✶ Verifiable AI Infrastructure

If you can't prove how your AI decided, you can't defend what it did.

Dirigex is a verifiable control plane for AI agents — who they are, what they can do, how they are invoked, and why each decision was allowed.

Management is table stakes.
Proof is the category.

Re-verified every 6 hours · trust that expires

Replayable Decision trace-msg-········

Correlationcorr-····-····

Recorded2026-06-11T15:52:08Z

Reasonpublic_catalog_invoke

Governance

Policyv1

Decisionallow

Accepted · Success

Pinned State

Manifestmf-····

Graphgs-····

Trustts-····

Trust Anchor · SHA-256resolving…

Envelope · SHA-256resolving…

Mapped Controls

EU AI Act Art. 13 — audit tooling, not a certification

✶ Anchoring…

SHA-256 Merkle over the trust snapshot.

✶ Proven, not Asserted ✶ SAMPLE

The Problem

Autonomy arrived before accountability.

Software used to run. Now it acts. Agents choose tools. They call other agents. They commit your company to actions no human reviewed in the moment. That isn't a workflow anymore. That's delegation — at machine speed, at machine scale. And the evidence trail most enterprises have for it is a log file.

Security teams already have names for what's accumulating: shadow AI — agents adopted sideways, outside inventory, outside approval — and agent sprawl, an estate growing faster than anyone's ability to govern it. Naming it is not governing it.

Ask three questions of your agent estate today. Who is this agent? Who allowed this action? Why did the system decide this way? In most enterprises, the honest answer to all three is: we don't know.

An agent you cannot identify is a counterparty you cannot trust.

Every era of computing earned its trust layer. The internet got certificates. The cloud got identity and access. The agent era gets verifiable AI infrastructure.

What Dirigex Is

Manage is a dashboard. Prove is a record.

Discover. Verify. Govern. Route. Invoke. Audit. One plane. Six verbs — the lifecycle every governed agent operation depends on. Dirigex manages your agents so it can prove them.

Management answers

What happened?

A status light that says "healthy."

A list of registered agents.

A policy document.

A log of what was permitted.

✶ Proof answers

Can you replay the decision later, against the exact state that produced it?

Liveness re-proven by protocol-correct probes, automatically, every six hours.

Identity proven by registry attestation and DNS evidence — proof that expires and is re-earned.

Allow, deny, or require-approval, enforced on every governed request.

Traces for accepted and rejected requests — cryptographically anchored, so history can't quietly change.

Listing is earned, never bought — and it expires. Standing is computed, not declared.

The Lifecycle

Six verbs. One plane.

Six functions most enterprises currently improvise across gateways, spreadsheets, and good intentions.

Discover.

A governed public catalog where listing is earned, never bought — and expires.

eligibility chaincomputed standing

Verify.

Identity, liveness, freshness — re-verified every six hours. Failure auto-delists.

DNS evidenceauto-delist

Govern.

Explicit policy on every request: allow, deny, require-approval. Guardrails as running code.

hot pathkill switches

Route.

Versioned, replayable decisions — capability graph, trust snapshot, ranking, all pinned.

replayable7-state lifecycle

Invoke.

One hardened dispatch path: MCP & A2A in production, HTTP/JSON, gRPC, WebSocket.

egress protectioncredential custody

Audit.

Traces for accepted and rejected requests. Correlation IDs end to end. Merkle-anchored.

EU AI Act Art. 13retention

Build on it.

Documented OpenAPI. TypeScript & Python SDKs. Contract drift guards.

OpenAPISDKs

✶

Next tier.

Behavioral verification — proving what an agent will do. Claimed the day it ships, not an hour before.

roadmap

The Proof Layer

The non-negotiables: where claims become evidence.

Agent identity with teeth.

Agents are first-class non-human identities with proof attached. Pass refreshes the proof; fail, and the agent is delisted — by the system, not a ticket. Trust on Dirigex has a half-life — because trust that never expires is not trust, it is an assumption.

Decisions you can replay.

Every routing decision is versioned — capability graph, trust snapshot, embedding and ranking versions, pinned. Re-run it next quarter and get the same one, for the same reasons. That is what "explainable" means when it has to hold up.

A record that can't quietly change.

Trust provenance is cryptographically anchored — SHA-256 Merkle commitments over the trust snapshot, plus a hash of the request envelope itself — so changes can be detected, not quietly rewritten.

Governance in the hot path.

Every governed request gets an explicit ruling — allow, deny, require-approval. Guardrails here are enforcement, not advice. Kill switches stand by at global, tenant, and agent scope.

Both sides of the ledger.

Traces persist for accepted and rejected requests, tied together by correlation IDs under configurable retention. Deny is a decision too — we keep the receipts for both. That is AI observability with an audit-grade memory.

Recordtrace-msg-4b9e51d2

Decisiondeny

Reasonpolicy_denied

Rejected · Traced

Deny is a decision too.SAMPLE

Business Outcomes

Proof is not the tax on speed. Proof is the license for it.

01
Ship agents your risk team can approve.Governance enforced in the request path — allow, deny, require-approval. Guardrails as running code, not promises in a slide deck.
02
Turn shadow AI into governed AI.One front door for every agent: verified identity, recorded standing, an owner, an expiry. The governed path wins because it's the better path.
03
Answer before you're asked.Every routing decision is replayable, exactly as made. EU AI Act Article 13 mappings ship as audit tooling. Audit requests become queries, not archaeology.
04
Contain incidents in seconds.Kill switches at three blast radii: global, per-tenant, per-agent. Blast radius becomes a setting, not a discovery. A bad agent is a dial, not a crisis.
05
Approve at the speed of context.Human-in-the-loop, built in: approval queues carry the full request, so the human decides in one look instead of one standup.
06
Enterprise controls from day one.SAML SSO, MFA, eight-role RBAC, scoped API keys, per-tenant isolation and observability. The control plane meets your perimeter where it already is.

Proof is what speed is made of.

Built for the People Who Sign

When the review convenes, you bring receipts, not narratives.

For the CISO

You can't firewall a decision.

Agents act through approved channels with approved credentials — the risk isn't the connection, it's the choice. So Dirigex governs the choice. Identity-first verification at the front door. Account-management permissions structurally non-grantable to API keys — not policy, structure. Full traces for accepted and rejected requests. Kill switches at every scope.

For the CTO

One dispatch path, not N integrations.

Agentic infrastructure should be built like infrastructure: MCP and A2A in production through a single hardened path; HTTP/JSON, gRPC, WebSocket at the platform layer. Documented OpenAPI. TypeScript and Python SDKs. Contract drift guards. Infrastructure should be boring. Trust infrastructure especially.

For the Chief AI Officer

Governance is only as real as its enforcement point.

Dirigex is the enforcement point. Allow, deny, require-approval on every governed request; replayable decisions; EU AI Act Article 13 control mappings as audit tooling. When governance runs in the request path, "responsible AI" stops being a stance and becomes a record.

✶

The web got certificates. Code got signatures.
Autonomous software gets Dirigex.

The agent era will be governed. The only question is whether your evidence exists before the question does.

Dirigex. Proven, not Asserted.