VIGILcompliance evidence layerSign in
Compliance evidence, before and after every agent action

The Compliance Evidence
Layer for AI Agents.

Pre-flight compliance checks your agents call before they act, each producing a signed, tamper-evident record of the decision, mapped to the regulations you answer to. One API call, any framework. EU AI Act Article 12 logging lands December 2, 2027. The date moved, the obligation did not. VIGIL covers it today.

Start free See it work
[ Annex III high-risk: December 2, 2027 ]

The date moved. The obligations didn't.

Article 12 still requires high-risk AI systems to allow automatic recording of events over their lifetime, with logging retained for at least six months (Articles 19 and 26). Article 26 still puts operating duties on deployers, including keeping those logs. On May 7, 2026 the EU agreed (Digital Omnibus) to delay the start dates, not the duties: stand-alone Annex III high-risk systems now apply December 2, 2027, and regulated-product systems August 2, 2028. Transparency and watermarking duties (Article 50) land earlier, on December 2, 2026. Penalties are unchanged at up to 15 million euro or 3 percent of global turnover.

VIGIL answers this today. The EU AI Act classifier sorts your use case into prohibited, high-risk, limited, or minimal. The HMAC-signed, non-repudiable delivery log is the automatic event record. The MCP server lets your agent check its obligations before it acts. The delay is not a reprieve. It exists because compliance takes real engineering work, and 18 months is exactly enough time to do it right or to waste. We map the evidence to the obligation, and we do not claim attestations we do not hold.

Fixed-fee readiness assessment available →

Updated June 12, 2026, the same week as the EU's omnibus agreement. Tracking regulatory change is the product.

[ capabilities ]

Six things VIGIL does today.

SIEM-grade event logging

Every agent action captured + normalized (CRITICAL / HIGH / MEDIUM / LOW / INFO), severity-scored CEF/LEEF-compatible, exported to Splunk, Datadog, QRadar.

Real-time event feed

Live activity timeline. Decisions, tool calls, errors, anomalies stream to your dashboard the moment they happen. Like a SOC console, built for AI agents.

Compliance auto-mapping

Events tagged to SOC 2, PCI DSS, ISO 27001, NIST CSF, GDPR Article 30. India DPDP-Sec-8 added in the compliance fabric. One-click audit exports.

Threat detection

Six categories built in: SQL destructive, shell dangerous, secret leak, prompt injection, exfiltration, suspicious network. Aadhaar with Verhoeff checksum validation.

Any agent, any framework

REST, SDK, ElizaOS plugin, MCP proxy. OpenAI, Anthropic, LangChain, custom. VIGIL ingests events regardless of how the agent runs.

Local + cloud, your choice

Cloud dashboard or VIGIL Desktop with a local SQLite store. Same UI, same threat detection, your data never leaves the machine if you don't want it to.

[ dive deeper ]

More to explore.

[ pitch ]

Why VIGIL?

Side-by-side vs Datadog (observability only) and Drata (compliance only). One tool, one database. AI agents now produce regulated data flows, and your existing stack doesn't cover that.

read the pitch →[ docs ]

Integration paths

REST · SDK · ElizaOS plugin · MCP. Wire VIGIL into your agent in under five minutes regardless of framework. OpenAPI 3.0 spec lives at /api/.well-known/openapi.

open the docs →[ status ]

Live operational status

Real-time component health: primary DB, regional residency, webhook signing, reference-token pepper, sub-processors. Machine-readable mirror at /api/status.

check status →
[ how it works ]

One API call. Any framework.

Send VIGIL the event from any framework. We threat-scan it, tag compliance, persist with severity. The right side of the panel below is exactly what you'd see as the operator on call: the captured event with threat classification, the severity it landed at, the compliance tag attached, and the alert routed to your channel. Time-to-instrument under 5 minutes.

POST /api/ingest
// REQUEST
// Any framework. One ingest endpoint. Audit-grade events.
await fetch('https://vigil.costrinity.xyz/api/ingest', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer vigil_your_key',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    agent_id: 'support-bot-prod',
    event_type: 'tool_call',
    status: 'success',
    message: 'Customer Aadhaar is 999999990019',
    jurisdiction_id: 'DPDP-IN',
  }),
});
// WHAT THE OPERATOR SEES

This is your view in the dashboard the moment the agent sends the request on the left. Click the simulator buttons to flip between a critical threat and a clean event.

event captured+0.4s
agent: support-bot-prod
status: accepted
severity: medium
threat: Aadhaar number (Verhoeff ✓)
field: message
compliance: indic_pii · DPDP-Sec-8
[ alert routed ]Slack · #ops-on-call
OpenAIAnthropicElizaOSLangChainMCPCustom
Open dashboard
[ activity graph ]

See what your agent
has actually been doing.

Every event lands in a force-directed graph that reads the same way Obsidian's graph view does. Nodes are action types or individual events; edges follow the causal chain through parent_id, trace_id, and run_id, with a temporal fallback when no explicit parent exists. Hover a cluster to see its time range, status mix, and sample payloads.

  • ·Status-aware coloring: success, error, warning, info.
  • ·Toggle baseline noise (heartbeat, ping, idle) per agent. Pref stored locally.
  • ·Click a node for sample payloads, time range, and status breakdown.
  • ·Custom Verlet integrator. No D3, no external graph lib, zero added bundle weight.
/dashboard/agt_x9k2 · graphlive
tool_callprompt_injectionopenai_chataadhaar_detectdb_query
nodes: 14edges: 11window: 24h● 3 critical
[ vs. the field ]

Operator-first. Not ML-engineer-first.

The category leaders chose the ML engineer corner. The on-call operator is unclaimed.

FeatureVIGILAgentOpsLangSmithLangFuseHelicone
SIEM-standard severity levels····
CEF / LEEF export (Splunk etc)····
Compliance auto-mapping····
Incident correlation engine····
Threat detection at ingest····
Real-time event feed···
Any agent, any framework····
Financial / crypto support····
Persistent audit trail
Local desktop mode····
Free tier
[ desktop ]

Local mode. Same dashboard. Your data, your machine.

VIGIL Desktop runs the same threat detection + event ingest against a local SQLite store. Nothing leaves the box unless you want it to. Free.

[ pricing ]

Simple. USD. No hidden seats.

FREE
$0/ forever

Solo builders testing the waters.

  • 1 agent
  • 10k events / month
  • 7-day history
  • REST + SDK + MCP
  • ElizaOS plugin
Start free, no card
POPULAR
PRO
$29/ per month

Serious agent deployments.

  • Unlimited agents
  • 1M events / month
  • 90-day history
  • Smart alerts
  • Email + webhook notifications
  • Priority support
Go Pro
ENTERPRISE
Custom

Mission-critical deployments.

  • Everything in Pro
  • Unlimited events
  • Custom retention
  • SLA guarantee
  • On-prem deploy
  • Dedicated support
Contact
[ stay in the loop ]

We ship changes weekly. Hear about them when they land.

VIGILcompliance evidence layer

The compliance evidence layer for AI agents. Pre-flight checks before they act, a signed, tamper-evident record of each decision after, mapped to the regulations you answer to. Built by COS TRINITY, an Indigenous-owned studio in Regina, Saskatchewan.

© 2026 COS TRINITY · all rights reserved
Regina · Saskatchewan · Canada

[ product ]

[ studio ]

[ legal ]