Models decide. Agents orchestrate.
Strix controls execution.

Strix sits between agent intent and real-world side effects. Nothing executes until evaluated — and every decision produces cryptographically signed proof anyone can verify.

Capability control for AI agents. Fail-closed by default. Independently verifiable.

Try it in your terminal — no signup, no install persisted
$npx @strixgov/verifier@latest 5686
Verifies a real production record against the published Ed25519 key. Returns Status: VERIFIED in ~10 seconds.
AI attempted role escalation → BLOCKED
strix kernel

Don't trust us. Verify us.

Every decision is a record you can verify yourself.

Each governed action is intercepted, evaluated, and Ed25519-signed. The result is a canonical record any third party can re-verify with one command — no Strix tooling, no account, no trust required.

Verified
SIGNATURE VALID · CHAIN LINKED
evidenceIdevd_5686
actioncapability.execute
signatureValidVERIFIED
evidenceHashsha256:9f2c…a0b1
proofChainHashsha256:41d8…7e3f
signingKeyIdstrix-***-2026-05
environmentproduction
createdAt2026-05-15T18:22:04Z
EU AI ActArt.12 ✓ · Art.14 ✓ · Art.28 ✓
signatureed25519:5b9d3c…f17a
$ npx @strixgov/verifier 5686→ VERIFIED

Running in production. Right now.

Strix governs every state-changing action across a live, multi-surface platform — web, mobile, cron jobs, and AI workflows — and produces a signed record on each one. Not a demo. Not a prototype.

Live governance telemetry

Total Decisions

Capabilities Active

Decision States

Bypasses

Live Deployment

Strix governs every state-changing operation in a multi-surface sports training platform — web application, mobile app, automated jobs, and AI-assisted coaching workflows. This is not a sandbox. This is production.

Member & Athlete Management

High
  • Create/delete members
  • Modify roster assignments
  • Update contact information

Financial Operations

Critical
  • Process payments
  • Issue refunds
  • Modify subscription tiers

Schedule & Program Control

High
  • Delete training sessions
  • Reassign coaches
  • Modify program capacity

System Administration

Critical
  • Change user roles
  • Modify permissions
  • Update system configuration

Integration Footprint

One function call per mutation

1

Import added

1-line

change per mutation

0

Infrastructure changes

adminProcedure became governedProcedure("capabilityId") — no other changes required.

Web Application
Mobile App
Cron Jobs
AI Coaching Workflows

Watch governance happen

Authority fans out — and a bad branch dies at the boundary.

A real governed swarm run: authority roots in a human, attenuates down each delegation edge, and the branch reaching for a capability it was never delegated is blocked at the execution boundary — its side effect doesn't run. Every node changes because the boundary returned a real, Ed25519-signed verdict.

Delegation graph: authority roots in a human and fans out to agents; benign branches execute while a malicious branch is blocked at the execution boundary.

Five guarantees, enforced at runtime.

1

Nothing executes without evaluation

Every state-changing action is intercepted before it runs.

2

Authority doesn't carry over

Each action is re-evaluated at the moment it runs — a prior approval does not transfer to the next one.

3

Judged at execution time

Admissibility is decided against intent, context, and capability when the action actually fires — not against a static role.

4

Enforcement, not logging

The decision happens before the side effect, not in an audit trail written after the fact.

5

Bounded and revocable

Execution tokens are single-use, expire by default, and can be revoked mid-flight.

Structurally enforced — build-time invariants check every registered mutation, and every decision is independently re-derivable with npx @strixgov/verifier.

Allow. Deny. Intercept.

Every operation produces one of three outcomes. If your system only supports two, the gap is the size of your operations layer.

ALLOW

Admin creates a new schedule

Capabilityadmin.schedules.create
RiskMedium
Approvals required0
DecisionALLOW

Evidence recorded. Action executed.

DENY

Coach attempts to change a user's system role

Capabilityadmin.members.updateRole
RiskCritical
Approvals required2
DecisionDENY

Evidence recorded. Action blocked.

INTERCEPT

Admin deletes a training program

Capabilityadmin.programs.delete
RiskHigh
Approvals required1
DecisionINTERCEPT

Evidence recorded. Action blocked pending approval.

This is not RBAC. This is not logging. This is not guardrails.

ApproachWhat it doesWhat it cannot do
RBACChecks if a user HAS permissionCannot evaluate context, risk, or history. Cannot intercept.
AI GuardrailsFilter LLM inputs/outputsCannot govern database mutations, payments, or automation.
LoggingRecords events after they happenCannot prevent an action. Cannot deny. Cannot intercept.
OPA + Audit LogsPolicy rules + after-the-fact recordingCannot evaluate intent. Cannot intercept. No understanding of why an action is attempted.

RBAC tells you who CAN act. Logging tells you what DID happen. Policy engines evaluate rules. Strix evaluates intent, decides what WILL happen, and records why.

See the full walkthrough — intent binding, the kernel pipeline, and a worked example →

One function call. Complete governance.

Before — no governance
adminProcedure
  .input(z.object({...}))
  .mutation(handler)

// Executes immediately
// No evidence
// No control
After — governed
governedProcedure("admin.programs.delete")
  .input(z.object({...}))
  .mutation(handler)

// Intercepted → Evaluated → Decided
// Evidence recorded every time
20 seconds to see it end-to-end — no install, no signup
npx @strixgov/mcp-adapter demo

Spins up a stub MCP server, runs three governed tool calls (ALLOW / APPROVAL / DENY), and emits three Ed25519-signed receipts you verify with an independent package. Seven packages are on the public registry — the verifier and trust primitives are MIT, the MCP runtime adapters Elastic-2.0. Browse the bundle →

Consumer Trust Mark

The consumer-facing layer of the same proof chain: a governed product displays a signed, time-boxed grant whose badge re-checks itself on demand — it shows verified only from a fresh check, and degrades on its own when coverage lapses. The Academy carries one.

Production governance. Zero bypasses. One evidence trail.

Strix is running in production today — 153 capabilities defined, every decision recorded. See the governance kernel in action in 15 minutes.

Currently in private beta — limited spots available.

Try it in your terminal — no signup, no install persisted
$npx @strixgov/verifier@latest 5686
Verifies a real production record against the published Ed25519 key. Returns Status: VERIFIED in ~10 seconds.