LIVE — PRODUCTION DATA

This is what governed execution looks like.

Every decision below came from a production system. Not a sandbox. Not a simulation. Real actions evaluated before execution, real policy enforcement, real cryptographic evidence — streaming now.

Browse Full Evidence Trail →Verify a Record

—

Evidence Records

loading…

—

Hash Coverage

loading…

Bypasses

Enforced at build time

127

Governed Capabilities

19 cron · 18 AI actions

Live Evidence Feed

Recent governed decisions.

Every row is a real decision — evaluated before execution, hash-sealed, and independently verifiable. Current chain status: intact.

Governance Kernel OutputSTREAMING

View all records →

When	Capability	Risk	Source	Decision	Evidence

Risk Classification

127 capabilities. Every one classified.

Every governed capability is assigned a risk tier. Higher risk means tighter constraints, mandatory approvals, and stricter evidence requirements.

Critical

Role changes, payment ops, system config. Two approvals required. No exceptions.

High

Bulk deletions, AI agent actions, cron mutations. Intercepted pending verification.

Medium

Standard operations. Evaluated and recorded. Evidence produced on every execution.

Low

Read-adjacent writes. Still governed. Still recorded. Nothing skips the kernel.

What This Proves

Six structural guarantees.

These claims are backed by public verification surfaces — enforced at build time, visible in every evidence record, and independently checkable without Strix infrastructure.

01 · Every action is witnessed

Zero structural bypasses

All 127 governed capabilities pass through governedProcedure(). 17 build-time invariants enforce this. There is no path to the mutation layer without evaluation.

02 · Evidence is hash-sealed and signed

Tamper-evident by design

Each record is SHA-256 hashed over the canonical payload and chain-linked to the prior record, then Ed25519 signed. Public keys are published via JWKS. Verifiable from any external endpoint without touching Strix infrastructure.

03 · Approvals are payload-bound

No stale approvals execute

Execution tokens bind approval to exact payload hash, actor, and session. A token approved for one action cannot be redeemed against a different payload. Single-use with replay protection.

04 · Humans and AI same chain

No separate trust path

18 AI agent actions and 19 cron jobs produce identical proof receipts to human-initiated actions. There is no privileged execution path. Nothing is exempt.

05 · External verification

Verify without us

Anyone can verify any record via public API using only Node's crypto. No Strix account. No SDK required. The math is the proof.

06 · Continuous integrity checks

Chain monitored daily

Daily proof integrity cron at 2 AM CT runs verification sweeps, orphan detection, and freshness checks across the entire evidence chain. Chain status: intact.

Screenshot vs. Proof

A screenshot is an illustration. Proof is public.

Screenshots of intercepted actions show the user experience, not the integrity claim. Verification happens through public records, cryptographic signatures, chain continuity, and JWKS-published keys — inspectable by anyone, without a Strix account.

WHAT THE SCREENSHOT SHOWS

An action was intercepted before execution
A human-readable decision label (allow / intercept / deny)
A capability name and risk tier
The moment in time the user saw it

WHAT THE PROOF VERIFIES

Hash integrity — SHA-256 over the canonical payload matches the stored hash
Chain continuity — each record links to the prior record's hash
Signature validity — Ed25519 signature verifies against the canonical payload
Key ID + algorithm — kid resolves to a public key published via JWKS; algorithm is declared and checked
Verification result — VERIFIED / LEGACY_UNSIGNED / SIGNATURE_INVALID / HASH_MISMATCH / SIGNING_KEY_UNKNOWN / COMPLIANCE_VIOLATION

Independent Verification

Verify any record yourself.

You don't need a Strix account. You don't need our SDK. The proof is in the math, not our word.

Enter any evidence hash or record ID from the trail above. Verification uses Ed25519 signatures and JWKS-published keys — the same cryptographic standard used in financial infrastructure. No account required.

→ Also callable via GET /api/public/verify?hash=<sha256>

See Strix govern your system.

The demo takes 15 minutes. You'll see a live policy evaluation, a blocked action, and a cryptographic evidence record — all in production. Currently in private beta, limited spots available.

Book a Demo Read the Architecture