nonaxis

Governance architecture
for AI agents.

AI agents with system access self-govern — they propose actions, approve them, and execute them as one process. When compromised, every layer of protection falls at once, because they're all the same layer. Nonaxis separates them with deterministic enforcement end to end.

Architecture

Three isolated instances with different capabilities constrain each other. The entire governance pipeline is deterministic — no LLM in the decision path. Unknown situations escalate to humans, never to another model.

Operator

proposes

Full tool access, sandboxed. Proposes actions to the governance bus. Cannot self-approve.

CISO

reviews

Read-only access, isolated process. Static analysis, pattern matching, and risk scoring on every proposal.

Arbiter

enforces

No LLM. Deterministic rules. Issues cryptographic execution tokens. Unknowns escalate to humans.

Protocol

Four verbs. Schema-validated JSON. Works at any deployment layer — kernel, container, or application.

PROPOSE

→

REVIEW

→

DECIDE

→

EXECUTE

Principles

Separation of duties. No single agent proposes, approves, and executes. The same design that governs banks, audit firms, and nuclear launch — applied to AI.
Deterministic enforcement. Policy decisions are explicit rules, not model outputs. Auditable, reproducible, immune to prompt injection.
Cryptographic binding. Execution tokens are HMAC-signed, time-limited, and hash-bound to the exact approved action. Replay is impossible.
Fail-safe defaults. No rule? Escalate to a human. Never guess. Repeated human decisions become deterministic rules over time.

Status

The specification is published and the reference implementation is tested. We're looking for design partners deploying AI agents in regulated or high-consequence environments.

Patent

#63/980,205

Tests

480+

License

Apache 2.0

Governance architecturefor AI agents.

Operator

CISO

Arbiter

Governance architecture
for AI agents.