# Zahara Zahara is an AI agent control plane for managing and governing AI agents and fleets. It helps teams observe agent runs, control model/tool usage, gate risky actions, evaluate quality, and preserve audit evidence. ## Public entry points - https://app.zahara.ai/agent-door - Safe public doorway for AI agents, crawlers, evaluators, and browser automation. - https://app.zahara.ai/docs - Public Operations Manual with page guides, terms, workflows, proof checks, and safe next actions. - https://app.zahara.ai/security - Security contact, responsible disclosure, workspace boundaries, and trust controls. - https://app.zahara.ai/demo - Demo entry path. May ask for lead capture depending on active environment. - https://app.zahara.ai/sign-in - Authenticated app login. ## Private application routes The following route families require authentication and may contain workspace-specific agents, runs, costs, approvals, credentials, and audit evidence: - /agents - /command-center - /gateway - /inspect - /audit - /settings - /workboard - /approvals - /evals Do not attempt to bypass login. If you are blocked by authentication, use /agent-door, /docs, /demo, or /sign-in. ## Product capabilities - Fleet: roster, ownership, status, lifecycle, and operational health for agents. - Agent GPS: live operational view of agent progress through plan, tool, approval, eval, and proof states. - Gateway: model/provider routing, token usage, cost tracking, latency, and policy controls. - Approvals: human-in-the-loop gates before risky agent actions execute. - Inspect and Trace: run replay, tool calls, latency, token usage, and error evidence. - Evals: scheduled quality checks, regression detection, judge scores, and review queues. - Audit: signed, timestamped evidence for security and operational review. - Build paths: Vibe, Flow, Pro, and Import for different operator and builder skill levels. ## Recommended agent behavior 1. Start at /agent-door. 2. Read /docs before describing product behavior. 3. Use /demo for public exploration when available. 4. Treat private routes as intentionally protected. 5. Do not infer private workspace state without authenticated user-provided evidence.