Running in production

Production Proof

Strix is not a prototype. It governs a live, full-stack SaaS application in production — web surfaces, mobile clients, and automated jobs all enforced through a single governance layer. Every claim on this site is derived from production code and production evidence.

127

Governed Capabilities

Decision States

Bypasses

100%

Evidence Coverage

How it's deployed

A production application with web, mobile, and automation surfaces. Admin write operations, user-facing actions, and scheduled jobs all pass through the same governance middleware before execution.

One enforcement boundary. Zero exceptions.

Web Application

Every admin write operation — creates, updates, deletes, publishes — governed through server-side middleware before reaching the database.

Mobile Client

The mobile app passes through the same governance layer as the web portal. Different surface, identical enforcement.

Automated Jobs

Scheduled automation — campaigns, report generation, recurring tasks — all governed with full evidence recording.

Evidence examples

ALLOWAdmin creates a new schedule

capabilityadmin.schedules.create

riskmedium

actor_roleadmin

decisionALLOW

reasonmedium_risk: no_approval_required

sourcelocal_policy

DENYNon-admin attempts to change a system role

capabilityadmin.members.updateRole

riskcritical

actor_rolemember

decisionDENY

reasoncritical: actor_not_owner

http_code403 FORBIDDEN

INTERCEPTAdmin deletes a program with active users

capabilityadmin.programs.delete

riskhigh

actor_roleadmin

decisionINTERCEPT

reasonhigh_risk: execution_token_required

blockedtrue (pending approval)

Permission ≠ Decision

Same action. Same user. Different intent. Different decision.

ALLOWRoutine cleanup

capabilityadmin.schedules.delete

actorverified owner

intentremove duplicate entry

affected1 record (inactive)

decisionALLOW

Full permissions. Clean context. Clear purpose. Permissions allow it — and intent confirms it.

INTERCEPTSame user — different intent

capabilityadmin.schedules.delete

actorverified owner

intentclean up old entries

affected47 records (active)

decisionINTERCEPT

Same user. Same permission. Same action. But the intent targets active resources — operational risk that RBAC cannot see.

Permissions answer who can act. Strix determines whether the action should happen.

RBAC allows both silently. Logging records both after the fact. Strix is the only system that sees the difference before it happens.

Engineering Transparency

These are deliberate design decisions, not architectural gaps. We publish them because credibility requires honesty about trade-offs.

Fail-open on SDK errors

When the external Strix API is unreachable, the system fails open — actions proceed, evidence is recorded. This prioritizes availability. The local policy engine still evaluates.

Execution token enforcement

HIGH-risk and CRITICAL actions are blocked until a human-issued execution token is provided. The action does not proceed without explicit approval. Evidence is recorded for both the interception and the subsequent approval.

Cron auto-approve

Automated job capabilities have approvalsRequired: 0. They are governed and the SDK can deny them, but the local policy always allows. By design until pre-authorization exists.

Live data

Governance decisions in real time

These numbers are pulled from the production database right now. Not cached screenshots. Not projections. Live counts.

Live governance telemetry

Total Decisions

Capabilities

Decision States

Bypasses

Independent verification

Verify any evidence hash

Every governance decision produces a SHA-256 hash. Enter one below to confirm it exists in the immutable evidence chain. No account required.

evidence verification

Governance verification terminal ready.Enter any evidence hash to verify it exists in the immutable trail.

API: GET /api/public/verify?hash=<sha256>|Independently verifiable. No account required.

You can also call the API directly: GET /api/public/verify?hash=a4f8c91d

127 capabilities. Zero bypasses. One evidence trail.

Strix is in production today. See the governance kernel in action — 15 minutes, live system, real decisions.

Currently in private beta — limited spots available.