Founder & Sole Developer
Govyn
2025 - Present
Open-source AI agent governance proxy and commercial SaaS platform (Govyn Cloud). Agents receive scoped proxy tokens only. Policy bypass is architecturally impossible, not conventionally discouraged.
Visit website →
What is Govyn?
Every agent governance tool on the market is a library you import. an in-process wrapper that disappears the moment any code makes a direct HTTP call. Govyn is different. It’s an API proxy that holds your real API keys. Your agents get a proxy URL and nothing else. There is no alternative path to the API, no key in the environment to discover, no wrapper to skip.
Policies are YAML files versioned in git, not prompt instructions that get compressed away. Budget enforcement, loop detection, smart model routing, and full session logging happen at the infrastructure layer. before the request ever reaches the provider.
Key Technical Contributions
Semantic Caching Engine. Vector embeddings (cosine similarity on structured JSON arguments) with deterministic SHA-256 hashing and cross-provider response format transformation. Achieves 53–73% cost reduction in production workloads while maintaining a 0% false-positive rate by caching only stateless tool invocations.
Policy-as-Code Engine. Budget limits, rate limiting, content filtering, human-in-the-loop approval queues, smart model routing, and MCP tool-level access control. Policies are evaluated in priority order with an observe-mode for safe rollout and chronological replay simulation for impact projection before enforcement.
Streaming-Aware Telemetry. Extracts token counts and cost metrics inline from SSE streams (OpenAI and Anthropic formats) without buffering, with BPE-based integrity validation against streamed counts.
Multi-Tenant Security. Per-org AES-256-GCM BYOK encryption, HMAC-SHA256 prefix-indexed key lookup, zero-downtime key rotation, SSRF protection (IPv4/IPv6), ReDoS-safe regex evaluation, and timing-safe authentication.
MCP Governance Gateway. HTTP-based tool discovery, JSON-RPC forwarding, and default-deny policy enforcement. enabling organizations to control which agents can invoke which external tools at per-tool granularity.
Govyn Cloud
The commercial layer adds a multi-tenant dashboard, billing, managed hosting, and enterprise features. Built as a full control plane with React dashboard, Clerk-based team auth, Stripe usage-metered billing, and managed proxy provisioning.
Stack
TypeScript (strict), Node.js, React, PostgreSQL (Neon), Prisma, Cloudflare Workers/KV/Vectorize/R2/Workers AI, Stripe, multi-provider LLM integration (OpenAI, Anthropic, Google, Mistral, Cohere).