Sovara Gateway
Evidence and control for every AI agent tool call. In your environment, not ours.
Governance for AI agents - listed on Azure Marketplace as MCP Audit Gateway.
Sovara Gateway sits between your AI agents and the MCP servers they call. Every tool call is identity-verified against your IdP, evaluated against policy, redacted of regulated data, and recorded as a structured audit event. The gateway runs inside your environment - the prompts and responses never leave it for the check.
The control gap
MCP is moving quickly, but most enterprises still don't have a proper control plane for it.
Teams are starting to spin up MCP servers across the business, and each one brings its own authentication model, data exposure risk, and audit gap. Without a gateway in the middle, security teams are left with one safe answer: “no”.
That slows everything down. The AI use cases are there, but adoption stalls because the controls aren't.
Evidencing
When operational resilience reviewers, PRA examiners, or internal audit ask which agent touched which record, most MCP servers cannot answer. The structured audit row (identity, tool, masked arguments, decision, latency) has to live somewhere. Today it does not.
Leakage
PANs, NINs, JWTs, and customer references flow through tool arguments and responses unfiltered. Without redaction at the boundary, sensitive content lands in LLM context, log sinks, and prompt caches.
Drift
Once an agent has access to a tool, it calls whatever it likes, whenever it likes. No identity allow-lists, no rate limits, no time-of-day windows. The blast radius grows quietly.
What it does
Full audit trail
Every tool call is logged with agent identity, masked arguments, decision, latency, and upstream response status. Stream the events to Azure Log Analytics, an OTLP collector, or stdout. Masked-response capture is toggleable.
Policy enforcement
Per-identity allow-lists, per-tool deny-pattern regex, sliding-window rate limits, and time-windowed access. Policies hot-reload from a mounted config file. Decisions are evaluated before the request reaches the upstream MCP server.
Sensitive data redaction
Built-in detectors for PAN (Luhn-validated), email, UK NIN, US SSN, IPv4, IPv6, phone, and JWT. Add custom regex patterns via config. Detectors run on requests and (optionally) responses. PCI DSS, GDPR, and HIPAA-aligned out of the box.
Rate limiting
Per-identity sliding-window limits, configurable per tool. Useful both for runaway agents and for compromised credentials. Decisions are logged so you can see who was throttled and when.
Deployment
Azure Marketplace edition
Deploys as an Azure Managed Application into your own subscription. Audit events write to Log Analytics in your tenant. Billed through Azure, eligible for MACC spend commitments. One-click deployment from the Marketplace listing.
Right fit when your buying process runs through Azure and you want a single Marketplace invoice.
Self-hosted Docker edition
Same product, no Azure dependencies. Runs on AWS, GCP, on-prem, any Kubernetes cluster. Audit events go to your chosen OTLP collector or stdout. Annual licence direct from Weldon Web.
Right fit when your estate is multi-cloud, on-prem, or otherwise not Azure-first.
Compliance frame
The gateway produces evidence that supports the following regulatory frames. It does not certify your organisation; you use the evidence in your own compliance posture.
How it works
The gateway is a reverse proxy in front of one or more MCP servers. Every request flows through five stages, in this order:
- 1.Identity. The caller's JWT is validated against your IdP and the agent identity is extracted from configured claims.
- 2.Policy. Per-identity allow-lists, deny-patterns, rate limits, and time windows are evaluated. Non-matching requests are rejected before any upstream call is made.
- 3.Redaction. Built-in and custom detectors mask regulated values in the request payload. The same pass runs on the response if response capture is enabled.
- 4.Proxy. Approved requests are forwarded to the target MCP server via YARP, with full HTTP/2 and SSE streaming support.
- 5.Audit. A structured event (identity, tool, masked args, decision, latency, upstream status) is written to the configured sink: Log Analytics, OTLP, or stdout.
┌────────────────────────┐
│ Audit sink │
│ Log Analytics / OTLP │
│ / stdout │
└───────────▲────────────┘
│ structured events
│
┌──────────┐ ┌─┴───────────────────┐ ┌──────────────┐
│ AI agent │──▶│ Sovara Gateway │──▶│ MCP server │
│ Claude │ │ │ │ (your tool) │
│ ChatGPT │ │ identity │ └──────────────┘
│ custom │ │ policy engine │
└──────────┘ │ redaction │
│ YARP proxy │
└─────────────────────┘What the data looks like
Every tool call produces a structured audit event. Your team builds dashboards against those events in whatever observability stack you already run. The example below is Grafana, drawing on the gateway's emitted metrics: total invocations, deny rate, deny reasons by identity and pattern, p50 and p95 tool-call latency, top denied tools.

Example dashboard, synthetic test workload. The agent identities shown (finance-bot@contoso.com, intern@contoso.com, reporting@contoso.com, support@contoso.com) are illustrative, not real customers. The gateway emits structured events; you build the dashboard in your stack of choice, including Log Analytics, Datadog, Splunk, Grafana, Loki, or any OTLP-compatible backend.
Pricing
Sold direct, annual subscription, priced per entity rather than per call. Standard deployments start at £24,000 per year. Larger and multi-entity deployments are quoted on request. Early reference customers receive a meaningful year-one discount in exchange for case-study rights.
Request a quoteOne policy across people and agents
Sovara Gateway governs what your AI agents do when they call tools. Sovara Browser governs what your people send to AI chat. Same policy, same audit trail, both halves of how AI touches your data.
Talk to the engineer who built it
I built the gateway and I will be the one answering this form. Tell me the rough shape of your deployment (cloud, scale, regulatory frame) and I will come back with a concrete next step.
Want the security details first? See the security page.