Quickstart
- Wire the SDK in 5 minutes
- Self-host with docker-compose
- Local-first dev loop
Concepts
- Agent fingerprint
- Living Cert score model
- Findings + repro tests
- Mutual Defense Network
SDK & API
- @vouch/sdk (TypeScript)
- vouch-sdk (Python)
- Public REST API
- tRPC dashboard surface
- OTel-compatible ingestion
Redteam
- Promptfoo plugin catalog
- Strategy mixers
- Vouch-AI offensive agent
- Cost caps + budgets
Firewall
- Scanner inventory
- Custom regex bans
- ML classifier retraining
- Tool-policy decision points
vouchctl CLI
- vouchctl verify
- vouchctl jwks
- vouchctl cert
- Authenticated subcommands (next)
Operations
- RBAC scopes
- Audit logs (hash-chained)
- Data retention
- BYOK + VPC isolation
Skill library
- indirect_prompt_injection
- rag_poisoning
- memory_poisoning
- mcp_exploitation
- tool_call_hijack
- cross_tenant_escape
- approval_bypass
- confused_deputy
Browse the source.
The whole monorepo is Apache-2.0 on GitHub.