Vienna OS is an enterprise governance platform for autonomous AI agents. It sits between agent intent and execution, providing policy enforcement, approval workflows, and audit trails.

How does risk tiering work?

Vienna OS classifies actions into T0 (auto-approved), T1 (single approval), and T2 (multi-party approval) based on risk assessment policies you define.

Is Vienna OS compliant with regulations?

Yes, Vienna OS supports SOC 2, HIPAA, SEC, and EU AI Act compliance with appropriate policy configuration and audit trail retention.

Documentation

Getting Started

Add governance to your AI agents in 5 minutes.

No server required for testing — use the sandbox API at regulator.ai/try

Install the SDK

Choose your language:

TypeScript/Node.js

npm install @vienna-os/sdk

Python

pip install vienna-sdk

Get your API key from the Vienna OS console or use the sandbox for testing.

Initialize the Client

TypeScript

import { ViennaClient } from '@vienna-os/sdk';

const vienna = new ViennaClient({
  apiKey: process.env.VIENNA_API_KEY,
  // Use sandbox for testing:
  // baseUrl: 'https://regulator.ai/api/try'
});

Python

from vienna_sdk import ViennaClient

vienna = ViennaClient(
    api_key=os.environ["VIENNA_API_KEY"],
    # Use sandbox for testing:
    # base_url="https://regulator.ai/api/try"
)

Submit Your First Intent

An intent declares what your agent wants to do. Vienna OS evaluates it against policies and risk tiers before allowing execution.

TypeScript

// Submit an intent for policy evaluation
const intent = await vienna.intents.submit({
  type: 'deploy',
  resource: 'api-service',
  environment: 'staging',
  version: '2.4.1',
  agent: 'deploy-bot'
});

console.log(intent.status);     // 'approved' | 'pending' | 'denied'
console.log(intent.riskTier);   // 'T0' | 'T1' | 'T2' | 'T3'
console.log(intent.warrant?.id); // warrant ID if approved

Python

# Submit an intent for policy evaluation
intent = vienna.intents.submit(
    type="deploy",
    resource="api-service",
    environment="staging",
    version="2.4.1",
    agent="deploy-bot"
)

print(intent.status)      # 'approved' | 'pending' | 'denied'
print(intent.risk_tier)   # 'T0' | 'T1' | 'T2' | 'T3'
print(intent.warrant.id)  # warrant ID if approved

Execute with the Warrant

If the intent is approved, you receive a cryptographic warrant. Use it to execute the action through Vienna OS's controlled execution path.

TypeScript

// Execute using the warrant
if (intent.status === 'approved') {
  const result = await vienna.execute(intent.warrant.id, {
    // Your actual execution logic
    action: () => deployService('api-service', '2.4.1')
  });

  console.log(result.verified);   // true — post-execution verification passed
  console.log(result.auditId);    // immutable audit trail entry ID
}

Python

# Execute using the warrant
if intent.status == "approved":
    result = vienna.execute(
        warrant_id=intent.warrant.id,
        action=lambda: deploy_service("api-service", "2.4.1")
    )

    print(result.verified)    # True — post-execution verification passed
    print(result.audit_id)    # immutable audit trail entry ID

What happens under the hood

1. Intent received — Gateway validates structure and agent identity

2. Policy evaluated — Rules engine checks against configured policies

3. Risk assessed — Classifier assigns T0-T3 tier based on action type and scope

4. Approval obtained — Auto (T0), policy (T1), human (T2), multi-party (T3)

5. Warrant issued — HMAC-SHA256 signed, time-limited, scope-constrained

6. Execution controlled — Action runs within warrant constraints

7. Verified — Post-execution state compared to truth snapshot

8. Audit logged — Immutable record with full warrant chain

Getting Started

Install the SDK

Initialize the Client

Submit Your First Intent

Execute with the Warrant

What happens under the hood

Next Steps

Interactive Demo

API Reference

Integration Guide