We build the tooling we recommend.
Advisory backed by working software. Three flagship products put FinOps and security guardrails around real AI workloads, and a six-service governance stack keeps a fleet of agents secure, cost-governed and auditable. Built and run by the same architects you work with.
TokenFuse
A drop-in reverse proxy between your AI agents and LLM providers. One base-URL swap, and every call passes through real-time budget enforcement. When an agent runs away, the Breaker cuts the circuit with HTTP 402 at the moment of breach, not in next month's invoice review.
- Per-run and hierarchical budgets enforced in real time
- Runaway-loop, spend-spike and fan-out detection with live incidents
- FinOps-native reporting: FOCUS-format export, savings, cost-per-outcome tags
- Out-of-band mobile kill-switch, signed in the Secure Enclave (iPhone + Watch)
- Compliance reports mapped to OWASP Agentic Top 10, NIST 800-53, EU AI Act, SOC 2
- High-availability Raft cluster and a hosted control plane with dashboard
Engram
An embeddable, local-first memory layer for AI agents: the SQLite of agent memory. One file on disk models episodic and semantic memory with bitemporal validity, importance decay and spreading-activation recall, and every answer can explain itself.
- Single-file SQLite store: no server, no network call at write time
- Episodic and semantic memory with Ebbinghaus-style importance decay
- Spreading-activation retrieval over full-text and vector search
- Bitemporal validity: what was true, and when the agent believed it
- Provenance built in: why() traces the origin of every recall
- MCP server exposes remember / recall / why / forget to any agent runtime
SphereOS
Personal life intelligence, fully on-device. Twelve life domains, each with its own AI agent and its own Engram memory, joined by a Life Score, a morning brief and a correlation engine framed as pattern, not proof.
- Twelve life-domain agents, from Health and Finance to Creativity and Goals
- On-device Engram memory with fading and reinforcing recall
- Life Score, Today's Focus, weekly narrative review and Life Wheel
- N-of-1 self-experiments and a Year in Sphere recap
- Universal capture: type it, dictate it, or photo a receipt
- Zero setup: no account, and deterministic features need no model at all
Idryx
The Identity Security Graph. Idryx reads identity logs from Okta, Entra, AWS, GCP, Azure and Keycloak, normalizes humans, service accounts, keys and AI agents into one graph, and runs deterministic detectors over it. Read-only by design: Idryx proposes, it never mutates.
- One graph for human and non-human identities (ITDR + NHI)
- Deterministic detectors: never an LLM in the detection path
- Behavioral baselines: impossible travel, MFA fatigue, new device
- Runaway-agent detector correlated with TokenFuse spend events
- Blast-radius view for any compromised identity
- Remediation as pull requests and alerts to SIEM, Slack or OTLP
Qryx
The Cryptography Security Graph. Qryx inventories every use of cryptography across source code, binaries, containers, live TLS, certificates and cloud KMS, scores post-quantum risk, and emits a CycloneDX CBOM your auditors can actually read.
- One crypto inventory: code, binaries, containers, TLS, certificates, KMS
- Post-quantum risk scoring and crypto-agility mapping (Ed25519 to ML-DSA)
- CycloneDX CBOM, plus NCSC and CNSA 2.0 readiness reports
- CI gates on cryptographic drift and policy
- Safe automated remediation: qryx fix, up to an opened pull request
- Signed evidence trails for compliance
Wardryx
The policy decision point of the stack. Before TokenFuse forwards an LLM or tool call, it asks Wardryx once: allow, deny, or hold. A hold is stateless human-in-the-loop, resolved out-of-band with a signed approval token. Deterministic, and explainable to an auditor.
- One call, three answers: allow, deny, or hold
- Human-in-the-loop above a spend threshold you set
- Spend levers as policy: deny tools, cap steps, allow-list domains
- Stateless signed approval tokens, optionally single-use
- Shadow mode first, enforce mode when you are ready
- Every decision reproducible: no LLM in the loop
Verdryx
The quality denominator under your AI spend. Verdryx reads TokenFuse's outcome-tagged traces, grades agent outputs, and answers the question finance actually asks: not what a call cost, but what one correctly resolved case cost.
- Cost-per-outcome, bucketed by resolved, escalated and abandoned
- Graders from exact-match to a priced LLM judge (its own cost is counted too)
- Quality-drift detection against a baseline: on-track or regressed
- Cost and quality join on one key: the outcome tag
- Catches a regression before wrong answers show up on the bill
Mockryx
Fire drills for your guardrails. Before agents reach production, Mockryx replays hostile scenarios against your own TokenFuse gateway in mock-upstream mode: nothing real is spent and nothing external is touched. It then asserts that every guardrail actually fired.
- Scenario families: runaway budget, forbidden tool call, secret leak
- Runs against your own gateway only: defensive rehearsal, never an attack tool
- Uses the gateway's native mock upstream, so drills exercise the real enforcement path
- Differentiated CI exit codes: 0 all held, 1 real gap found, 2 broken harness
- Findings flow onto the shared event bus for the rest of the stack
agent-stack-go
The one public repo in the stack: a stdlib-only Go module defining the agent-event envelope and the Agent Passport types every service imports, so producer and consumer can never drift apart. Pinned by tag, never by a local replace.
- passport: the Agent Passport document, parsing and URI validation
- event: the NDJSON envelope with Writer, Scan and ReadFile
- chain: delegation-chain validation, acyclic and root-first
- Stdlib-only: zero network dependencies
- Event schema versions independently of the passport schema, so new emitters are additive
Want these guardrails around your AI rollout?
The same architecture behind these products, budgets, policy, identity and audit for AI agents, is what we design and embed for clients. Tell us where it hurts and we'll come back with a concrete first step.
Book a discovery call →