Open beta · v5.7.42

AI writes your code.
Do you know
what it shipped?

Ovyero is the governance and audit layer for AI working with your codebase. Every AI-generated commit gets reviewed before it lands. Pass, warn, block, or override: every decision is logged in a permanent audit trail. You ship faster with AI, and you can still answer for what it did. Free forever for one developer.

Beta requires a terminal. Works with VS Code, Cursor, JetBrains, Windsurf (integrated terminals), or PowerShell / Terminal.app (OS terminals). Not yet supported on no-terminal AI apps like Claude Desktop or ChatGPT Desktop.
Pre-commit governance
main · verdict in <1s
git commit -m "ai: add stripe checkout flow"
src/billing/checkout.js contract · supply
src/auth/session.js auth · crypto
src/api/charge.js auth · crypto
Weak signing key jwt.sign() uses a short hardcoded string. Move secret to env var and use 256-bit minimum. See rule AUTH-007.
src/crypto/keys.js crypto
src/config/env.js supply · secrets
4 pass · 1 warn · 0 blocked
9 domains active
Live · last 60 seconds Haylo is reading what just shipped
3 a.m. · the real scenario

Your AI just rewrote half the auth file.

Watch Haylo review it. Every line. Policy, secrets, drift, all checked. Every verdict signed and logged.

How governance works

Four steps. Every commit.

A pre-commit hook sends the file to the critic layer. Critics run in parallel and return a verdict. The verdict is signed and appended to a hash-chained audit log. No LLM calls. No external data.

01 / HOOK

Pre-commit intercept

A git hook runs before your commit is created. It sends the changed file content to the critic server. Takes under 10ms to dispatch.

02 / CRITICS

Parallel critic scan

14 domain critics run in parallel: crypto, secrets, OWASP, supply-chain, auth, compliance, privacy, LLM safety, and more. Pattern-based, deterministic.

03 / VERDICT

PASS, WARN, or GATE

The server returns a verdict with the rule ID, a plain-English fix, and the domain that flagged it. GATE blocks the commit. WARN logs it and lets through. PASS is silent.

04 / AUDIT

Signed audit chain

Every verdict is signed with a key bound to your account and appended to a hash-chained log. Tamper-evident. Exportable. Verifiable offline with ovyero verify.

PASS

Looks good. Commit through.

All applicable rules satisfied. Silent, in the background. No friction added to the loop.

WARN

Soft signal, commit allowed.

Best-practice gap. Logged, surfaced in the dashboard, not blocking.

GATE

Hard stop, with a fix.

Commit blocked. Plain-English explanation + the rule ID for context.

What it catches

The mistakes AI makes that pass code review.

AI assistants don't know your security policies or compliance posture. Ovyero looks for the fingerprints those mistakes leave in the code. Same file in, same verdict out, every time.

Secrets & cryptography

Catches hardcoded API keys, MD5/SHA1 usage, hardcoded IVs, and Math.random() used for tokens. AI pulls these patterns from training data full of textbook insecure examples.

GATE · CRY-002: MD5 used in signToken(). Replace with SHA-256.

Injection & OWASP

SQL concatenation into queries, eval(userInput), command injection via shell exec. These show up constantly in AI-generated code and are easy to miss in a busy PR.

GATE · OWS-001: String concatenated into SQL query. Use a parameterized query.

Supply chain

Unpinned dependency versions, missing lockfiles, packages flagged for known CVEs. AI recommends packages by popularity and training data recency, not by current vulnerability status.

WARN · SUP-004: lodash unpinned. Pin to an exact version in package.json.

Identity & auth

Hardcoded JWT secrets, weak signing algorithms, OAuth scope misconfigurations, missing httpOnly on session cookies. Auth bugs are cheap at commit time and expensive after deployment.

GATE · AUTH-007: jwt.sign() uses a hardcoded string. Move to a 256-bit env var.

Plus data & privacy, LLM governance, infra & config, observability, and compliance risk patterns. See FAQ for how critics work.

What makes Ovyero different

No AI reviewing AI. Just rules.

Every governance decision is deterministic. Same file in, same verdict out. You can audit why a commit was blocked without trusting a model's judgment.

Pattern-based, not probabilistic

Critics are code, not models. md5( in a crypto file is always a flag. No hallucinations, no false negatives from a bad prompt day. The rule either matches or it doesn't.

Sub-second. No API roundtrip.

The critic server runs your patterns locally. No call to a third-party LLM on every commit. Verdicts come back in under 500ms. Your git workflow doesn't notice.

Verifiable audit chain

Every verdict is hash-chained. Run ovyero verify and get a pass/fail on the chain's integrity. No black box. No vendor trust required. The log is yours.

Works with any AI tool

Ovyero governance is triggered by git, not by your AI assistant. Copilot, Cursor, Claude Code, or none of them: whatever wrote the code, the same critic layer runs before it lands.

Pricing

Free for individuals. Pay when it's a team.

Ovyero is free forever for one developer. Pay for Pro only if you want to back the project. Teams pay per seat.

v5.7.42 · open beta
Self-serve signup · ~10 min install · runs in the background
Free for individuals

Everything in the product, free forever for one developer. After the 30-day trial you stay on Free, no credit card.

View projected future pricing For reference only · not active yet
Projected future pricing. These are the tiers we expect to launch once beta closes. Numbers are directional and may shift before public launch. Beta members keep the founding rate.
Free
$0 / forever

The whole product, for one developer. No credit card, ever.

  • 1 developer seat
  • Unlimited files governed
  • All active risk domains
  • Governance dashboard
  • Git hook integration
Free forever, one developer
Pro
$15 / month

Same product as Free. Pay only if you want to back the project.

  • 1 developer seat
  • Unlimited files governed
  • All active risk domains
  • Personal audit log
  • Email support
Beta members lock in founding rate
Enterprise
$499 / month

Regulated orgs and larger teams. Compliance-ready audit trail.

  • Unlimited seats & files
  • SSO / SAML
  • On-prem or VPC deployment
  • Custom rule authoring (Ovyero-authored)
  • Dedicated support
Talk to us during beta
Common questions

The honest answers.

Does it slow down my commits?

Verdicts come back in about a second. Most engineers don't notice it ran. They only notice when something needs fixing.

Does Ovyero use AI to evaluate code?

Mostly deterministic. That means pattern matching, AST analysis, and schema validation. A few rules use an LLM as a judge (clearly labeled as such). The deterministic rules give the same verdict for the same input, every time.

What about my proprietary code?

Source transits our server only during critic evaluation. It is not retained on disk, in databases, in backups, or in our audit log. Only verdict metadata (rule ID, file path, severity) is persisted.

Can I write my own rules?

Not yet. The rule set is curated and maintained by us. Custom rule authoring is on the roadmap (see projected pricing). For now, you tune which domains run via your project type.

Which languages are supported?

Language-agnostic where rules are pattern- or AST-based, so it works on any text-based source. Some domains are language-specific, most apply broadly.

What if a rule is wrong?

For genuine emergencies there's a bypass flag, and every use of it is recorded in the audit log. No silent skips.

Your team is shipping AI code today.
Is anyone reading it?

Get started, free
Get started, free

Where this is going

Ovyero today catches the structural mistakes that have a known fingerprint. Ovyero tomorrow governs every layer of autonomous AI computation: generation, execution, memory, deployment. The critic mesh and audit chain you're using now are the foundation of that system.

Betacoverage and behavior may change · advisory only