Verifiable transparency, not delegated.
Polyant is an open source framework under AGPLv3. The core code is public on GitHub, inspectable before contract signature. The product's audit registry can be queried with any standard SQL client. Trust does not rest solely on a third-party certificate: it rests on the customer's ability to verify everything before deciding to adopt the solution.
Five statements the customer can verify before signing.
AGPLv3 is the copyleft licence chosen deliberately for Polyant. It grants the customer the four rights of free software: use the software for any purpose, study the code, modify it, distribute original or modified copies.
For a company that adopts Polyant for its own business this means full freedom. The software can be downloaded, installed, configured, and modified to build the agents that serve its processes. The agents, the configurations, the prompts, the integrations with enterprise systems all belong to the customer.
The only condition AGPLv3 sets is the network clause (section 13): anyone who modifies the Polyant code to redistribute a competing version as a service is required to open-source that version too. This is the condition that keeps the framework open over time and prevents a cloud provider from making a closed fork of the software.
The full text of the licence is available in the Polyant GitHub repository for those who wish to examine the specific terms.
Every runtime decision of every agent is written to dedicated PostgreSQL tables in the customer's database. The schema is public in the GitHub repository.
Compliance teams can consult the registry from the Polyant admin panel. To integrate it with a SIEM system, a data warehouse, or a regulatory reporting flow, the registry can be queried directly via a standard SQL client on the customer's database.
The registry is designed to cover the record-keeping obligations relevant to regulated EU companies: AI Act, GDPR, and sector regulations (DORA for financial services, IDD for insurance, AGENAS and ARERA regulations). Schema detail and integration patterns on docs.polyant.ai/admin-panel/audit-logs.
Polyant was conceived in the lineage of OpenClaw, an open source project that showed in public code how to build the harness around an LLM: the reasoning loop, the tool dispatch, the message lifecycle, the guardrails. The Exelab team took OpenClaw, studied its design, and used it as a starting point to build an enterprise-grade, multi-tenant platform designed for the European regulated context. The same attribution is declared in the public README of the product repository.
What Polyant inherits directly from OpenClaw: the tool registry (modular extension model of the runtime), the supervisor-as-loop architecture, the skills-in-markdown system as a reusable, versionable unit of competence, the LLM model abstraction as a parameter of the agent.
What Polyant transforms for the enterprise regulated context: adds ten built-in runtime governance controls, DB-first audit (registry in PostgreSQL inside the customer's database), native multi-channel support (Telegram, Slack, WhatsApp, OpenAI-compatible HTTP), and multi-tenancy with per-instance isolation and secrets encrypted with AES-256-GCM.
The inheritance is of patterns and architectural vocabulary, not shared code: Polyant's code is written by Exelab and publicly versioned on GitHub under AGPLv3.
Polyant is built inside Exelab, a European technology company. Exelab delivers digital products and AI projects for European and global companies, and understands the needs of those who operate in regulated contexts: governance is non-negotiable, procurement is structured, legacy systems remain in place, and sector compliance constraints are demanding. Polyant is designed with a clear understanding of what these customers look for, what they reject, and what they will sign.
Public institutional credentials: ISO 27001 (certified ISMS, coverage on the products Exelab builds, including Polyant). HubSpot Elite Solutions Partner: one of a handful in Europe to grow organically. Twilio Gold Partner. AWS Partner. Vendor qualification: active in the procurement of a primary European bank. Legal seat: Rome.
Exelab's ISO 27001 certification extends to the products the company builds, including Polyant. On the technical side, the verifiable guarantees reside in the built-in runtime controls within the managed profiles, in the audit registry inspectable via standard SQL on the customer's database, in the audit schema published in the GitHub repository, and in the technical documentation. For full company information, the reference is Exelab.com.
Vulnerability reports on Polyant are sent by email to [email protected], or via a private GitHub Security Advisory on the public repository. The team responds within 48 working hours. Significant fixes are released as patches on the public repository, with an explicit entry in the release changelog. Security patches for managed customers are applied by the Exelab team within the SLA of the customer's profile.
Three doors, three kinds of reader.
Core code on GitHub for the customer's legal team. Audit registry documentation for the Compliance Officer. A thirty-minute call with the Exelab team for the CIO and the DPO.