Governance overview
Why governed execution — the policy, approval, and audit controls wrapped around every action.
The hard part of giving an agent real hands isn't connecting an API — it's making sure the agent can only do what it's allowed to, that risky actions get a human in the loop, and that you can prove after the fact exactly what happened. That's what Nolixan's governance layer is for, and it runs identically on every surface — direct execution, the proxy, MCP, the SDKs/CLI, and triggers — with no extra code from you. A cross-surface conformance gate fails CI if any surface ever drops a control, so "the same governance everywhere" is proven, not claimed.
The core controls
- Policies — a fail-closed gate that decides allow / deny / require-approval /
transform for each action, by provider, action pattern, and risk (read / write / destructive). An
optional default-deny on writes means an agent can't write anything you haven't explicitly allowed;
the
transformverdict can sanitize an action (e.g. redact a field) and allow it instead of hard-blocking. - Approvals & separation of duties — when a policy requires approval, the action is held until a different person approves it. The requester can't approve their own action, the blocked attempt is recorded, and the exact approved action is what re-runs.
- Audit log + signed receipts — every decision and execution is appended to a tamper-evident, hash-chained trail (RFC 8785 JCS). Each action also yields an Ed25519-signed receipt you can verify offline — proof of who/what/when/policy/hash without trusting Nolixan. Export as CSV/JSON, CloudEvents, or in-toto/SLSA provenance.
- Data redaction — content-level DLP that strips sensitive data from what agents send, receive, and log. Define what's sensitive from a catalog of ~60 built-in classes across 7 categories (financial, government / national-ID, PII, PHI, secrets, network, GDPR), toggle any class on/off, and redact / mask / drop / tokenize it — non-bypassably at the execution chokepoint, with a counts-only, signed, offline-verifiable receipt that it happened.
Built on these: a compliance map (OWASP-Agentic-Top-10 / SOC2 with machine-checked evidence), a spend governor, an MCP tool-poisoning scanner, per-agent DID identity + shadow-agent discovery, JIT short-lived credentials, and SLOs.
Where it sits
Policies decide before the action runs; the audit log records after. A denied action never reaches the provider; an approval-required action waits.
Start with Policies.