We built what the AI industry kept saying it would build.
Every AI deployment guide says 'add governance.' None of them defined what governance actually means technically. We did. Constitutional enforcement. Cryptographic proof. Agent identity. Ghost detection. Fail-closed by design. One engineer. Four capabilities. The runtime layer AI was missing.
Four capabilities. One architectural guarantee.
Constitutional enforcement for every AI action, every tool call, every agent identity, and every regulatory obligation — sealed, attributed, and regulator-ready.
Constitutional Governance Runtime
The core: an 8-stage deterministic evaluation pipeline built on OPA and extended with seven architectural principles. Non-bypassable, fail-closed, and proof-grade. Every AI action intercepted before execution, sealed with Ed25519. P50 under 5ms. Zero silent failures.
MCP Tool Governance
A transparent proxy that intercepts every MCP tool invocation — database queries, API calls, file operations — before it reaches the server. No code changes in your agent or swarm. Addresses every item on the OWASP MCP Top 10. CAPL-logged with server identity and parameters hash.
Agent Identity System
Cryptographically verified identity for every non-human actor. Short-lived AITs verified offline in under 1ms — no network call, no shared secrets. Full delegation chain sealed into every CAPL record. Ghost detection auto-revokes dormant agents before they become attack surface.
AI governance that holds under adversarial conditions.
Advisory governance fails the moment someone wants to bypass it. Monitoring governance fails the moment logs are altered. Dashboard governance fails the moment an auditor asks for proof. Identity governance fails the moment nobody knows which agent acted.
Constrix exists because the AI industry needed governance that is structurally non-bypassable — not a policy document, not a checklist, not a monitoring layer. A runtime enforcement layer where governance is a property of the architecture, not a layer on top of it.
We built it on OPA — the gold standard for policy-as-code — extended with seven architectural principles that transform the policy engine into a constitutional governance runtime. Then we added MCP governance that intercepts every tool call before it executes. Then we added agent identity that proves who acted on every sealed record.
The result: every decision is sealed. Every tool call is governed. Every agent is named. Every ghost is found.
Seven Architectural Principles
These aren't values statements. They are engineering constraints embedded in the architecture.
Determinism
Same input, same output, always. No randomness, no model sampling, no probabilistic decisions in the governance layer.
Semantic Blindness
The policy engine evaluates structure and attributes — never the semantic meaning of content. This prevents prompt injection from influencing governance decisions.
Fail-Closed
Any error in the evaluation pipeline defaults to deny. System failures never silently permit actions.
Non-Bypassable
Governance enforcement is structural. There is no API, flag, or configuration that skips evaluation. If it executes through Constrix, it is evaluated.
Monotonic Escalation
Escalation states move forward only. De-escalation is controlled, authorized, and time-constrained — not automatic.
Proof-Grade Auditability
Every decision produces a tamper-evident cryptographic proof. Audit integrity does not depend on trusting the infrastructure.
Backward Compatibility
New versions of Constrix never break existing Rego policies. Your governance layer upgrades safely, transparently.