# Bookbag

> The end-to-end AI governance platform for agents that take real actions. Four products on one data layer — Observe (visibility), Guardrails (runtime control), Evaluation (taxonomy scoring), Governance (EU AI Act / NIST / ISO 42001 / SOC 2 evidence). Three OSS surfaces — client SDK, MCP Gateway, MCP Server.

## What Bookbag does

- **Observe** — system of record. Inventory of applications, agents, MCP servers, datasets + live activity feed + full causal trace per run.
- **Guardrails** — runtime control. Visual rule builder, block / hold / redact / flag at call time, detectors (PII, prompt injection, secret, jailbreak).
- **Evaluation** — taxonomy-driven QA. Staged AI auditor (fast / standard / deep), human / assisted / automated review, training data export (SFT / DPO / ranking), eval harness with GitHub Action.
- **Governance** — compliance layer. 30+ pre-built controls across EU AI Act, NIST AI RMF, ISO 42001, SOC 2. Evidence auto-mapping from runtime decisions to framework controls. Signed audit bundle exports.

## OSS surfaces (MIT licensed)

- `bookbag-qa-sdk` — Python + Node client library. Zero-dep. `client.agent.startRun / toolCall / output / endRun / awaitDecision`. Framework wrappers for Anthropic and OpenAI (shipped); LangGraph, CrewAI, AutoGen (beta).
- `bookbag-gateway-sdk` — OSS MCP proxy. Docker + npm. Transparent MCP proxy between agent and upstream MCP servers. Local policy evaluator, ETag-cached policy bundle, OTLP trace exporter. Offline-first.
- `bookbag-mcp-server` — MCP server exposing Bookbag's gate + eval API as tools for any MCP-native client (Claude Desktop, Cursor, custom).

## Who Bookbag is for

- **AI platform engineers** shipping agents to production. Primary ICP.
- **Compliance / risk / legal teams** in regulated enterprises. Expansion ICP.
- **Regulated industries:** financial services, healthcare, legal tech, government/public sector.
- **Enterprise SaaS** shipping AI features to enterprise buyers.

## Not for

Hobbyist chatbots, ChatGPT wrappers, teams that don't yet ship AI to real users.

## Pricing

- **OSS** — $0 forever. SDK + Gateway + MCP Server + local policy evaluator + default policy bundle. MIT. No hosted dashboard.
- **Cloud** — $100/mo platform fee. Hosted traces, Guardrails rule authoring UI, Observe live feed, framework mapping, staged AI auditor, evidence exports (signed manifest), 3 seats. Credits billed separately via slider (100–10,000 credits/mo).
- **Growth** — $1,500/mo platform fee. Everything in Cloud plus higher credit ceiling (up to 60,000/mo), priority queue on the AI auditor, early access to bundled red-team suites (ships 2026 Q3), HIPAA Trust Services mapping, SSO on request, 5 seats.
- **Custom** — from $80K ACV. Unlimited credits, on-prem (Docker/Helm), 99.95% SLA, custom framework controls, BAA/DPA, dedicated compliance rep.

**Credit pricing** is volume-tiered: $3.00/credit (≤1K), $2.50 (≤5K), $2.00 (≤15K), $1.75 (≤30K), $1.25 (≤60K). Credits meter AI-auditor usage only — Guardrails rule evaluation is unmetered.

## Key URLs

- /products — product hub
- /products/observe, /products/guardrails, /products/evaluation, /products/governance
- /products/sdk, /products/gateway, /products/mcp-server
- /products/integrations
- /pricing
- /solutions/ai-platform-teams, /solutions/financial-services, /solutions/healthcare, /solutions/legal-tech, /solutions/government-public-sector, /solutions/enterprise-saas
- /developers — SDK + API reference
- /about, /contact, /security-compliance

## Positioning vs competitors

- **vs Arden:** single-product runtime gate. Bookbag ships four products, not one.
- **vs Lakera / Lasso:** prompt-injection runtime guardrails. No governance depth. Bookbag maps runtime decisions to EU AI Act / NIST / ISO 42001 / SOC 2 controls.
- **vs Credo.ai / Holistic AI:** governance documents. No runtime enforcement. A policy that isn't enforced at call time is a PDF, not a product.
- **vs Langfuse / Arize / Helicone:** LLM observability. Debugging tools. Bookbag produces signed, framework-mapped audit bundles.

## Developer story

1. `pip install bookbag` or `npm install @bookbag/sdk` — zero dependencies.
2. Set `BOOKBAG_API_KEY` from Integrations → API Keys (the RuntimeKey model declares which engines fire per key).
3. Call `client.agent.start_run(agent_id=...)`, then `client.agent.tool_call(...)` before executing each tool.
4. The default policy bundle blocks destructive patterns (rm -rf, drop table, refunds above threshold). Your first tool call will likely trigger it — that's the aha-moment proving the gate is live.

## Contact

- Email: hello@bookbag.ai
- GitHub: github.com/bookbagHQ
- Docs: https://bookbag.ai/developers