Models decide. Agents orchestrate.
Strix controls execution.
Strix sits between agent intent and real-world side effects. Nothing executes until evaluated — and every decision produces cryptographically signed proof anyone can verify.
Capability control for AI agents. Fail-closed by default. Independently verifiable.
npx @strixgov/verifier@latest 5686Don't trust us. Verify us.
Every decision is a record you can verify yourself.
Each governed action is intercepted, evaluated, and Ed25519-signed. The result is a canonical record any third party can re-verify with one command — no Strix tooling, no account, no trust required.
$ npx @strixgov/verifier 5686→ VERIFIEDRunning in production. Right now.
Strix governs every state-changing action across a live, multi-surface platform — web, mobile, cron jobs, and AI workflows — and produces a signed record on each one. Not a demo. Not a prototype.
Total Decisions
Capabilities Active
Decision States
Bypasses
Strix governs every state-changing operation in a multi-surface sports training platform — web application, mobile app, automated jobs, and AI-assisted coaching workflows. This is not a sandbox. This is production.
Member & Athlete Management
High- Create/delete members
- Modify roster assignments
- Update contact information
Financial Operations
Critical- Process payments
- Issue refunds
- Modify subscription tiers
Schedule & Program Control
High- Delete training sessions
- Reassign coaches
- Modify program capacity
System Administration
Critical- Change user roles
- Modify permissions
- Update system configuration
Integration Footprint
One function call per mutation
1
Import added
1-line
change per mutation
0
Infrastructure changes
adminProcedure became governedProcedure("capabilityId") — no other changes required.
Watch governance happen
Authority fans out — and a bad branch dies at the boundary.
A real governed swarm run: authority roots in a human, attenuates down each delegation edge, and the branch reaching for a capability it was never delegated is blocked at the execution boundary — its side effect doesn't run. Every node changes because the boundary returned a real, Ed25519-signed verdict.
Five guarantees, enforced at runtime.
Nothing executes without evaluation
Every state-changing action is intercepted before it runs.
Authority doesn't carry over
Each action is re-evaluated at the moment it runs — a prior approval does not transfer to the next one.
Judged at execution time
Admissibility is decided against intent, context, and capability when the action actually fires — not against a static role.
Enforcement, not logging
The decision happens before the side effect, not in an audit trail written after the fact.
Bounded and revocable
Execution tokens are single-use, expire by default, and can be revoked mid-flight.
Structurally enforced — build-time invariants check every registered mutation, and every decision is independently re-derivable with npx @strixgov/verifier.
Allow. Deny. Intercept.
Every operation produces one of three outcomes. If your system only supports two, the gap is the size of your operations layer.
Admin creates a new schedule
Evidence recorded. Action executed.
Coach attempts to change a user's system role
Evidence recorded. Action blocked.
Admin deletes a training program
Evidence recorded. Action blocked pending approval.
This is not RBAC. This is not logging. This is not guardrails.
| Approach | What it does | What it cannot do |
|---|---|---|
| RBAC | Checks if a user HAS permission | Cannot evaluate context, risk, or history. Cannot intercept. |
| AI Guardrails | Filter LLM inputs/outputs | Cannot govern database mutations, payments, or automation. |
| Logging | Records events after they happen | Cannot prevent an action. Cannot deny. Cannot intercept. |
| OPA + Audit Logs | Policy rules + after-the-fact recording | Cannot evaluate intent. Cannot intercept. No understanding of why an action is attempted. |
RBAC tells you who CAN act. Logging tells you what DID happen. Policy engines evaluate rules. Strix evaluates intent, decides what WILL happen, and records why.
See the full walkthrough — intent binding, the kernel pipeline, and a worked example →
One function call. Complete governance.
adminProcedure
.input(z.object({...}))
.mutation(handler)
// Executes immediately
// No evidence
// No controlgovernedProcedure("admin.programs.delete")
.input(z.object({...}))
.mutation(handler)
// Intercepted → Evaluated → Decided
// Evidence recorded every timenpx @strixgov/mcp-adapter demoSpins up a stub MCP server, runs three governed tool calls (ALLOW / APPROVAL / DENY), and emits three Ed25519-signed receipts you verify with an independent package. Seven packages are on the public registry — the verifier and trust primitives are MIT, the MCP runtime adapters Elastic-2.0. Browse the bundle →
Consumer Trust Mark
The consumer-facing layer of the same proof chain: a governed product displays a signed, time-boxed grant whose badge re-checks itself on demand — it shows verified only from a fresh check, and degrades on its own when coverage lapses. The Academy carries one.
Production governance. Zero bypasses. One evidence trail.
Strix is running in production today — 153 capabilities defined, every decision recorded. See the governance kernel in action in 15 minutes.
Currently in private beta — limited spots available.
npx @strixgov/verifier@latest 5686