Documentation

Everything you need to integrate Invere into your AI agent workflow. Install the SDK, configure your safety constraints, and start verifying actions in minutes.

Getting started

1

Get your API key

Sign up at invere.io to get your API key. Free tier includes 250 evaluations per month plus a 2,000 evaluation sign-up bonus.

# Set your API key as an environment variable
export INVERE_API_KEY=sk_live_your_key_here
2

Install the SDK

Choose your language. Both SDKs have identical functionality.

# Python
pip install invere
# TypeScript / Node.js
npm install @invere/sdk
3

Initialize and verify

Wrap your agent with one function call. Every action is now verified automatically.

from invere import guard

# Every action is verified through 9 gates
result = guard("rm -rf /")

if result.blocked:
    print(f"Blocked at Gate {result.gate}")
    print(f"Reason: {result.reason}")
    print(f"Latency: {result.latency_ms}ms")
import { guard } from "@invere/sdk";

// Every action is verified through 9 gates
const result = await guard("rm -rf /");

if (result.blocked) {
  console.log(`Blocked at Gate ${result.gate}`);
  console.log(`Reason: ${result.reason}`);
  console.log(`Latency: ${result.latencyMs}ms`);
}

The 9 gates

Every action passes through all 9 gates sequentially. Each gate is a pure function — same input, same output, every time. The system automatically routes commands to the appropriate gates based on the command type.

Phase I — Ingress & Normalization

G1 · Metadata isolation 0.001ms

Reads tool name from JSON payload. Fast DENY for unsupported or blacklisted tool signatures.

G2 · Environment stripping 0.001ms

Strips inline runtime overrides (NODE_ENV=, AWS_PROFILE=) to expose the true command logic.

G3 · Deobfuscation ~0.8ms

Normalizes escaped strings, resolves c'a't into cat, decodes hex/URL/unicode escapes, flags base64 decode attempts.

Phase II — Lexical & Structural Analysis

G4 · Word boundary 0.001ms

is_word_match() prevents substring false positives. Allows "staging" without matching "tag".

G5 · AST parser ~0.3ms

POSIX-compliant tokenization. Evaluates command invariants regardless of flag shuffle or parameter positioning.

G6 · Dot concatenation 0.001ms

Catches s.h.e.l.l._.e.x.e.c patterns common in PHP, Perl, and Ruby obfuscation tricks.

Phase III — Contextual Behavioral Enforcement

G7 · Network guard ~0.5ms

Monitors curl, wget, scp targets dynamically. Hard blocks when tracing toward /etc/shadow, ~/.ssh/id_rsa, or other high-value targets.

G8 · Chain isolation 0.001ms

Resets threat counters between discrete agent evaluation steps. Stops false runaway cascading triggers.

G9 · Physics engine ~1.2ms

Exact vector scan across category-sharded indices. Computes KL/JS divergence for behavioral orbit drift. 100% mathematically deterministic.

Total pipeline latency: expected <2ms. Most actions resolve at Gates 1–3. Gate 9 (Physics Engine) runs only when needed.

Configuration

Define your safety constraints in a config file. The system automatically cascades through all 9 gates — you set the boundaries, Invere enforces them.

# invere.yaml

safety:
  # Maximum tokens per action
  max_tokens: 10000

  # Allowed file paths (glob patterns)
  allowed_paths:
    - ./src/**
    - ./tests/**

  # Blocked file paths
  blocked_paths:
    - /etc/**
    - ~/.ssh/**
    - ~/.aws/**

  # Network constraints
  network:
    allowed_endpoints:
      - api.stripe.com
      - api.github.com
    block_all_other: true

  # Severity thresholds
  thresholds:
    warn: 0.4
    block: 0.7

Note: You don't configure which gates are active. The system automatically cascades through all 9 gates based on the command type. You only set the boundaries — allowed paths, network endpoints, token budgets, and severity thresholds.

API reference

POST /v1/verify

Send an action for verification. Returns a structured verdict.

curl -X POST https://api.invere.io/v1/verify \
  -H 'Authorization: Bearer sk_live_your_key' \
  -H 'Content-Type: application/json' \
  -d '{'
    "action": "rm -rf /tmp/cache",
    "tool": "execute_bash",
    "context": {
      "session_id": "abc123",
      "user_id": "user_456"
    }
  }'

Response (blocked):

{
  "status": "BLOCKED",
  "gate": 7,
  "gate_name": "network_guard",
  "latency_ms": 0.5,
  "reason": "Attempted access to blocked endpoint: /etc/shadow",
  "action": "curl /etc/shadow",
  "session_id": "abc123"
}

Response (allowed):

{
  "status": "ALLOWED",
  "gate": null,
  "latency_ms": 1.8,
  "action": "npm install express",
  "session_id": "abc123"
}

Pricing

Free $0/month

250 evaluations/month + 2,000 sign-up bonus. All 9 gates included. Community support.

Plus $29/month

2,500 evaluations/month. 1024-D precision model. Custom thresholds. Email support (<24h).

Pro $79/month

10,000 evaluations/month. 2560-D precision model. Priority support (<4h). CI/CD integration.

Team $149/seat/month

7,500 evaluations per seat. Dual-verification engine. Team management. Audit trail export.

FAQ

What languages does Invere support?

Python and TypeScript/Node.js. Both SDKs have identical functionality. The API is language-agnostic — you can also call it directly via HTTP.

Does Invere see my code?

In the standard path, yes — you send command text to our API for verification. In the privacy path (enterprise), you embed locally and send only vectors. We never store your commands.

What happens if Invere is down?

By default, Invere fails closed — if the service is unreachable, actions are blocked. You can configure a fallback mode to allow actions when the service is unavailable (not recommended for production).

How is this different from regex-based guardrails?

Regex misses obfuscated commands. Invere's 9-gate pipeline includes deobfuscation, AST parsing, and behavioral drift scoring via vector math. It catches what regex can't.

Can I use Invere with Cursor/Copilot/Claude Code?

Yes. The SDK wraps any agent that produces commands. One function call wraps your existing workflow — no migration needed.