Bind
Bind the real human, delegated subject, agent, client, tenant, source permission ceiling, and immutable capability version.
Explore bindEvidence-bound execution for enterprise agents
Onterix is building a customer-controlled execution layer that preserves source permissions, inspects every data boundary, seals sensitive actions to the payload and policy approved, revalidates before execution, and returns evidence from intent through result.
“Prepare the Acme renewal brief, update the forecast, and send the customer follow-up.”
In this synthetic target flow, Maya asks an enterprise agent to prepare a renewal brief and update a CRM record. The proposed Onterix transaction binds her identity, tenant, client, and exact capability versions before any source is touched.
Source labels and configured protection providers classify the assembled context. Customer PII is tokenized and restricted pricing is kept on the approved model route.
The proposed CRM change and customer email are separate transactions. Policy allows the forecast update and requires a revenue-owner approval for the external message.
The target transaction rechecks policy, permissions, source revisions, and the approved payload immediately before execution. Idempotency and reconciliation then connect the outcome to the full decision chain.
One transaction contract across every ingress
MCPCLI + SDKNative APIWorkflowsAgent clientsBeyond tool permission
Onterix is designed to keep identity, data treatment, exact mutation, approval, revalidation, execution, and outcome connected—so permission cannot drift between intent and impact.
Bind the real human, delegated subject, agent, client, tenant, source permission ceiling, and immutable capability version.
Explore bindEvaluate the source, payload, model, recipient, and destination wherever the meaning or exposure of data changes.
Explore inspectBind approval to the exact normalized payload, destination, revisions, policy, and protection versions under review.
Explore sealRevalidate before execution, prevent duplicate impact, reconcile uncertainty, and connect the outcome to its intent.
Explore proveOne contract across every ingress
MCP, CLI, API, SDK, workflows, and future agent protocols should all enter the same sealed execution path—not create separate approval semantics, credentials, or evidence stories.
See the architectureSame-or-stricter access
Onterix is built around a simple invariant: access through an agent must remain the same or stricter than access in the source system. Everything else follows from that rule.
Authenticate the actor, delegated subject, agent, client, tenant, and runtime before discovery or execution.
An agent can narrow a user’s access. It can never silently expand it or substitute a broad service account.
Source access does not imply permission to send content to every model, recipient, artifact, or external system.
Policy can allow, constrain, transform, route, require approval, quarantine, or deny a typed capability request.
Every decision and mutation is tied to immutable versions, content hashes, source references, and a trace.
The sealed transaction contract
The target runtime binds approval to the exact normalized action and every material dependency. A changed payload, destination, source revision, policy, ruleset, or transformation supersedes the prior approval.
NOTEThis sequence describes the target private-preview contract. The public trust status distinguishes architecture, implementation, and independently verified behavior.
Customer-controlled deployment
The same runtime boundary is designed to support managed, dedicated, customer-data-plane, and fully self-hosted deployments without changing how agents discover and call governed capabilities.
Swipe horizontally to compare every column →
| Planned mode | Control plane | Sensitive execution | Best fit |
|---|---|---|---|
| Managed shared | Onterix | Onterix regional cell | Fast evaluation and standard workloads |
| Managed dedicated | Onterix | Dedicated Onterix cell | Isolation, regional, and scale requirements |
| Customer data plane | Onterix | Customer environment | Customer-local credentials, content, and execution |
| Fully self-hosted | Customer | Customer environment | Disconnected or maximum-control environments |
Design partner program
Start with one valuable cross-system action, one explicit control boundary, and one evidence standard worth proving.