Post-Compromise Execution Control
Five attack surfaces.
One enforcement architecture.
Strix governs the actions that matter most after access is obtained — credential reveals, role escalations, bulk deletes, payment submissions, and autonomous AI actions. Same kernel. Same cryptographic evidence. Every time.
See Live Evidence →Secrets
ModuleZero-knowledge credential vault. Every reveal, copy, and export is governed.
HIGH / CRITICAL on every access action
- ✓AES-256-GCM client-side encryption
- ✓Vault key never leaves the browser
- ✓Every access creates a signed evidence record
Access
ModuleRole escalation control. Privilege changes require governed approval — regardless of who is asking.
CRITICAL for role changes · HIGH for permission updates
- ✓SoD: actor cannot approve own escalation
- ✓2 approvals required for CRITICAL role changes
- ✓Signed approval artifact per approval
Data
ModuleBulk delete and export governance. Irreversible operations require a signed, approved decision.
CRITICAL for bulk deletes and exports
- ✓Payload binding — scope cannot expand post-approval
- ✓Audit trail persists after item deletion
- ✓Purge audit logs: blocked unconditionally
Financial
ModulePayment, billing, and payout governance. Every claim batch and payout change has a signed canonical artifact.
CRITICAL for payouts · HIGH for billing changes
- ✓Quorum approval for claim batches
- ✓9-field signed approval artifact per approval
- ✓External verifier: no Strix account required
Agent
ModuleAutonomous AI action governance. Same enforcement architecture as human actions — no privileged path.
HIGH / CRITICAL · 0 exempt paths
- ✓Agents cannot issue their own tokens
- ✓18 AI capabilities + 19 cron jobs governed
- ✓Identical proof receipts to human actions