Documentation

Execution Control Documentation

Wrap your first action in five minutes. Verify the evidence with no Strix tooling. Then read the references below to integrate Strix into your real workload.

Quickstart — 5 minutes to your first governed action

Wrap one action, generate one evidence record, verify it independently. No Strix account required.

Step 1

Install

terminal

npm install @strixgov/sdk @strixgov/verifier

Step 2

Wrap an action

Define one capability and wrap your handler. Strix issues a single-use signed token; the handler only runs when a valid token is presented.

governed-example.ts

import { StrixGovernance } from '@strixgov/sdk';

const strix = new StrixGovernance({
  policyEngine: {
    type: 'local',
    signingKey: process.env.STRIX_SIGNING_KEY!,
    capabilities: [{
      capabilityId: 'user.delete',
      riskLevel: 'high',
      allowedEnvironments: ['development', 'production'],
      approvalsRequired: 0,
      irreversible: true,
    }],
  },
  evidenceSink: { type: 'file', path: './evidence/audit.jsonl' },
  verificationKey: process.env.STRIX_PUBLIC_KEY!,
  defaultEnvironment: 'development',
});

const deleteUser = strix.governedAction(
  { capability: 'user.delete' },
  async (input: { id: string }) => {
    // Your real handler. Only runs with a valid token.
    return { deleted: input.id, deletedAt: new Date().toISOString() };
  },
);

// Request a decision, then execute with the token.
const decision = await strix.requestDecision({
  capabilityId: 'user.delete',
  actorId: 'usr_alice',
  environment: 'development',
});

const result = await deleteUser(
  { id: 'usr_bob' },
  { token: decision.token!, actorId: 'usr_alice' },
);

Step 3

Verify the evidence — independently

Every execution attempt (allowed, denied, intercepted, replayed) is appended to your evidence sink, Ed25519-signed, and SHA-256-chained. Verify with the public verifier — no Strix tooling required.

terminal

npx @strixgov/verifier@1.9.0 verify ./evidence/audit.jsonl \
  --jwks https://www.strixgov.com/.well-known/strix-jwks.json

expected output

Strix Evidence Verifier v1.9.0

Record 1 — exec_a1b2c3d4
  Capability:  user.delete
  Actor:       usr_alice
  Outcome:     EXECUTED
  ✓ Signature valid
  ✓ Hash valid
  ✓ Proof chain valid

3 records verified. All valid.
Exit code: 0

Also — anyone can verify any record from a browser at https://www.strixgov.com/proof/<evidenceId>. Same cryptographic primitives, same JWKS, no install required. The Trust Center page runs the verification server-side and renders the signature + hash + chain checks plus the EU AI Act flags derived from the outcome.

What just happened

Policy evaluated — the kernel decided ALLOW because the actor and environment matched the capability's allow-list.
Token issued — Ed25519-signed, single-use, scoped to that capability + actor.
Handler ran exactly once — the token was redeemed atomically. Replays fail with TOKEN_ALREADY_REDEEMED.
Evidence recorded — every attempt (allowed, blocked, replayed) is in the chain, signed, and independently verifiable.

NextFull integration guide →Verify a real record →MCP tool gateway →

Reference

Integration Guide

Learn how to embed the governance kernel: governed procedures, capability registries, policy evaluation, and evidence recording.

Production Evidence

See Strix running in production: 127 governed capabilities, real decisions, immutable evidence trail, and system health.

Compliance Map

See how Strix maps to EU AI Act Articles 12, 14, and 28, NIST AI RMF, and SOC 2 audit controls.

TamperProof

Verify that evidence records are cryptographically intact and have not been altered since they were recorded.

Verify a Record

Independently verify any governance decision by its evidence hash — no Strix tooling required.

API Explorer

Interactive explorer for the Strix governance verification endpoints. Try live requests against real production data.

Full API documentation is available to beta participants. Book a demo to get started.