Skip to content

🎯 The Agentic Positioning Layer for SLM-first AI

Position every agent on the right task,
with the right context and tools.

MCP exposes tools. A2A connects agents. Context Relay Protocol™ positions every agent. One base_url change turns small local models into capable, governed agents: CRP selects operations, loads only the 1–3 tools each call needs, carries state forward, and emits HMAC-signed proof that safety, grounding, and policy controls ran. The evidence the EU AI Act, AIUC-1, ISO 42001, and NIST AI RMF all demand, generated from live runtime data.

13-stageSafety on every call
<50msOverhead
HMACSigned audit chain
EU AI Act + AIUC-1Control evidence

Controls are easy to claim. CRP proves they operate.

Every major AI assurance framework - EU AI Act, AIUC-1, ISO/IEC 42001, NIST AI RMF, SOC 2-for-AI - demands the same three things underneath its own vocabulary:

  1. Controls exist - you have safety, security, and governance mechanisms.
  2. Controls operate - they run on every AI call, continuously, not on paper.
  3. You can prove it - verifiable evidence the controls ran, not assertions.

Most organisations manage #1 and sometimes #2. The universal failure is #3. CRP closes that gap: every governed AI call emits signed, tamper-evident evidence that your security and safety controls ran - the proof all of these standards require.

Different standards. One agentic positioning engine.
See exactly which CRP capabilities produce evidence for which standard.

Outcomes & ROI

📝 Finish long tasks

11.8× more content completed without rewriting prompts.

Automatic continuation turns truncated 8-section outputs into 25-section deliverables that actually conclude.

⚖️ Cut compliance time

Evidence packs generated in seconds, not months.

EU AI Act, ISO 42001, GDPR, and NIST AI RMF reports are built from runtime audit data, not consultant interviews.

🛡️ Reduce hallucination risk

13 DPE signals on every call in <50 ms.

Fabrications, contradictions, grounding failures, and prompt injections are caught before they reach users.

🚀 Deploy faster

One line of code to governed AI.

Change base_url or call crp.SDKClient(); no new infrastructure, no provider lock-in.


Trusted by teams building with AI

AI-native startups Regulated enterprises Consulting firms Security teams

Customer case studies and logos are coming soon. Share your story.


Try it in 5 lines

5 lines to governed AI
import crp

client = crp.SDKClient()
client.ingest("./docs/")
answer = client.ask("Write a complete deployment guide", depth="thorough")

print(answer.text)
print(answer.quality)                  # S | A | B | C | D
print(answer.sources)                  # cited facts from your documents
print(answer.crp.risk)                 # LOW | MEDIUM | HIGH | CRITICAL

That is the full pipeline: ingestion → CDR/CDGR retrieval → envelope packing → safety scan → LLM dispatch → continuation → extraction → provenance → source attribution. No hidden heuristics. Every score is coupled to an enforceable action.


What CRP solves

Context dies at 8 sections

Your model stops mid-task. Previous context is lost. There is no continuation.
CRP automatically continues across windows until the task is done, then stitches outputs into one coherent result.

No safety guardrails

Every AI call returns raw output. No risk score. No provenance. No audit trail.
CRP runs a 13-stage safety check on every call in under 50ms and records every event to a tamper-evident chain.

Compliance is manual

EU AI Act, ISO 42001, GDPR. You hire consultants for months.
CRP generates evidence packs automatically from runtime data - risk assessments, DPIAs, technical docs, transparency declarations.

Integration is expensive

Building context management, safety, and compliance from scratch takes quarters.
CRP is one line: base_url="https://your-gateway.example/v1" or crp.SDKClient().


Explore by topic

🛡️ AI Safety

Hallucination detection, prompt injection shield, PII scanning, and safety budgets on every call.

AI Safety

⚖️ AI Governance

Declarative policies, identity headers, human-in-the-loop checkpoints, and tamper-evident audit.

AI Governance

📋 AI Compliance

Automated EU AI Act, ISO 42001, NIST AI RMF, and GDPR evidence from runtime data.

AI Compliance

🧠 Context Management

Unbounded context, automatic continuation, graph-structured CKF, and retrieval for LLMs.

Context Management

🏅 Control Evidence

See which CRP capabilities produce signed, tamper-evident evidence for EU AI Act, AIUC-1, ISO 42001, and NIST AI RMF.

Control-evidence mapping

🚀 CRPv5 Roadmap

What's next: agentic positioning, SLM-first execution, closing certification gaps, and new SDK languages.

View Roadmap

Compare CRP with RAG, MCP & agents


Capabilities

CRP manages the full context lifecycle - ingestion, extraction, retrieval, packing, dispatch, continuation, safety, provenance, and compliance - in a single protocol layer.

Unbounded context

Automatic continuation, CSO relay, and re-grounding let tasks exceed any model's output limit without losing coherence.

Explore capabilities

6-stage extraction

Regex → NLP → NER → relations → discourse → LLM-assisted relational. Structured knowledge, not flat chunks.

Extraction protocol

13-stage DPE safety

Fabrication, distortion, contradiction, grounding, and hallucination-risk scoring in under 50 ms on every call.

DPE pipeline

Knowledge fabric

Graph-structured CKF with CDR/CDGR retrieval, multi-horizon context, and ephemeral scratch buffers.

CKF protocol

Two-sided provenance

Trace every claim back to its source and every input fact to its upstream origin, signed and tamper-evident.

Provenance

Compliance evidence

EU AI Act, ISO 42001, GDPR, NIST AI RMF evidence packs generated from runtime audit data.

Compliance

One-line integration

Drop-in Gateway base_url or native crp.SDKClient() with progressive SDK levels.

SDK guide

Agent-safe

Chain budgets, risk accumulators, circuit breakers, and clean MCP/A2A layering.

Multi-agent safety

Positioned tool loop (v5)

Turns a small local model into a capable agent by positioning, not injection: one operation at a time, only the 1–3 tools it needs, with a bounded per-operation window and typed state carried forward.

Explore capabilities

Read the full capabilities breakdown


The business case

11.8×More output
<50msSafety overhead
€35MPotential EU AI Act fine avoided
1 lineIntegration

Cost of unmanaged AI

  • Context truncation wastes expensive LLM tokens on repeated prompts.
  • Hallucinations damage customer trust and create liability.
  • Compliance reviews delay launches by weeks or months.
  • Security incidents require forensic log archaeology.

Value of CRP governance

  • Finish tasks in fewer total tokens despite using multiple windows.
  • Detect fabrications, injections, and PII before they reach users.
  • Ship with EU AI Act / ISO 42001 evidence already generated.
  • Reconstruct any answer from tamper-evident audit data in seconds.

Three products. One agentic positioning engine.

🌐 CRP Gateway

The runtime. Routes every AI call through governance + context management.

Managed-cloud waitlist · Self-host & white-label

Explore Gateway

📋 CRP Comply

The compliance layer. Generates audit-ready deliverables from Gateway evidence.

Managed-cloud waitlist · Self-host & white-label

Explore Comply

🔍 CRP Scan

The scanner. Finds ungoverned AI calls in your codebase and opens remediation PRs.

GitHub Action available · Managed cloud on the roadmap

Explore Scan

What's actually shipped

CRP is not a roadmap deck. The open-source SDK, CLI, and Scan action are live, documented, and shipping today:

🐍 Python SDK

4 progressive levels from one-line governance to full infrastructure control.

  • Drop-in base_url proxy
  • crp.SDKClient() with .complete(), .ask(), .ingest()
  • Depth negotiation: quick · standard · thorough · exhaustive
  • @client.tool automatic tool invocation + CKF extraction
  • Safety profiles: balanced · strict · permissive · research
  • client.audit.* and client.compliance.* evidence helpers
SDK Guide

🖥️ CRP CLI

Command-line governance tools for scanning, validation, and benchmarking.

  • python -m crp scan -- find ungoverned AI calls
  • python -m crp serve -- HTTP sidecar
  • python -m crp status -- session status
  • python -m crp preview -- envelope preview
CLI Guide

⚙️ GitHub Action

Auto-scan every PR for ungoverned AI calls with SARIF output.

  • Marketplace-published composite action
  • SARIF upload to Security tab
  • Auto-remediation PRs *(planned)*
  • VS Code extension *(planned)*
Scan Product

🌐 Gateway

OpenAI-compatible proxy with DPE, safety policy, and audit trails.

  • Managed-cloud waitlist; self-host and white-label available
  • 58 CRP headers on every call
  • HMAC-chained audit events
  • Redis-backed session store
Gateway Product

📋 CRP Comply

Compliance platform with real-time dashboard and evidence packs.

  • EU AI Act Art. 6 risk classifier
  • Auto-generated DPIA + tech docs
  • Tamper-evident audit console
  • GitHub App for repo scanning
Comply Product

📚 50 Specs

Open specifications defining every protocol layer.

  • Core protocol, headers, envelope
  • Continuation, DPE, safety policy
  • Session tokens, dispatch, CKF
  • Conformance, security, zero-CKF
  • CDR/CDGR, CSO, STL, storage engine
  • Gateway, Comply, Scan products
Browse Specs

Who CRP is for

Developers

Ship governed AI in one line. Get context quality, safety scoring, and audit trails without building infrastructure.

Enterprises

EU AI Act, ISO 42001, GDPR compliance - auto-generated from real runtime evidence. SSO, data residency, private cloud.

CISOs & Compliance Officers

Real-time risk scoring, tamper-evident audit chains, and regulator-ready evidence packs. Not consultant PDFs.

AI Researchers

Compare strategies (CRP vs RAG vs Injection vs Hierarchical) with built-in benchmarking. Reproduce everything.

Startups

Free tier (100 calls/mo). Starter at $49/mo ($490/yr). Scale when you need SSO and data residency. No seat-based pricing.

Regulated Industries

Healthcare (HIPAA), finance (SOX), public sector. Air-gapped deployment, 7-year retention, signed DPA.

Read the full "Who is it for" breakdown


Before & After

❌ Without CRP

Task: "Write a 30-section K8s guide"
→ Output: 592 words, 8/30 sections
→ Truncated mid-sentence
→ No continuation
→ No quality score
→ Context lost between calls
→ No compliance evidence

✅ With CRP

Task: "Write a 30-section K8s guide"
→ Output: 6,993 words, 25/30 sections
→ Automatic multi-window continuation
→ Quality tier: A
→ Full provenance DAG
→ Knowledge persists in CKF
→ EU AI Act evidence generated

Same model. Same hardware. Same task. CRP produces 11.8x more content at identical throughput. The difference: CRP finishes the task - and proves it was safe.


Trusted by standards bodies

IETF submitted IANA submitted IEEE SA submitted ISO/IEC JTC 1/SC 42

Aligned with OWASP Top 10 (2025), ISO/IEC 42001:2023, EU AI Act (2024/1689), ISO/IEC 27001:2022, and NIST AI RMF.

Ready to govern your AI?
Start free. No credit card. 60-second setup.

Get started

Choose your path. Every option includes the open SDK, HMAC audit chain, safety profiles, and control-evidence output for EU AI Act, AIUC-1, ISO 42001, and NIST AI RMF.