Formael
Boundary Infrastructure for AI Agents

Every action
your AI agents take -
governed before
it executes.

Formael is the execution boundary between your AI agents and every external system they act upon. A four-axis policy engine evaluates every intent before it leaves. Credentials never reach agent code. Every outcome is immutably traced - including why.

Request Early Access See how it works
Zero credential exposure to agents
Immutable execution ledger
Human-in-the-loop approvals
Intent Execution Cycle
iec_—

AI Agent

contracting.send.envelope

intent
FormaelPolicy Engine
Identitycontext & scope
Semanticintent meaning
Fiscalvalue & budget
Riskreversibility
Awaiting evaluation
execute
DocuSign

Connector

DocuSigndocument-signing

Awaiting intent...
01

Intent

Agent expresses intent - no credentials, no provider names, no API schema

02

Policy

4-axis evaluation: Identity · Semantic · Fiscal · Risk

03

Execute

Universal adapters route to any external system or API

Built on boundary infrastructure

3-phaseIEC execution model
4-axisPolicy evaluation
34+Native connectors
100%IEC audit coverage

The problem

AI agents are reasoning at scale.
Your boundaries are't ready.

The bottleneck to scaling AI agents isn't reasoning capability. It's the absence of a formal boundary between what your agent decides and what it does in the real world.

ArchitectureAgents Are Wired Directly to the World

Every AI agent in production today has a direct path to the external systems it acts upon. There is no formal interception point - no layer where the agent's probabilistic output is authenticated, validated, and transformed into a governed API call. The agent and the external world are one circuit.

  • Credentials embedded in agent code or context - one prompt injection from exfiltration
  • Agents must understand provider-specific APIs, schemas, and error codes that pollute their reasoning
  • Switching providers means rewriting agent logic, not updating a configuration
  • No stable intent abstraction exists - governance has no consistent surface to attach to
GovernanceNothing Stands Between Intent and Execution

An agent's probabilistic reasoning flows directly into deterministic, side-effecting API calls with nothing in between. No policy engine evaluates whether the action is authorized. No approval workflow gates irreversible operations. No immutable record links what the agent did to the reasoning that produced it.

  • No runtime policy evaluation - every agent action is unrestricted and unaudited by default
  • No human-in-the-loop path for irreversible, high-value, or sensitive operations
  • No tamper-proof audit trail linking each action to the exact policy that approved it
  • No fiscal enforcement - agent spend has no ceiling, no circuit breaker, no visibility

Both failures trace to one structural gap: no formal execution boundary exists between an AI agent's reasoning and the external systems it acts upon. Formael closes that gap.

How it works

Intent in.
Authorized action out.

The Intent Execution Cycle is the atomic unit of the platform. Every agent action is one IEC - one intent evaluated, one outcome recorded, one immutable truth.

01

Intent Submission

The agent speaks intent. Never implementation.

The agent submits a structured IntentEnvelope - a three-part semantic tuple, typed parameters, and its own reasoning context. No credentials. No provider name. No API schema. The envelope has no field for secrets by design.

Agent code never changes when you switch providers.

Intent Envelope

contracting·send·for-signature

counterpartyJohn Doe · Acme Corp
templatemutual-nda-v2
typemutual

Finalize partnership agreement before Thursday's call

No credentials  ·  no provider endpoints  ·  no provider schema
02

Four-Axis Policy Evaluation

Governance happens here. Every time.

Before any action reaches an external system, the policy engine intercepts and evaluates it across four independent axes. Every axis must pass. The verdict is the conjunction - no axis compensates for another's failure. No exceptions. No fast paths.

Irreversible or high-value actions pause for human approval.

Identity

Is this agent authorized for this capability in this context?

Semantic

What does this intent mean - and is that permitted?

Fiscal

Can the org and this agent afford the consequences?

Risk

If this goes wrong, how bad is it?

03

Authorized Execution

Approved. Executed. Permanently recorded.

Once approved, Formael resolves the organization's provider binding, injects credentials from the secure vault - exclusively, for this execution only - and executes against the external system. The result is normalized and written to the immutable ledger alongside the full dual trace.

Trace ID, policy verdict, connector identity, and full audit record - on every IEC.

Supported adapters

DocuSignJiraSlackSalesforceGitHubCustom

34+ connectors across 10 domains. Declarative YAML specs for ~90% of integrations.

Platform capabilities

Governance infrastructure
built for the agentic era.

Not middleware. Not a proxy. A complete execution boundary - with policy enforcement, connectivity, fiscal control, and dual-trace observability in one platform.

Four-Axis Policy Engine

Every intent evaluated across Identity, Semantic, Fiscal, and Risk axes before any action reaches an external system. All four must pass. There is no bypass path.

Dual-Trace Audit Ledger

Every IEC carries two linked traces: the agent's reasoning (why it acted) and the platform's execution record (what exactly happened). Append-only. Tamper-proof. Recoverable forever.

Provider-Agnostic Connectors

Agents express intent against semantic capability contracts - never provider APIs. Swap DocuSign for PandaDoc, Jira for Linear, without changing a single line of agent code.

Human-in-the-Loop Approvals

High-risk actions pause for human review without blocking the agent. The agent receives a deferred receipt and continues reasoning while a domain approver resolves the request.

Dual-Ledger Fiscal Control

Two independent ledgers - platform spend in USD and action value in any currency - checked synchronously on every IEC. Define limits per org, per agent, or per domain.

MCP-Native Protocol

Agents that speak MCP need zero Formael-specific code. Connect via the MCP server and every installed capability appears as a scoped tool - with risk metadata embedded in the description.

Observability

Not just what happened.
Exactly why it was allowed.

Every IEC carries a dual trace - the agent's reasoning and the platform's execution record, linked by a single ID. Two questions answered together that no other tool can answer at all.

IEC Trace·iec_01jx9kmt
SUCCEEDED
58ms total
INTAKE
0 – 8ms
0msIntent received
2msAuthentication
5msSchema resolved
8msIdempotency check
GOVERNANCE
10 – 19ms
10msIdentity axis
13msSemantic axis
16msFiscal axis
19msRisk axis
policy verdictAPPROVED
EXECUTION
20 – 58ms
20msAdapter resolved
21msCredential injected
58msExecution complete
3 phases · 4 axes · 1 vault call
APPROVEDSUCCEEDED

Policy axis summary · last 30 days

Identity Axis
99.8%

pass rate

Semantic Axis
97.2%

pass rate

Fiscal Axis
94.1%

pass rate

Risk Axis
12

HITL triggered

“When an agent acts, two questions matter: why did it want to do this, and what exactly did the platform do about it? Formael answers both - permanently, for every single execution.”

Formael · Dual-Trace Design Principle

Connectivity

Connect your agents
to everything that matters.

34+ connectors across 10 business domains - out of the box. Your agents target semantic capabilities. Provider routing, credential injection, and error normalization are Formael's job.

Contracting & Signatures
DocuSignPandaDocHelloSign

Agents draft, route, and dispatch contracts and NDAs - with policy-gated approval before any signature envelope leaves your organization. Irreversible actions default to HITL.

Example agent intent

"Draft a mutual NDA for Acme Corp and send for signature"

IT & Project Management
JiraLinearAsanaGitHub

Agents create tickets, escalate incidents, and assign work - with semantic policies that restrict which priorities and projects agents may act upon, and risk policies that gate P1 escalations.

Example agent intent

"Create a P1 incident ticket and page the on-call engineer"

CRM & Revenue Operations
SalesforceHubSpotPipedrive

Agents update deal stages, create contacts, and log activities - with identity policies ensuring each agent operates strictly within its authorized scope of records.

Example agent intent

"Update the Acme deal to Closed Won and log the final call notes"

Messaging & Communications
SlackMicrosoft TeamsEmail

Agents send messages, create channels, and notify stakeholders - with risk policies that catch mass-blast patterns and destination policies that block unauthorized external channels.

Example agent intent

"Notify the #security channel about the anomalous login pattern detected"

Need a connector that isn't listed? Build a custom adapter in declarative YAML →

Built for every team

One boundary.
Value for everyone it protects.

For Developers

Stop managing APIs. Start shipping agents.

Eliminate the integration grind. Your agent expresses what it wants to accomplish - Formael handles provider selection, credential injection, retry logic, and error normalization.

  • One protocol for every external system - 34+ connectors at launch
  • Credentials live in the vault, never in agent code or context
  • Idempotent execution with semantic fingerprinting and dedup
  • MCP-native - existing agents connect without Formael-specific code
For Security & Compliance

One choke point. Zero bypasses. Complete audit.

Every outbound agent action routes through a single, un-bypassable policy engine. No agent, no workflow, and no API path circumvents it. Every verdict is permanently linked to the exact policy that produced it.

  • Structural guarantee: no execution path bypasses governance
  • Full reasoning trace on every IEC - the agent's why, the platform's what
  • Versioned policy snapshots - any verdict is forever reproducible
  • Domain-scoped approval groups route HITL requests to the right team
For Engineering Leaders

Scale your agent fleet without scaling your risk.

Move from one-off agent experiments to a governed, observable fleet. Formael gives you the operational control to deploy more agents, into more systems, with full confidence.

  • Per-agent scope, budget limits, and lifecycle management
  • Federated identity - agents onboard via your existing IdP in minutes
  • Policy templates activate governance baselines in under 5 minutes
  • Data flywheel: every IEC sharpens anomaly detection and policy calibration

Early Access

Build the AI agents
you actually want to ship.

Join the Formael early access program. Get the boundary infrastructure your agent fleet needs - governed execution, immutable audit, and 34+ connectors - before you need to build it yourself.

Request Early Access Read the docs →
Guided onboarding included
Custom policy configuration
Dedicated integration support