Private previewDesign partner program is open

Evidence-bound execution for enterprise agents

Approve the exact action.
Execute only that action.

Onterix is building a customer-controlled execution layer that preserves source permissions, inspects every data boundary, seals sensitive actions to the payload and policy approved, revalidates before execution, and returns evidence from intent through result.

SYNTHETIC TARGET TRANSACTION
Interactive target flow

“Prepare the Acme renewal brief, update the forecast, and send the customer follow-up.”

STEP 01

Bind the real actor and client

In this synthetic target flow, Maya asks an enterprise agent to prepare a renewal brief and update a CRM record. The proposed Onterix transaction binds her identity, tenant, client, and exact capability versions before any source is touched.

Target identity trace
Actor
Maya Chen · Revenue Ops
Client
Illustrative agent · simulated
Capabilities
4 requested · 3 visible

One transaction contract across every ingress

MCPCLI + SDKNative APIWorkflowsAgent clients

Beyond tool permission

A tool call is a proposal. A transaction is a commitment.

Onterix is designed to keep identity, data treatment, exact mutation, approval, revalidation, execution, and outcome connected—so permission cannot drift between intent and impact.

Bind

Bind the real human, delegated subject, agent, client, tenant, source permission ceiling, and immutable capability version.

Explore bind

Inspect

Evaluate the source, payload, model, recipient, and destination wherever the meaning or exposure of data changes.

Explore inspect

Seal

Bind approval to the exact normalized payload, destination, revisions, policy, and protection versions under review.

Explore seal

Prove

Revalidate before execution, prevent duplicate impact, reconcile uncertainty, and connect the outcome to its intent.

Explore prove

One contract across every ingress

MCP is an adapter. The transaction boundary is the product.

MCP, CLI, API, SDK, workflows, and future agent protocols should all enter the same sealed execution path—not create separate approval semantics, credentials, or evidence stories.

See the architecture
Agent clientsMCPCLI + SDKNative APIInternal agents
ONTERIX RUNTIMEOne evidence-bound transaction
IdentityData boundaryExact actionEvidence
Company systemsKnowledgeModelsWorkflows

Same-or-stricter access

The agent never becomes a permission shortcut.

Onterix is built around a simple invariant: access through an agent must remain the same or stricter than access in the source system. Everything else follows from that rule.

01

Know who—and what—is asking

Authenticate the actor, delegated subject, agent, client, tenant, and runtime before discovery or execution.

02

Keep source permissions as the ceiling

An agent can narrow a user’s access. It can never silently expand it or substitute a broad service account.

03

Understand the destination

Source access does not imply permission to send content to every model, recipient, artifact, or external system.

04

Govern the exact action

Policy can allow, constrain, transform, route, require approval, quarantine, or deny a typed capability request.

05

Leave evidence, not a mystery

Every decision and mutation is tied to immutable versions, content hashes, source references, and a trace.

The sealed transaction contract

Approval is valid only while the deal stays the same.

The target runtime binds approval to the exact normalized action and every material dependency. A changed payload, destination, source revision, policy, ruleset, or transformation supersedes the prior approval.

01Normalize the exact proposed mutationproposal
02Bind actor, agent, client, source, and destinationcontext
03Inspect data and compute a reviewable diffprotect
04Seal payload, revisions, policies, and provider versionsapprove
05Revalidate every material pin before executionrecheck
06Execute idempotently and reconcile uncertaintycommit
07Return evidence from intent through resultprove

NOTEThis sequence describes the target private-preview contract. The public trust status distinguishes architecture, implementation, and independently verified behavior.

Customer-controlled deployment

Bring the control plane. Keep the sensitive plane where it belongs.

The same runtime boundary is designed to support managed, dedicated, customer-data-plane, and fully self-hosted deployments without changing how agents discover and call governed capabilities.

Swipe horizontally to compare every column →

Planned Onterix deployment modes
Planned modeControl planeSensitive executionBest fit
Managed sharedOnterixOnterix regional cellFast evaluation and standard workloads
Managed dedicatedOnterixDedicated Onterix cellIsolation, regional, and scale requirements
Customer data planeOnterixCustomer environmentCustomer-local credentials, content, and execution
Fully self-hostedCustomerCustomer environmentDisconnected or maximum-control environments

Design partner program

Bring the workflow security will not wave through.

Start with one valuable cross-system action, one explicit control boundary, and one evidence standard worth proving.