Architecture

A deterministic pipeline with no stage you can skip.

Constrix doesn't wrap your AI. It intercepts it. Every request passes through 8 ordered stages. Every outcome is sealed. There are no shortcuts, no overrides, and no silent failures.

From Zero to Sealed Decision

Five steps. No infrastructure changes. Your first cryptographically sealed decision in under 5 minutes.

From sign-up to your first sealed evaluation — five steps, no infrastructure changes required.

Step 01 of 5

Create Your Account

Sign up at portal.constrix.ai. Your tenant namespace and policy engine are provisioned in seconds — no infrastructure to manage.

1 / 5

portal.constrix.ai

> Creating tenant workspace...

  tenant_id   "acme-corp"
  namespace   "acme-corp/default"
  status      "active"
  plan        "pro"
  region      "us-east1"

Workspace ready in 1.2 s  ✓

The Difference

Before Constrix: your AI acts. After Constrix: your AI acts, and you can prove every action and every actor.

Constrix intercepts every request before it reaches your AI model, and every response before it reaches your app — governed, sealed, and logged in both directions.

Without Constrix

Your App

sends request

AI Model — No Governance

Raw Response

no validation · no seal

Your App

unverified · unsealed · unaudited

No request filtering — AI receives every prompt uncontrolled
Responses returned raw, with no validation or inspection
No audit trail — zero accountability or forensics

With Constrix

Your App

sends request

Constrix Runtime — Request

8-stage pipeline · enforce policy

0102030405060708

Decision

allowrestrictdenykill

AI Model — Governed

Constrix Runtime — Seal & Log

Ed25519 seal · CAPL log

Your App — Response Delivered

Ed25519 seal · CAPL logged

Every request governed before reaching the AI model
Every response validated and cryptographically sealed
Full CAPL audit log of every call — both directions

Every request and every response — governed, sealed, and logged.

Evaluation Pipeline

8 Stages. No shortcuts.

The pipeline executes in strict order. Every stage must succeed. A failure at any stage triggers fail-closed behavior.

Input Validation

AP-01 Determinism

Every incoming request is validated against a strict schema. Malformed payloads, deeply nested structures, and oversized inputs are rejected immediately — before any policy logic runs.

Context Loading

AP-02 Semantic Blindness

Tenant configuration, principal attributes, current escalation state, and policy bundle metadata are loaded from etcd. Context is immutable for the duration of evaluation.

Policy Compilation

AP-01 Determinism

Rego policy bundles are compiled into an OPA evaluator. Compilation is deterministic — same bundle always produces the same evaluator. Bundles are hot-swapped using double-buffering.

Pre-Eval Expansion

AP-03 Fail-Closed

Optional context enrichment hooks execute before evaluation. These are additive only — they can add context, never modify or remove it. Hooks that fail trigger fail-closed.

OPA Evaluation

AP-01 Determinism

The compiled Rego policy evaluates the full context. Output is one of four decisions: allow, restrict, deny, or kill. Evaluation timeout is 80% of the pipeline hard timeout.

Post-Eval Expansion

AP-06 Proof-Grade Auditability

The raw decision is enriched with restriction context, metadata, and failure reasons. Enrichment cannot change the decision outcome — only annotate it.

Cryptographic Seal

AP-06 Proof-Grade Auditability

The complete decision record is serialized to CBOR and signed with Ed25519. The seal is tamper-evident — any modification to the record invalidates the signature.

Emit

AP-02 Semantic Blindness

The sealed audit record is written to the CAPL log. The decision (and only the decision) is returned to the caller. The caller receives the outcome, not the policy reasoning.

Decision Outcomes

Four Possible Outcomes. All Deterministic.

allow

Allow

The action proceeds as requested. A sealed CAPL record is created. The caller receives the decision and the seal. Nothing is assumed. Everything is proven.

restrict

Restrict

The action proceeds with constraints — filtered, rate-limited, or modified. Restriction context is attached to the seal. The caller knows exactly what was modified and why. The modification is proven.

deny

Deny

The action is blocked. A structured denial response is returned. No partial execution. The seal contains the denial reason — cryptographically proven, independently verifiable.

kill

Kill

The session terminates in under 2 milliseconds. This is not a graceful shutdown. The session is dead. Used when continued operation poses escalating risk. Fastest decision. Most permanent consequence.

MCP Governance

Every tool request evaluated before it runs.

Your AI assistant can connect to databases, email systems, file stores, and external APIs. Without governance, it can call any of them at any time. Constrix intercepts every tool request before it executes — evaluating it against your policies and returning a decision in under 5 milliseconds.

Zero code changes — works with any MCP framework or server
Allow, restrict, deny, or kill any tool call by policy
Every tool decision sealed and logged with a cryptographic proof

Your AI Agent

CONST:=RIX

policy gate · <5ms

Read customer dataALLOW

Export all recordsBLOCK

Search knowledge baseALLOW

Send bulk emailBLOCK

Query product catalogALLOW

Delete recordsBLOCK

Every tool call — governed before it reaches your system.

Think of it like a building key-card system — every agent has a verified badge.

Sales-AI v2ACTIVELast seen: 2 min ago

Support-AI v1ACTIVELast seen: 8 min ago

Analytics-AIACTIVELast seen: 14 min ago

Onboard-AI v1DORMANTLast seen: 47 days ago

Ghost agent detected — Onboard-AI v1Dormant 47 days. Session still open. Constrix auto-deactivated.

Agent Identity

Every agent has a verified identity. Ghost agents are stopped automatically.

Every AI agent is issued a cryptographic identity token — like a verified employee badge. When an agent is decommissioned, Constrix marks it. Ghost agents — ones still technically able to act despite being forgotten or deactivated — are detected by dormancy thresholds and automatically blocked before they can take any action.

Cryptographic AIT fingerprint issued at registration
Dormancy threshold triggers automatic ghost detection
Full lifecycle audit: register, revoke, decommission, ghost

ComplyAI

Regulations become rules. Rules produce proof.

ComplyAI maps regulations like the EU AI Act, NIST AI RMF, and ISO 42001 into executable Rego policies that run inside the Constrix pipeline. When an auditor asks for proof, you generate a signed evidence package — not a log file, but a tamper-proof artifact sealed with Ed25519 and verifiable without Constrix running.

STEP 01

Regulation

EU AI Act · Article 9

Risk management documentation required for all high-risk AI systems

EU AI ActNIST AI RMFISO 42001GDPR

STEP 02

Working Rule

Governance Policy Active

Every AI decision logged with agent identity, risk level, and timestamp

default decision := "restrict"decision := "allow" {input.risk_score < 0.5}

STEP 03

Signed Proof

Evidence Package

Sealed with Ed25519 — verifiable by a regulator, court, or auditor without Constrix running

EU AI Act Art. 9

GDPR Art. 22

NIST AI RMF

Frameworks covered

EU AI ActNIST AI RMFISO 42001GDPRSOC 2

Regulation-as-Code: standards mapped to executable Rego
Evidence packages sealed with Ed25519 — independently verifiable
Covers EU AI Act, NIST AI RMF, ISO 42001, GDPR, SOC 2

Rego Example

Your rules. Your logic. OPA's engine. Constrix compiles, evaluates, and seals.

Write governance rules in Rego — the same language used by OPA. Constrix compiles and evaluates your policies with full determinism guarantees.

policy.rego

package constrix.governance

import future.keywords.if
import future.keywords.in

# Default: deny everything not explicitly allowed
default decision = "deny"

# Allow read operations for authenticated principals
decision = "allow" if {
    input.action == "read"
    input.principal.authenticated == true
    input.principal.tier in {"starter", "pro", "enterprise"}
}

# Restrict if rate limit is approaching
decision = "restrict" if {
    input.action == "write"
    input.principal.authenticated == true
    input.rate_limit.remaining < 100
}

# Kill on repeated policy violations
decision = "kill" if {
    input.principal.violation_count >= 3
}

Request

POST /v1/evaluate
{
  "principal": {
    "id": "usr_01J...",
    "tier": "pro",
    "authenticated": true,
    "violation_count": 0
  },
  "action": "read",
  "resource": "model:gpt-4o",
  "rate_limit": {
    "remaining": 4800
  }
}

Response

HTTP 200 OK
{
  "decision": "allow",
  "seal": {
    "algorithm": "Ed25519",
    "encoding": "CBOR",
    "signature": "3045022100...",
    "created_at": "2026-03-18T10:00:00Z"
  },
  "latency_ms": 3.2
}

Integrations

Works with every AI framework. Requires no code changes in most.

Constrix sits at the runtime boundary — not inside your AI framework. Point your MCP client or HTTP client at the Constrix endpoint. One environment variable. Full governance. No rewrite.

Official SDKs:Go SDKPython SDKREST APITypeScript SDK

Orchestration Frameworks

Governed via MCP proxy or REST interception — no internal agent changes required

LangChainLangGraphAutoGenCrewAIOpenAI Agents SDK

AI Models & Providers

Governs decisions — not model access. Works with any model behind any gateway

OpenAI GPT-4o / o3Anthropic Claude 3.x / 4.xGoogle GeminiMeta Llama (Ollama)Mistral

MCP Servers & Tool Registries

Transparent MCP proxy — point your client at Constrix, point Constrix at your server

Any MCP-compatible serverSmithery MCP RegistryCustom internal MCP serversFile system, database, and search toolsBrowser automation tools

Not using a framework on this list? Tell us your stack →

Everything Together

Four capabilities. One governed action. One proven outcome.

Agent Identity, MCP Governance, the 8-stage pipeline, and ComplyAI work as a single runtime — not separate tools. Every AI action passes through all four in sequence. The result: a decision that is authenticated, tool-governed, policy-enforced, and compliance-proven before it executes.

Scenario: Sales-AI requests a customer data export

Agent Identity

Sales-AI identity verified

Agent: Sales-AI v2 · Session #4721 · AIT fingerprint: a7cb8a · Authenticated ✓

VERIFIED

MCP Governance

Tool access evaluated

Governance Pipeline

8-stage pipeline decision

ComplyAI

Compliance proof generated

Agent IdentityMCP GovernanceGovernance PipelineComplyAI

All four capabilities run simultaneously, in sequence, on every AI action — in under 5ms.