Approvals · Replay · Audit evidence

The system of record for what your agents do.

Hound gates consequential agent actions behind policy and human approval, then writes every request, decision, and outcome to an append-only, hash-chained log. Built for AI vendors proving trust, and the enterprises verifying it.

Book a 15-min call See how it works
Self-hosted· Renders in Claude, ChatGPT, VS Code· MCP 2026-07-28
hnd_req_9f2c41 · one action, traced end to end appending…
Approval request · rendered in Claude
Wire transfer of $18,400.00 to Meridian Supply Co.
Agenttreasury-ops-agent Policytreasury.v3 → route_to_human Reasonamount > $10,000 limit
Approve
Deny
Segregation enforced: requester and approver cannot be the same identity.
Evidence log · append-only · SHA-256 chained
01 · Operate

Approve. Replay. Investigate.

The log you keep for compliance is the log you run on every day. Not a gate bolted onto your agent — the record it operates through.

1

Approve

Your agent calls request_approval before anything consequential. Policy auto-approves within limits; everything else routes to a human as an interactive card inside Claude, ChatGPT, or VS Code. No approval dashboard to check, no context switch.
2

Replay

Every request, decision, and outcome lands in the log with the frozen policy and the exact context the decision saw. Rebuild any past decision step by step, on demand.
3

Investigate

When an agent does something it shouldn't have, the timeline already exists. What was proposed, which rule let it through, who approved, what executed — answered in minutes, not a week of log archaeology.
agent.ts
const decision = await hound.requestApproval({
  action:  "payments.wire_transfer",
  params:  { amount_cents: 1840000 },
  policy:  "treasury.v3"
});
// blocks until policy or a human decides

decision
// { status:   "approved",
//   approver: "j.chen@acme.com",
//   evidence: "hnd_evt_c0518a4e" }
02 · Two sides of the table

One log. Both sides can trust it.

For AI vendors

Ship agents with evidence attached.

Answer the vendor-risk questionnaire with an export instead of an essay. The Agent Trust Report turns your log into the answers their review is asking for.

For enterprise security

Verify without trusting anyone.

The standalone verifier checks the hash chain from an export alone. No account with the vendor, no account with us, no taking anyone's word for it.

03 · The security review

When the review asks what your agent did, show them.

Every enterprise security review asks the same eight questions. If you sell agents into banks, health systems, or anyone with a vendor-risk team, you've seen them. Hound answers each one with evidence, not paragraphs.

01

Authorization proof

Who authorized this action, and can you prove it was that specific human?
The specific human who approves is captured the instant they click and written into a tamper-evident record; with OIDC (shipping now) that identity is a verified claim from your own Okta or SSO, never something the agent can assert.
02

Human oversight

Was a person genuinely in control? Could they have said no and stopped it?
Nothing consequential runs until a real person reviews the actual action against the policy in force and approves or rejects. Default-deny, so silence never becomes a yes.
03

What, and which rule

What exactly was proposed, and which policy allowed or blocked it?
Every request shows exactly what the agent proposed and the precise policy that gated it, frozen at decision time, so the record reflects the rule actually in force then, not whatever it says today.
04

Segregation of duties

Can the requester and the approver be the same identity?
Requester and approver are recorded as separate identities on every action, so you can prove the approver wasn't the agent that asked, with verified-identity enforcement shipping alongside OIDC.
05

Log integrity

Can these records be altered, truncated, or deleted after the fact?
The evidence log is append-only and hash-chained: edit or delete any record and every link after it breaks, provable by a standalone verifier that shares no code with Hound, so you never take our word for it.
06

Replay

Can you rebuild any single past decision, step by step, on demand?
Every decision stores the full context it was made on: the action, the policy, the identity, the outcome, so any approval can be rebuilt step by step months later, even after the underlying data changed.
07

Outcome

Did the approved action actually execute, and what happened?
The record doesn't stop at “approved.” It captures whether the action actually executed and what happened, so “authorized” is never mistaken for “done.”
08

Data handling

What's stored, where does it live, and how long is it kept?
Hound is self-hosted: approvals and evidence live in your infrastructure, never ours. Your data never leaves your environment and retention is yours to set.
The honest line

Tamper-evident, never "tamper-proof." Edits and deletions are detectable by anyone holding an export. Identity hardening (OIDC) and external anchoring are on the public roadmap. Vendors who claim more than their architecture supports are the ones your reviewer distrusts — so we don't.

04 · Design partners

We're building the evidence layer with five agent-vendor teams. Around their real security reviews, not our guesses.

If a vendor-risk questionnaire is sitting between you and a signed enterprise deal, bring it. It becomes the roadmap.

Your reviews drive the build

The questions stalling your deals set the priorities. Weekly cycles against what your reviewer actually asked.

Founder-direct

You work with the person writing the code. No support queue, no account manager between you and a fix.

Partner terms

First 30 days free, then $500/mo, month-to-month. Self-hosted in your infra, so your data never leaves.
Book a 15-min call Fifteen minutes to see if your reviews fit what we're building.