Every payment is a decision.
Every decision is a signed record.
Payment submissions, payout changes, and billing rule modifications are the highest-consequence actions in any financial system. Strix places a governed checkpoint before every one — with a signed approval artifact that proves who authorized it, when, and under what policy.
Financial attack paths Strix closes
Payment redirection
Actor: Compromised billing admin
Attack
Changes payout bank account to attacker-controlled account
Strix
PATCH /api/billing/payout-account flagged CRITICAL. Second approver required. SoD enforced.
Fraudulent claim batch
Actor: Insider with claims-submission access
Attack
Submits 200 phantom claims worth $80K across a weekend
Strix
Batch submission intercepted. Volume threshold triggers CRITICAL classification. Quorum required.
Billing rule manipulation
Actor: Engineer with staging-level access escalated to prod
Attack
Modifies discount logic to apply 100% discount to a specific account
Strix
Billing code mutation classified HIGH. Decision record created. Evidence signed.
Refund loop
Actor: Customer service rep with refund authority
Attack
Issues repeated refunds above their individual authorization limit
Strix
Per-actor refund velocity tracked. Threshold breach triggers escalation to manager approval.
Signed approval artifacts
Every approval has a cryptographic receipt.
Every approval produces a 1:1 signed canonical artifact using the same Ed25519 key as the governance evidence chain. Verifiable by any auditor without Strix tooling.
External verification
Any auditor can verify approval authority against the public JWKS without trusting Strix row-level data.
npx @strixgov/verifier@1.9.0 approval <id>Quorum verification
Verify that a CRITICAL decision received the required number of independent approvals, each with a valid signed artifact.
npx @strixgov/verifier@1.9.0 quorum <decisionId>Public REST endpoint
GET /api/public/approval-artifact/:idCompliance flags are derived from verification — not asserted.
Article 12 (tamper-resistant), Article 14 (human oversight), and Article 28 (provider obligations) compliance flags are computed at verification time from the cryptographic record — never pre-set. If the signature is invalid, the flag is false. No audit can be satisfied by a flag alone.
See a payment submission governed live.
In the demo, we submit a claim batch and watch Strix create a decision record, require two approvals, mint a signed approval artifact, and then issue the execution token — all before a single payment processes.