Request Demo

Frequently asked questions

1. General & Platform Overview
What is Tavro, and what problem does it solve?

Tavro is an Agent BizOps platform built to help enterprises govern, catalog, and scale the adoption of AI agents across their organizations. As AI agents proliferate — in banking, healthcare, capital markets, energy, and beyond — enterprises face a critical challenge: how do you know what agents you have, what they do, what data they touch, and whether they comply with regulations?

Tavro solves this through three integrated layers: an open Agent Metadata Specification (AMS) that standardizes how agents describe themselves; an open-source Agent BizOps reference implementation for cataloging and managing agents; and an Enterprise SaaS Platform with automated risk scoring, GRC automation, and deep integrations with tools like ServiceNow and Microsoft Copilot.

What is ‘Agent BizOps’ and why does it matter?

Agent BizOps is the emerging discipline — and common operating layer — for taking AI agents from use case to deployment and governing them in production at enterprise scale. . It covers the full lifecycle of an agent: discovery, cataloging, risk assessment, compliance checking, lineage tracking, and retirement. As organizations deploy dozens or hundreds of AI agents, Agent BizOps provides the control plane needed to:

  • Maintain an accurate inventory of all deployed agents
  • Understand which data sources and tools each agent accesses
  • Track business and regulatory risk associated with each agent
  • Ensure compliance with frameworks such as the EU AI Act
  • Enable business leaders — not just engineers — to understand and govern agent behavior
How is Tavro’s architecture structured?

Tavro follows the proven open-core model across three layers:

  • Layer 1 — Open Standard (AMS): Layer 1 — Open Standard (AMS): The Agent Metadata Specification defines how agents describe themselves — their risk context, business context, functional context, and technical configuration. It is a digital public good extending the Google A2A Protocol.
  • Layer 2 — Open Source Agent BizOps: Layer 2 — Open Source Agent BizOps: A community reference implementation that enables catalog discovery, agent lineage tracking, and a REST API for integration.
  • Layer 3 — Enterprise SaaS: Layer 3 — Enterprise SaaS: The commercial platform adds automated risk scoring, GRC automation, EU AI Act compliance tooling, and deep integrations with ServiceNow and Microsoft Copilot.
What is the Agent Metadata Specification (AMS)?

The Agent Metadata Specification (AMS) is an open standard that defines how AI agents describe themselves.

 

Open Standard: AMS is published as a digital public good and extends the Google Agent-to-Agent (A2A) Protocol. It is available at github.com/TavroOrg/tavro.

Why does AMS extend the Google A2A Protocol rather than building from scratch?

Google’s A2A Protocol addresses how agents communicate with one another at runtime. AMS extends this by adding the governance and metadata layer that enterprises and regulators need: ownership, regulatory risk category, data access, and business process context. By building on A2A, Tavro ensures interoperability with the broader AI agent ecosystem while adding the enterprise governance context that A2A alone does not provide.

Does AMS include industry-specific extensions?

Yes. AMS includes vertical-specific extensions for the most heavily regulated and agent-intensive industries:

  • Banking Capital Markets
  • Healthcare
  • InsuranceEnergy & Utilities
  • Oil & Gas 
  • Life Sciences 
  • Higher Education 

Can Tavro be used in industries not listed above?

Absolutely. The core AMS standard and the Agent BizOps platform are general-purpose and applicable to any industry deploying AI agents. The industry extensions add additional metadata fields and risk classifications relevant to that sector’s regulatory environment — they do not restrict use by other sectors. Organizations can use the base AMS schema and, if needed, contribute an extension to the community or work with Tavro to develop one. Contact info@tavro.ai to discuss industry expansion.

What is the license for AMS?

The Agent Metadata Specification is published under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0).

What does the open-source Tavro platform include?

The open-source repository at github.com/TavroOrg/tavro provides a fully self-hostable Agent BizOps stack including:

  • Tavro Web App — the main UI for browsing and managing the agent catalog
  • Tavro API — a FastAPI-based REST API for programmatic access
  • PostgreSQL Database — with all required schemas and extensions pre-configured
  • Temporal Workflow Engine — for orchestrating agent lifecycle management workflows
  • MCP Server with Auth — enabling Claude and OpenAI assistants to query the catalog
  • Zitadel Auth — identity and access management
What are the prerequisites for running the open-source stack?

No coding knowledge is required. You need:

  • Docker Desktop (Windows, macOS, or Linux)
  • Git — to clone the repository
  • An OpenAI API key — configured in the .env file
What is the license for the open-source code?

The open-sourceTavro  Agent BizOps reference implementation is published on GitHub under an Apache License 2.0. 

The Tavro Enterprise Platform is a commercial product with separate licensing terms available through Tavro’s sales team.

How do I load sample data and test the platform?

Please refer to the GitHub repos directly at https://github.com/TavroOrg/tavro.

What additional capabilities does the Tavro Enterprise Platform provide?

The Enterprise Platform adds all the capabilities of the open source option plus hosted capabilities.

Is a free trial available for the Enterprise Platform?

Yes. Tavro offers a Free Cloud Trial at tavro.ai/tavro. The trial gives access to the hosted platform to explore the Agent Catalog, AI Use Case Catalog, and Risk Assessment features without needing to self-host. For a guided walkthrough, a live demo can be requested at tavro.ai/contact-us.

Is Tavro Enterprise available as a private cloud or on-premises deployment?

Yes to both. For enterprises with strict data residency or air-gap requirements — common in banking, government, healthcare, and defense-adjacent industries — Tavro supports private cloud and on-premises deployments. Because the full stack is Dockerized and open-source at its core, organizations can self-host with enterprise add-ons licensed separately. Contact Tavro’s team at tavro.ai/contact-us to discuss deployment options.

Does Tavro integrate with ServiceNow?

Yes. Tavro publishes a ServiceNow App that surfaces Tavro’s agent catalog, risk scores, and lifecycle data directly inside ServiceNow. This allows IT and risk teams to manage AI agent governance without leaving their primary ITSM workflow. The ServiceNow integration is part of the Enterprise Platform.

What is Tavro’s MCP Server and what does it enable?

Tavro’s MCP Server (Model Context Protocol server) exposes the Tavro Agent BizOps platform as a set of tools that AI assistants like Claude and OpenAI-based assistants can call in real time. This enables conversational ‘what-if’ analysis over your agent portfolio — for example:

  • “Which agents in our banking catalog touch PII data and have a high EU AI Act risk tier?”
  • “What agents are owned by the Capital Markets team sorted by risk score?”

The self-hosted MCP server runs at localhost:9001/zitadel/mcp and requires authentication. A hosted, enterprise-managed version is available through the Tavro Enterprise Platform.

What ‘what-if’ questions can I ask through the MCP integration?

Example queries the MCP integration enables an AI assistant to answer:

  • “What agents in our catalog are classified as high-risk under the EU AI Act?”
  • “Which use cases involve customer-facing AI in our healthcare division?”
  • “Show me all agents that access the customer PII database.”
  • “List agents owned by the Capital Markets team sorted by risk score.”
  • “Which agents are pending risk assessment review?”

The scope of answerable questions expands with the richness of AMS metadata populated in your catalog.

What is the AI Use Case Catalog?

The AI Use Case Catalog is a curated library of pre-defined, vetted AI use cases that enterprises can browse, adapt, and deploy. Each use case is structured according to the AMS standard and includes risk context, business context, and technical context metadata out of the box. The catalog serves two purposes:

  • Accelerate adoption — Accelerate adoption — teams start from a proven, governance-ready blueprint rather than defining every field from scratch.
  • Standardize governance — Standardize governance — use cases carry industry-standard risk classifications, making it easier to demonstrate compliance to regulators or internal audit teams.
What is the Agent Catalog and how does it differ from the AI Use Case Catalog?

The two catalogs operate at different levels of abstraction:

  • AI Use Case Catalog — AI Use Case Catalog — a library of use case blueprints describing what AI can do in a given domain (the ‘what’), e.g., ‘Automated Fraud Detection in Commercial Lending.’
  • Agent Catalog — Agent Catalog — a registry of actual deployed agents in your organization (the ‘who’). Each agent is a concrete deployment linked to one or more use cases, with specific model configurations, tool access, ownership, and live risk scores.

Enterprises typically start by browsing the Use Case Catalog for governance templates, then instantiate those into the Agent Catalog as agents are actually deployed.

Can we add custom use cases and agents to our catalog?

Yes. Both catalogs are fully extensible. Organizations can define custom AI use cases and register proprietary agents with their own AMS metadata. For large-scale catalog ingestion from existing agent frameworks (e.g., LangChain, AutoGen), the connector ingestion capability can be configured in config.yaml under the catalog_connector section.

How does Tavro support EU AI Act compliance?

The EU AI Act establishes a risk-tiered framework for AI systems. Tavro’s platform supports compliance in several ways:

  • Risk Classification — Risk Classification — AMS metadata includes fields for EU AI Act risk tier classification for every cataloged agent.
  • Automated Risk Scoring (Enterprise) — Automated Risk Scoring (Enterprise) — the Enterprise Platform can automatically calculate and update risk scores, flagging agents that may require reclassification.
 

Legal Note: Tavro provides tooling to support compliance workflows; it does not constitute legal advice. Organizations should consult qualified legal counsel regarding their specific EU AI Act obligations.

What risk frameworks does Tavro’s risk assessment support?

Tavro’s Agent Risk Assessments are framework-flexible. The platform currently supports or is aligned to:

  • EU AI Act — risk tier classification (High / Medium/ Low)
  • OWASP AIVSS – AI Vulnerability Scoring System from OWASP
How does agent lineage tracking support risk management?

Agent lineage tracking maps the full dependency chain of each agent: which LLM models it uses, which tools and APIs it calls, which data sources it reads or writes, and which business processes it participates in. This enables:

  • Impact analysis — Impact analysis — if a data source changes, which agents are affected?
  • Root cause analysis — Root cause analysis — if an agent produces unexpected output, what data or tools influenced it?
  • Regulatory accountability — Regulatory accountability — demonstrating to auditors exactly what data an agent accessed and when.

Change management — Change management — understanding the blast radius of any proposed change to an agent’s configuration.

What data does Tavro store about my AI agents?

Tavro stores metadata about agents — not the agents’ runtime outputs or conversational data. Specifically, Tavro catalogs the AMS-defined attributes for each registered agent: name, owner, business purpose, tool dependencies, data source connections, risk classification, and technical configuration parameters.

Tavro does not by default intercept, log, or store:

  • The content of prompts sent to agents
  • Agent output or response content
  • End-user data processed by agents at runtime

 

 

Self-hosted deployments: In the open-source stack, all metadata is stored in your own PostgreSQL instance. You retain full control over your data and it never leaves your infrastructure.

 

Where can I find Tavro’s Privacy Policy and Terms of Service?

Tavro’s legal documents are published at:

  • Privacy Policy: Privacy Policy: https://www.tavro.ai/tavro-privacy-policy/
  • Terms of Service: Terms of Service: https://www.tavro.ai/terms-of-services/
  • Security / Trust Center: Security / Trust Center: https://www.tavro.ai/tavro-security-commitment/

For enterprise data processing agreements (DPAs) or GDPR data subject rights questions, contact info@tavro.ai.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

What services run when I deploy the open-source stack?

Running docker compose up –build -d starts the following services:

  • tavro-postgres —  PostgreSQL database (port 5433 on host)
  • risk-temporal — Temporal workflow engine
  • tavro-api — FastAPI REST API (port 8000)
  • risk-mcp-server — MCP server with authentication
  • risk-worker — Agent card loader worker
  • tavro-app — Main web application (port 9000)
  • copilot-sdk — Microsoft Copilot integration SDK
  • zitadel (3 services) — zitadel-api, zitadel-login, zitadel-configure-app — Identity/auth services
  • proxy — Reverse proxy
What local ports does Tavro use?

Default local URLs for the self-hosted stack:

  • Tavro Web App: http://localhost:9000
  • API (direct): http://localhost:8000 — health check at /health, docs at /docs
  • Temporal UI: http://localhost:8233/temporal
  • MCP Endpoint: http://localhost:9001/zitadel/mcp (auth required)
  • Zitadel Auth: http://localhost:8080

How do I reset or troubleshoot a broken deployment?

Common troubleshooting steps:

  • Services fail to start — Services fail to start — ensure Docker Desktop is running and shows ‘Engine running.’
  • config.yaml mount fails — config.yaml mount fails — verify config.yaml is a file, not a directory.
  • MCP returns 401 — MCP returns 401 — expected before authentication; not an error.
  • Database init issues — Database init issues — if you changed SQL or bootstrap logic, wipe volumes and restart.

To do a complete clean reset (deletes all data volumes):

docker compose down -v

docker compose up –build -d

Where can I get help or ask questions?

Tavro provides multiple support channels:

  • Slack Community — Slack Community — join at tavrocommunity.slack.com for peer support, announcements, and product discussions
  • GitHub Issues — GitHub Issues — report bugs or request features at github.com/TavroOrg/tavro
  • YouTube — YouTube — tutorial videos and product walkthroughs at youtube.com/@Tavro-AI
  • Email — Email — direct inquiries to info@tavro.ai
  • Demo Request — Demo Request — schedule a live demonstration at tavro.ai/contact-us
How can my organization contribute to the AMS standard?

Tavro actively invites industry participation in the development of the Agent Metadata Specification. Organizations can contribute by:

  • Submitting pull requests or issues to the GitHub repository
  • Participating in the Slack community to shape specification discussions
  • Engaging as an industry thought leader to co-develop sector-specific extensions
  • Partnering with Tavro as a standards body or industry group

Tavro’s mission is to build a community-driven specification that represents the broadest possible set of enterprise AI governance needs — not a proprietary standard controlled by a single vendor.