Nolixan

Governance overview

Why governed execution — the policy, approval, and audit controls wrapped around every action.

The hard part of giving an agent real hands isn't connecting an API — it's making sure the agent can only do what it's allowed to, that risky actions get a human in the loop, and that you can prove after the fact exactly what happened. That's what Nolixan's governance layer is for, and it runs identically on every surface — direct execution, the proxy, MCP, the SDKs/CLI, and triggers — with no extra code from you. A cross-surface conformance gate fails CI if any surface ever drops a control, so "the same governance everywhere" is proven, not claimed.

The core controls

  • Policies — a fail-closed gate that decides allow / deny / require-approval / transform for each action, by provider, action pattern, and risk (read / write / destructive). An optional default-deny on writes means an agent can't write anything you haven't explicitly allowed; the transform verdict can sanitize an action (e.g. redact a field) and allow it instead of hard-blocking.
  • Approvals & separation of duties — when a policy requires approval, the action is held until a different person approves it. The requester can't approve their own action, the blocked attempt is recorded, and the exact approved action is what re-runs.
  • Audit log + signed receipts — every decision and execution is appended to a tamper-evident, hash-chained trail (RFC 8785 JCS). Each action also yields an Ed25519-signed receipt you can verify offline — proof of who/what/when/policy/hash without trusting Nolixan. Export as CSV/JSON, CloudEvents, or in-toto/SLSA provenance.
  • Data redaction — content-level DLP that strips sensitive data from what agents send, receive, and log. Define what's sensitive from a catalog of ~60 built-in classes across 7 categories (financial, government / national-ID, PII, PHI, secrets, network, GDPR), toggle any class on/off, and redact / mask / drop / tokenize it — non-bypassably at the execution chokepoint, with a counts-only, signed, offline-verifiable receipt that it happened.

Built on these: a compliance map (OWASP-Agentic-Top-10 / SOC2 with machine-checked evidence), a spend governor, an MCP tool-poisoning scanner, per-agent DID identity + shadow-agent discovery, JIT short-lived credentials, and SLOs.

Where it sits

authenticate → resolve connection → POLICY GATE → execute → AUDIT
                                       │                        ▲
                                       └── require approval ────┘ (held for a second person)

Policies decide before the action runs; the audit log records after. A denied action never reaches the provider; an approval-required action waits.

Start with Policies.

On this page