How Novyx makes agents inspectable
Tamper-evident audit chain, policy-gated actions, transactional rollback. Here's how each works.
Every agent framework now ships memory. Almost none ship governance. This page describes the three governance primitives Novyx Core adds underneath any runtime you're already using — so you can prove what your agents did, gate what they're allowed to do, and rewind when something goes wrong.
Tamper-evident audit chain
Every agent action is appended to a hash chain. Each entry carries a SHA-256 hash that covers the action plus the previous entry's hash. Any mid-stream edit breaks the chain and is detected on verification. Traces are debugging — this is forensics.
Full documentation: docs.novyxlabs.com/audit. See also the security page for encryption, key handling, and threat model.
Policy-gated actions
Write governance rules in YAML. Route risky tool calls through an approval flow — writes to GitHub, Slack, databases, and production systems get evaluated against your policies before they fire. Approvals, denials, and the reasoning behind each decision are recorded in the audit chain.
Full documentation: docs.novyxlabs.com/control. Also see Novyx Control for the operator console.
Transactional rollback
Checkpoints capture the agent's governed state — agent context, memory pointers, capability bindings, policy snapshot — as a single transaction. Rewind to any checkpoint and the audit chain is preserved: every restored state is itself an auditable event. Different from workspace snapshots (which restore files) — this rewinds what the agent is allowed to do.
Full documentation: docs.novyxlabs.com/rollback. See Replay for time-travel debugging.
See it
The interactive demo walks an agent through corruption → audit detection → rollback → restored state in about 60 seconds. It's the shortest path to seeing all three governance primitives cooperate.