps behind marketing. Public SDKs and OpenAPI may ship alongside; this page is the source of how the system is intended to behave.

Product overview

SoverAI is a control plane and regional runtime for agentic AI. You think in organizations, regions, environments, and agents. We do not conflate a global "workspace" with a legal home for your data. Every primary resource is parented under a region, and policies inherit consistently from that node.

Typical flows: (1) select regions that match your regulatory footprint; (2) connect identity and data plane touchpoints; (3) author agents from templates and attach tool allowlists; (4) promote through staging with pre-production checks; (5) run with observability, spend controls, and audit export enabled by design.

Console is the day-two operations surface: fleet health, agents, and compliance rollups.
APIs are versioned, typed where possible, and idempotent for provisioning and configuration changes.
Exports are structured to drop into GRC, SIEM, and board packs with minimal reformatting.

Core concepts

Organization (tenant)

Top-level billing, identity federation, and global policy defaults. All regional resources are owned by an organization to preserve clean separation in MSP and group structures.

Region

A jurisdiction-scoped control and data plane: routing tables, key boundaries, and operational metrics tagged for local supervisors.

Environment

Non-prod and prod isolation within a region, with stricter access roles and change controls in production as expected by regulated SDLC.

Agent

A configured orchestration of models, retrievers, and tools, with an explicit allowlist, logging profile, and optional human-in-the-loop gates.

Evidence stream

Durable, tamper-evident (where configured) records of decisions, model versions, and principal identities suitable for second-line testing.

Compliance pack

A curated bundle of controls, checks, and evidence templates for a target framework, mapped to the region in which you operate.

APIs & auth

SoverAI exposes a typed RPC interface for the console and automation (HTTP under /api routes). Externally integrators can expect: machine-readable error shapes, idempotency keys for long-running changes, and explicit "region must match caller scope" rules on the server so misconfiguration is rejected early, not at inference time.

Authentication is OIDC and SAML first class; service principals are supported for headless operations with the same scoping and audit.
Authorization is RBAC and ABAC layered: you can allow an operator to manage agents in the EU, but not touch production keys in India, without ad hoc workarounds.
Webhooks (roadmap) for high-signal product events, delivered with signed envelopes for verification in your own automation.

Operations

SoverAI is operated as an enterprise service: SLOs by tier, maintenance windows, health dashboards, and published incident practices. We treat your data plane and regional failures as a joint circuit between our platform on-call and your command center, not a black box status page.

—Status and incident comms: enterprise comms with named contacts and regulator-ready summaries when required.

—Runbooks: dry-run and tabletop alignment with your IR team in onboarding, especially for high-criticality systems.

—Decommission: explicit data and key retirement paths per region, with verification artifacts for exit.

What ships next (public roadmap)

The items below are representative of a funded enterprise roadmap — the exact order depends on customer co-development and regulatory priorities in your first regions.

Federated model catalog with regional attestations and per-model DPA addenda.
Deeper private connectivity patterns (MPLS, private link, and regulated telco peering) per geography.
GRC and SIEM out-of-the-box mappers (Splunk, QRadar, ServiceNow GRC) with schema-stable exports.
Expanded policy-as-code and Git-backed environments for change management in highly regulated orgs.

Start with a residency review

We will map your data classes, model catalog, and regulator expectations to a deployable control-plane design — with exportable artifacts for legal and security stakeholders.

Email enterprise

Or email enterprise@soverai.ai for a working session with product and field engineering

Product overview

Console is the day-two operations surface: fleet health, agents, and compliance rollups.

APIs are versioned, typed where possible, and idempotent for provisioning and configuration changes.

Exports are structured to drop into GRC, SIEM, and board packs with minimal reformatting.

Core concepts

Organization (tenant)

Top-level billing, identity federation, and global policy defaults. All regional resources are owned by an organization to preserve clean separation in MSP and group structures.

Region

A jurisdiction-scoped control and data plane: routing tables, key boundaries, and operational metrics tagged for local supervisors.

Environment

Non-prod and prod isolation within a region, with stricter access roles and change controls in production as expected by regulated SDLC.

Agent

A configured orchestration of models, retrievers, and tools, with an explicit allowlist, logging profile, and optional human-in-the-loop gates.

Evidence stream

Durable, tamper-evident (where configured) records of decisions, model versions, and principal identities suitable for second-line testing.

Compliance pack

A curated bundle of controls, checks, and evidence templates for a target framework, mapped to the region in which you operate.

APIs & auth

Authentication is OIDC and SAML first class; service principals are supported for headless operations with the same scoping and audit.

Authorization is RBAC and ABAC layered: you can allow an operator to manage agents in the EU, but not touch production keys in India, without ad hoc workarounds.

Webhooks (roadmap) for high-signal product events, delivered with signed envelopes for verification in your own automation.

Operations

—Status and incident comms: enterprise comms with named contacts and regulator-ready summaries when required.

—Runbooks: dry-run and tabletop alignment with your IR team in onboarding, especially for high-criticality systems.

—Decommission: explicit data and key retirement paths per region, with verification artifacts for exit.

What ships next (public roadmap)

The items below are representative of a funded enterprise roadmap — the exact order depends on customer co-development and regulatory priorities in your first regions.

Federated model catalog with regional attestations and per-model DPA addenda.

Deeper private connectivity patterns (MPLS, private link, and regulated telco peering) per geography.

GRC and SIEM out-of-the-box mappers (Splunk, QRadar, ServiceNow GRC) with schema-stable exports.

Expanded policy-as-code and Git-backed environments for change management in highly regulated orgs.