Proof Gallery

See the proof. Verify it yourself.

Most agent demos show you what an agent can do. These show you what an agent was allowed to do — each one carrying an Ed25519-signed receipt you can verify independently, with no Strix account and no dashboard.

Action → evaluated at execution time → signed receipt → you verify.

This is an index into the canonical proof surfaces — it links to each record, it never re-hosts or re-derives trust. For a guided walkthrough of the four verification states, see the adversarial proof demo, or watch a decision's signed chain prove itself in the Impossible Replay.

Six guarantees. All enforced at runtime.

Every demo below is running live — real capabilities, real decisions, real evidence. Not simulations.

Privilege Escalation

Blocked before execution
strix kernel

Runtime Enforcement

No token, no execution
strix kernel

Approval Flow

Held until authorized
strix kernel

Evidence Receipt

Hash-chained and verifiable
evidence record

Replay Protection

Token reuse denied
strix kernel

AI Boundaries

Agent overstep intercepted
strix kernel

Verify against production

Resolves live by id at www.strixgov.com. Run the command and the record is fetched, its public key looked up, and its signature checked — by you, not by us.

Verify offline

Download the signed receipt and the gallery keyset (gallery-jwks.json), then check it locally with --jwks gallery-jwks.json — no network needed. Where an entry shows a refusal, the receipt proves the refusal happened and was signed, not a side effect that never ran.

ALLOWVERIFIED · ED25519Verify against production

Governed action, signed and verifiable by id

Agent tried: A governed action executed on the Strix platform and was recorded as an Ed25519-signed evidence record.

Strix governed: The action was evaluated at execution time; the resulting evidence record carries the canonical 13-field Signed Evidence v1 payload.

Verify a real record — right now

Production evidence record 5686, re-checked live in your browser against the public verification API.

Checking…

Don't take our word for it — run the same check

npx @strixgov/verifier@latest 5686

Open-source verifier, standard Ed25519 + JWKS primitives, zero Strix dependencies. The signature is checked against the public keys at /.well-known/strix-jwks.json— the math doesn't require us to be in the loop.

What the proof proves: A third party, offline, resolves record 5686 by id, fetches the public JWKS, and confirms the Ed25519 signature — without a Strix account and without trusting our dashboard. CI runs this exact command against production every day.

View the canonical verified record →
ALLOWVerify offlineVerification pending

Notion MCP tool call — governed and allowed

Agent tried: An MCP agent calls Notion's API-get-self through the Strix tool gateway.

Strix governed: The gateway intercepted mcp.callTool:API-get-self, evaluated it as MEDIUM risk in EXECUTE mode against a content-addressed policy, allowed it, and signed a v2 receipt binding the invocation to the outcome.

Receipt ID
rcpt_72caa3adeeb5b85c12231cef
Capability
mcp.notion.API-get-self
Action
mcp.callTool:API-get-self
Decision
ALLOW · MEDIUM · EXECUTE
Policy version
sha256:b48e736cfc2626bdb86226065d612bfa5018c1d7955a2ef3323246f403e2da71
Invocation hash
4edc7c9db3957d75fd5f2fa6aa7249067e88dd969ad51880397b8b6ac55678ba
Signing key
strix-notion
Environment
local
npx @strixgov/verifier receipt receipt-notion-allow.json --jwks gallery-jwks.json
↓ Download the signed receipt (receipt-notion-allow.pending.json)

The receipt is real, but its signing key is not yet published in the gallery keyset, so it cannot be independently verified offline today. The command is shown for reference; this entry is not yet presented as live, checkable proof.

What the proof proves: The signature establishes that the gateway evaluated this exact tool and parameters before the call, and binds the invocation hash, policy version, and ALLOW outcome together. It is a local dogfood receipt (environment: local) — it proves the governed decision, not a production side effect. Verification is pending: the public key for strix-notion must be published in gallery-jwks.json before this can be verified offline, so it is not yet presented as a live, checkable entry.

INTERCEPTVerify against productionAwaiting mint

Multi-approver quorum chain

Agent tried: A HIGH-risk decision that requires two or more independent signed approvals before it can execute.

Strix governed: Each approval is minted as a signed SalesApprovalArtifact, chain-hashed within the decision (sequenceNum + previousArtifactHash). Self-approval is rejected and recorded.

npx @strixgov/verifier@latest quorum <decisionId>

This entry goes live once the demo decision is minted (see docs/runbooks/mint-quorum-demo-decision.md). Until then the command is shown for reference and is not yet resolvable.

What the proof proves: Walks the chain of signed approvals for one decision and confirms each artifact's signature and chain link — the NIST SP 800-53 AC-5 / AU-10 quorum evidence, re-checkable offline. Goes live once the demo decision is minted.

An entry here is not a screenshot — it is a verifiable artifact. A submission must route a real tool call through @strixgov/tool-gateway or @strixgov/mcp-proxy, produce a signed receipt, and pass npx @strixgov/verifier receipt <file> on a clean machine. No green verify, no entry.

This gallery only lists what you can check today. Surfaces we cannot yet prove end-to-end are not listed — the work there is producing a real governed execution, not writing a card.