AI can't take dangerous actions
in your system.
Strix blocks high-risk actions at runtime — before they execute.
For engineering and security teams deploying AI agents into production.
Six guarantees. All enforced at runtime.
Every demo below is running live — real capabilities, real decisions, real evidence. Not simulations.
Privilege Escalation
Blocked before executionRuntime Enforcement
No token, no executionApproval Flow
Held until authorizedEvidence Receipt
Hash-chained and verifiableReplay Protection
Token reuse deniedAI Boundaries
Agent overstep interceptedSystem telemetry
Execution monitored continuously.
Every action that enters the system is evaluated, decided, and recorded. This is what that looks like.
Policy enforcement enabled. Execution monitored continuously.
What changes when execution is governed.
The difference between hoping your system is safe and knowing it is.
Without Strix
AI executes state-changing actions without verification
Privileges escalate silently
APIs trigger unintended system changes
No enforcement exists between intent and execution
Result: Uncontrolled execution. No evidence. No recourse.
With Strix
Every action is evaluated before execution
Privilege changes require validation
External calls are intercepted and verified
All decisions are recorded with cryptographic evidence
Result: Controlled execution. Immutable evidence. Full accountability.
Example decision.
One action. Four stages. This is exactly what happens inside the kernel.
One action. Four stages. Complete accountability. Every decision works this way.
Same action. Same user. Different intent. Different decision.
RBAC allows both. Logging records both after the fact. Strix is the only system that sees the difference before it happens.
admin.schedules.deleteremove duplicate entrysource: admin UItime: business hoursactor: verified owneraffected_records: 1safe operational intent, no active dependenciesFull permissions. Clean context. Clear operational purpose. The action proceeds with full evidence. This is what RBAC sees — and it's correct.
Permissions answer who can act. Strix determines whether the action should happen.
This is not access control. This is not a rules engine. This is execution intelligence.
Every action passes through the kernel.
Nothing skips this pipeline. Not admins. Not AI agents. Not cron jobs. Not internal services.
Action enters the mutation layer
Every state-changing operation is captured before execution
Kernel checks capability, risk, context
Actor identity, risk tier, policy constraints, and history
Allow, Deny, or Intercept
Three-state decision — not binary. Interception is a first-class outcome.
Immutable evidence created
Every decision produces a tamper-evident record — including denials
Default = No Power.
No user, system, or agent has any execution authority by default. Every capability must be explicitly registered. Every action must be explicitly evaluated. If it isn't in the registry, it doesn't exist.
No Implicit Permissions
Being an admin doesn't grant execution rights. Having an API key doesn't grant execution rights. Every action is evaluated independently.
No Bypass Path
There is no way to reach the mutation layer without passing through the governance kernel. The architecture enforces this structurally, not through configuration.
No Silent Actions
Every operation — allowed, denied, or intercepted — produces an immutable evidence record. Denials are not errors. They are proof the system is working.
Allow. Deny. Intercept.
Every operation produces one of three outcomes. If your system only supports two, you have a blind spot the size of your entire operations layer.
Admin creates a new schedule
Evidence recorded. Action executed.
Coach attempts to change a user's system role
Evidence recorded. Action blocked.
Admin deletes a training program
Evidence recorded. Action blocked pending approval.
One function call. Complete governance.
adminProcedure
.input(z.object({...}))
.mutation(handler)
// Executes immediately
// No evidence
// No controlgovernedProcedure("admin.programs.delete")
.input(z.object({...}))
.mutation(handler)
// Intercepted → Evaluated → Decided
// Evidence recorded every timeOne function call wraps your mutation with: capability lookup, risk classification, policy evaluation, three-state decision, and immutable evidence recording. No configuration files. No separate infrastructure.
This is not RBAC. This is not logging. This is not guardrails.
| Approach | What it does | What it cannot do |
|---|---|---|
| RBAC | Checks if a user HAS permission | Cannot evaluate context, risk, or history. Cannot intercept. |
| API Gateways | Rate limiting, auth at the edge | Cannot evaluate business logic or classify risk. |
| AI Guardrails | Filter LLM inputs/outputs | Cannot govern database mutations, payments, or automation. |
| Logging | Records events after they happen | Cannot prevent an action. Cannot deny. Cannot intercept. |
| Policy Engines | Evaluates policies externally | Requires separate integration per endpoint. No structural enforcement. |
| OPA + Audit Logs | Policy rules + after-the-fact recording | Cannot evaluate intent. Cannot intercept. No understanding of why an action is attempted. |
RBAC tells you who CAN act. Logging tells you what DID happen. Policy engines evaluate rules. Strix evaluates intent, decides what WILL happen, and records why.
Active governance coverage across system surface
Running in production. Right now.
These numbers are from a live system. Not a demo. Not a prototype.
Policy enforcement enabled. 0 bypasses. 0 exceptions. 0 overrides.
Deployed. Governing. Producing evidence.
Strix is live in a multi-surface sports training platform — governing every mutation across web, mobile, cron jobs, and AI coaching workflows.
Strix governs every state-changing operation in a multi-surface sports training platform — web application, mobile app, automated jobs, and AI-assisted coaching workflows. This is not a sandbox. This is production.
Member & Athlete Management
High- Create/delete members
- Modify roster assignments
- Update contact information
Financial Operations
Critical- Process payments
- Issue refunds
- Modify subscription tiers
Schedule & Program Control
High- Delete training sessions
- Reassign coaches
- Modify program capacity
System Administration
Critical- Change user roles
- Modify permissions
- Update system configuration
Integration Footprint
One function call per mutation
1
Import added
127
One-line changes
0
Infrastructure changes
adminProcedure became governedProcedure("capabilityId") — no other changes required.