Access
Bind every request to the real human, agent, client, tenant, and source-system permission ceiling.
Explore accessThe governed runtime for enterprise agents
Onterix is building the customer-controlled execution and data-protection layer for enterprise AI—preserving real permissions, inspecting sensitive data, approving exact actions, and recording evidence across every agent interface.
“Prepare the Acme renewal brief, update the forecast, and send the customer follow-up.”
Maya asks Codex to prepare a renewal brief and update Salesforce. Onterix binds her identity, tenant, client, and exact capability versions before any source is touched.
Source labels and configured protection providers classify the assembled context. Customer PII is tokenized and restricted pricing is kept on the approved model route.
The proposed CRM change and customer email are separate transactions. Policy allows the forecast update and requires a revenue-owner approval for the external message.
Immediately before execution, Onterix rechecks policy, permissions, source revisions, and the approved payload. The result is idempotent and the full decision chain becomes evidence.
One governed path for the tools your teams already choose
ClaudeChatGPTCodexCursorInternal agentsThe trust boundary
Most platforms solve one part of enterprise agency. Onterix is designed to connect identity, data protection, action governance, and evidence at the moment an agent does real work.
Bind every request to the real human, agent, client, tenant, and source-system permission ceiling.
Explore accessInspect, classify, minimize, route, transform, or quarantine sensitive content at the boundaries you control.
Explore dataTurn generated intent into typed, policy-checked transactions with exact-payload approval when risk demands it.
Explore actionConnect identity, sources, transformations, decisions, approvals, and execution in one reconstructable trace.
Explore evidenceProtocol-neutral by design
MCP, CLI, API, SDK, workflows, and future agent protocols should all enter the same capability runtime—not create separate policy engines, credentials, or audit stories.
See the architectureSame-or-stricter access
Onterix is built around a simple invariant: access through an agent must remain the same or stricter than access in the source system. Everything else follows from that rule.
Authenticate the actor, delegated subject, agent, client, tenant, and runtime before discovery or execution.
An agent can narrow a user’s access. It can never silently expand it or substitute a broad service account.
Source access does not imply permission to send content to every model, recipient, artifact, or external system.
Policy can allow, constrain, transform, route, require approval, quarantine, or deny a typed capability request.
Every decision and mutation is tied to immutable versions, content hashes, source references, and a trace.
The Acme renewal
Our reference experience uses a synthetic company environment to make the product’s hardest promises testable: permission-aware retrieval, destination-aware protection, exact-action approval, and evidence.
“Prepare the Acme renewal brief, update the forecast, and send the customer follow-up.”
Maya asks Codex to prepare a renewal brief and update Salesforce. Onterix binds her identity, tenant, client, and exact capability versions before any source is touched.
Source labels and configured protection providers classify the assembled context. Customer PII is tokenized and restricted pricing is kept on the approved model route.
The proposed CRM change and customer email are separate transactions. Policy allows the forecast update and requires a revenue-owner approval for the external message.
Immediately before execution, Onterix rechecks policy, permissions, source revisions, and the approved payload. The result is idempotent and the full decision chain becomes evidence.
NOTEThe Acme environment is a simulated product proof for the private preview. Connector and client readiness will be labeled as it advances from fixture to sandbox to verified.
Customer-controlled deployment
The same runtime boundary is designed to support managed, dedicated, customer-data-plane, and fully self-hosted deployments without changing how agents discover and call governed capabilities.
| Planned mode | Control plane | Sensitive execution | Best fit |
|---|---|---|---|
| Managed shared | Onterix | Onterix regional cell | Fast evaluation and standard workloads |
| Managed dedicated | Onterix | Dedicated Onterix cell | Isolation, regional, and scale requirements |
| Customer data plane | Onterix | Customer environment | Customer-local credentials, content, and execution |
| Fully self-hosted | Customer | Customer environment | Disconnected or maximum-control environments |
“The neutral trust boundary underneath every enterprise agent.”
Build with us
We are selecting design partners with serious agent workflows, sensitive systems, and a need for customer-controlled execution.