Evidra Lock FAQs

Question 1

What is Evidra Lock?

Accepted Answer

Evidra Lock acts as a fail-closed kill-switch for AI agents, validating all infrastructure operations against explicit policy before execution. It prevents destructive, incomplete, or unsafe actions on your production environment.

Question 2

How does Evidra Lock prevent catastrophic misconfigurations?

Accepted Answer

It ships with curated operational guardrails (e.g., blocking public S3 buckets, privileged containers, open security groups) and uses deterministic OPA policy evaluation to enforce safety without relying on natural language processing.

Question 3

What does 'fail-closed by default' mean for Evidra Lock?

Accepted Answer

Fail-closed means that Evidra Lock automatically denies any unknown, incomplete, or ambiguous infrastructure operations. It prioritizes safety by requiring explicit policy allowance for an action to be executed, rather than silently allowing.

Question 4

How does Evidra Lock ensure auditability and compliance?

Accepted Answer

Every policy decision (allow or deny) is recorded in an append-only, hash-chained, immutable evidence log. This provides tamper-proof auditability for compliance, verifiable via the `evidra evidence verify` CLI command.

Question 5

Does Evidra Lock replace OPA Admission Controllers?

Accepted Answer

No, Evidra Lock is not a replacement. It operates *before* execution across various tools (like `kubectl`, `terraform`, `helm`), complementing admission controllers that run *at deploy time* inside your Kubernetes cluster.

Evidra Lock

Evidra Lock

Key Features

Use Cases

Key Features

Use Cases