Control
Write your own governance rules in YAML. Novyx evaluates every agent action against them in under 20ms — allowed, blocked, pending review, or warn.
Your agent can call tools. Control decides which ones actually execute. Author custom YAML policies, route high-severity actions through an approval queue, and audit everything on the same SHA-256 chain as your memory operations.
Before & After
YOLO execution
Governed
Every action is approved, logged, and auditable.
How It Works
Agent
Submits action
Control
Policy + approval
Connector
Executes safely
Core
Audit + memory
Action Envelopes
Every tool call is wrapped in a structured, signed envelope (strata.action.v0) — connector, operation, payload, risk tier.
Policy-as-Code
Tenants author governance rules in YAML — regex patterns, severity, and on_violation: block | require_approval | warn. Built-ins ship for Free; custom policies are tier-gated (5 / 25 / unlimited).
Four Outcomes
Every action resolves to allowed, blocked, pending_review, or warn. pending_review enters the approval queue — Solo, Team, or Enterprise mode. Fail-closed: if Postgres hiccups, actions block rather than silently pass.
Cryptographic Audit
SHA-256 hash chain shared with Novyx Core. Every action logged immutably in the same timeline as memory operations.
Policy as Code
Define governance rules in YAML. Each rule has a regex pattern, a severity, and an optional on_violation field that decides what happens when the rule fires — block, require_approval, or warn. No Python required.
name: pii_protection
description: Block actions exposing PII to external systems
rules:
- match: "(ssn|social.security|passport)"
severity: critical
on_violation: block
reason: "PII detected: {match}"
- match: "(email|phone)"
context_requires: "(external|public)"
severity: high
on_violation: require_approval
whitelisted_domains:
- internal.company.comFree tier uses built-in policies. Starter: 5 custom. Pro: 25. Enterprise: unlimited.
Approval Workflows
When a rule fires with on_violation: require_approval, the action enters the approval queue. A human reviewer hits GET /v1/approvals, sees the risk score and violated policies, then submits a decision via POST /v1/approvals/{id}/decision.
Solo
Free+A single user approves by typing a confirmation phrase after a short delay.
Team
Starter+A different person approves, or the same person after a 10-minute cooling-off period.
Enterprise
EnterpriseConfigurable multi-person approval chains with role requirements.
Governance Dashboard
GET /v1/control/dashboard returns aggregated stats — totals, violations by policy, violations by agent, and time-series data. The Datadog-for-agents surface that turns raw audit events into something a security team can actually look at.
Totals
allowed / blocked / pending
By Policy
which rules are firing
By Agent
who is being governed
Time-series
trends over time
Try It
Pick a scenario. Submit an action. Watch the policy engine, approval flow, and audit trail in real time.
Submit an action to see the audit trail
Python SDK
from novyx import Novyx
nx = Novyx(api_key="nram_...")
# Submit an action — evaluated against all active policies
result = nx.action_submit(
connector="slack",
operation="send_message",
payload={"channel": "#general", "text": "Deploy complete."},
)
# → {"status": "allowed" | "blocked" | "pending_review", ...}
# Author a custom policy from YAML
nx.create_policy(yaml_path="./policies/pii_protection.yaml")
# List actions waiting for human approval
pending = nx.list_pending()
# Approve or deny
nx.decide_approval(action_id=pending[0]["action_id"], decision="approve")MCP Tools
For Claude Code, Cursor, and any MCP client — review and approve actions directly in your editor.
Connectors
Pluggable connectors for external systems. Control governs the action, the connector executes it.
Slack
Messages, channels, reactions
GitHub
Issues, PRs, comments, deployments
Databases
Queries, inserts, schema changes
APIs
Any REST/GraphQL endpoint
Send, draft, reply
Custom
Build your own connector
Severity Defaults
When a rule omits on_violation, Novyx falls back to a default based on the rule's severity. Policy authors can always override per-rule.
| Severity | Default on_violation | Example rule |
|---|---|---|
| critical | block | SSN or passport in payload |
| high | require_approval | Email/phone sent externally |
| medium | warn | Unusual connector usage |
| low | warn | Style/lint observations |
Agent-Scoped Policies
The same policy can have a tenant-wide version and per-agent overrides. billing-bot can run under stricter rules than support-bot without forking your policy library. Per-agent overrides are evaluated first, falling back to tenant defaults.
Agent Delegation
Agents can delegate actions to other agents — within policy bounds. The delegating agent's permissions are always checked first.
Agent A
Delegates task
Control
Checks both policies
Agent B
Executes within bounds
Pricing
Tier-aware
Control ships on every plan. You pay for more custom policies, the governance dashboard, agent-scoped overrides, and stricter approval modes.
Shared Audit Trail with Core
Control actions appear in the same SHA-256 hash chain as Novyx Core memory operations. One audit timeline for everything your agents do — what they remember and what they execute.
Core
remember, recall, rollback
Control
submit, approve, execute
Same hash chain. Same audit timeline. One source of truth.
Trust your agents. Verify everything.
Policy engine, approval flows, and cryptographic audit for every tool call. No more YOLO execution.