Products · Built in-house

We build the tooling we recommend.

Advisory backed by working software. Three flagship products put FinOps and security guardrails around real AI workloads, and a six-service governance stack keeps a fleet of agents secure, cost-governed and auditable. Built and run by the same architects you work with.

Flagship · Runtime FinOps enforcement

TokenFuse

A drop-in reverse proxy between your AI agents and LLM providers. One base-URL swap, and every call passes through real-time budget enforcement. When an agent runs away, the Breaker cuts the circuit with HTTP 402 at the moment of breach, not in next month's invoice review.

  • Per-run and hierarchical budgets enforced in real time
  • Runaway-loop, spend-spike and fan-out detection with live incidents
  • FinOps-native reporting: FOCUS-format export, savings, cost-per-outcome tags
  • Out-of-band mobile kill-switch, signed in the Secure Enclave (iPhone + Watch)
  • Compliance reports mapped to OWASP Agentic Top 10, NIST 800-53, EU AI Act, SOC 2
  • High-availability Raft cluster and a hosted control plane with dashboard
RustRaft HAeBPF Radar Parquet + SQLOpenTelemetryJS / Python SDK
AI agent any framework TokenFuse budget check per call, in-line ALLOW Provider LLM API Breaker · HTTP 402 budget exhausted, circuit cut run budget $0 cut here cap
Enforcement, not observability: the circuit is cut before the money is gone
Flagship · Memory layer

Engram

An embeddable, local-first memory layer for AI agents: the SQLite of agent memory. One file on disk models episodic and semantic memory with bitemporal validity, importance decay and spreading-activation recall, and every answer can explain itself.

  • Single-file SQLite store: no server, no network call at write time
  • Episodic and semantic memory with Ebbinghaus-style importance decay
  • Spreading-activation retrieval over full-text and vector search
  • Bitemporal validity: what was true, and when the agent believed it
  • Provenance built in: why() traces the origin of every recall
  • MCP server exposes remember / recall / why / forget to any agent runtime
Python 3.11+SQLitesqlite-vec fastembedMCP
remember() no LLM needed recall() spreading activation why() provenance one SQLite file episodic what happened semantic what is known bitemporal validity valid time × belief time importance decay reinforced
Memory that fades, reinforces and explains itself, in one local file
Flagship · Personal AI

SphereOS

Personal life intelligence, fully on-device. Twelve life domains, each with its own AI agent and its own Engram memory, joined by a Life Score, a morning brief and a correlation engine framed as pattern, not proof.

  • Twelve life-domain agents, from Health and Finance to Creativity and Goals
  • On-device Engram memory with fading and reinforcing recall
  • Life Score, Today's Focus, weekly narrative review and Life Wheel
  • N-of-1 self-experiments and a Year in Sphere recap
  • Universal capture: type it, dictate it, or photo a receipt
  • Zero setup: no account, and deterministic features need no model at all
Swift 6SwiftUIGRDB CloudKitHealthKitwatchOS
Life Score one number, honest Health Learning Career Finance Relationships Rest Hobbies Travel Mindfulness Creativity Home Goals every domain: its own agent · its own Engram memory · on-device
Twelve agents around one score, and nothing leaves the phone
Stack · Identity plane

Idryx

The Identity Security Graph. Idryx reads identity logs from Okta, Entra, AWS, GCP, Azure and Keycloak, normalizes humans, service accounts, keys and AI agents into one graph, and runs deterministic detectors over it. Read-only by design: Idryx proposes, it never mutates.

  • One graph for human and non-human identities (ITDR + NHI)
  • Deterministic detectors: never an LLM in the detection path
  • Behavioral baselines: impossible travel, MFA fatigue, new device
  • Runaway-agent detector correlated with TokenFuse spend events
  • Blast-radius view for any compromised identity
  • Remediation as pull requests and alerts to SIEM, Slack or OTLP
GoPostgresOkta Entra IDAWS · GCP · AzureKeycloak
Human person Service acct non-human API key non-human AI agent non-human AI agent runaway runaway_agent · high
One graph for every identity, and the blast radius when one goes rogue
Stack · Cryptography plane

Qryx

The Cryptography Security Graph. Qryx inventories every use of cryptography across source code, binaries, containers, live TLS, certificates and cloud KMS, scores post-quantum risk, and emits a CycloneDX CBOM your auditors can actually read.

  • One crypto inventory: code, binaries, containers, TLS, certificates, KMS
  • Post-quantum risk scoring and crypto-agility mapping (Ed25519 to ML-DSA)
  • CycloneDX CBOM, plus NCSC and CNSA 2.0 readiness reports
  • CI gates on cryptographic drift and policy
  • Safe automated remediation: qryx fix, up to an opened pull request
  • Signed evidence trails for compliance
GoCycloneDXNCSC PQC CNSA 2.0AWS · GCP · Azure KMS
Crypto assets scanned quantum-vulnerable · 5 weak · 3 post-quantum safe · 7 PQC migration deadlines 2028 2031 2035 at risk now
Every use of crypto, scored for post-quantum risk
Stack · Policy plane

Wardryx

The policy decision point of the stack. Before TokenFuse forwards an LLM or tool call, it asks Wardryx once: allow, deny, or hold. A hold is stateless human-in-the-loop, resolved out-of-band with a signed approval token. Deterministic, and explainable to an auditor.

  • One call, three answers: allow, deny, or hold
  • Human-in-the-loop above a spend threshold you set
  • Spend levers as policy: deny tools, cap steps, allow-list domains
  • Stateless signed approval tokens, optionally single-use
  • Shadow mode first, enforce mode when you are ready
  • Every decision reproducible: no LLM in the loop
GoPostgresSigned approvals
LLM / tool call Wardryx decide Provider allowed Human approve 403 denied ALLOW HOLD DENY signed token, resubmit
One call in, three answers out: allow, deny, or hold
Stack · Quality plane

Verdryx

The quality denominator under your AI spend. Verdryx reads TokenFuse's outcome-tagged traces, grades agent outputs, and answers the question finance actually asks: not what a call cost, but what one correctly resolved case cost.

  • Cost-per-outcome, bucketed by resolved, escalated and abandoned
  • Graders from exact-match to a priced LLM judge (its own cost is counted too)
  • Quality-drift detection against a baseline: on-track or regressed
  • Cost and quality join on one key: the outcome tag
  • Catches a regression before wrong answers show up on the bill
Python 3.11+ParquetSQLiteLLM judge
PER CALL $0.004 PER RESOLVED CASE $0.19 quality drift vs baseline baseline regressed time →
Not cost per call, but cost per resolved case, watched for drift
Stack · Rehearsal plane

Mockryx

Fire drills for your guardrails. Before agents reach production, Mockryx replays hostile scenarios against your own TokenFuse gateway in mock-upstream mode: nothing real is spent and nothing external is touched. It then asserts that every guardrail actually fired.

  • Scenario families: runaway budget, forbidden tool call, secret leak
  • Runs against your own gateway only: defensive rehearsal, never an attack tool
  • Uses the gateway's native mock upstream, so drills exercise the real enforcement path
  • Differentiated CI exit codes: 0 all held, 1 real gap found, 2 broken harness
  • Findings flow onto the shared event bus for the rest of the stack
GoYAML scenariosCI gate
runaway budget Breaker 402 forbidden tool Wardryx deny secret leak DLP block CI exit code 0 · all held 1 · gap 2 · broken
Fire drills against your own guardrails, gated in CI
Stack · Shared contract

agent-stack-go

The one public repo in the stack: a stdlib-only Go module defining the agent-event envelope and the Agent Passport types every service imports, so producer and consumer can never drift apart. Pinned by tag, never by a local replace.

  • passport: the Agent Passport document, parsing and URI validation
  • event: the NDJSON envelope with Writer, Scan and ReadFile
  • chain: delegation-chain validation, acyclic and root-first
  • Stdlib-only: zero network dependencies
  • Event schema versions independently of the passport schema, so new emitters are additive
Go 1.26stdlib-onlypkg.go.dev
agent-stack-go event passport chain Idryx Wardryx Mockryx Terraform imported · pinned by tag
One contract every service imports, so they never drift
Work with us

Want these guardrails around your AI rollout?

The same architecture behind these products, budgets, policy, identity and audit for AI agents, is what we design and embed for clients. Tell us where it hurts and we'll come back with a concrete first step.

Book a discovery call
Assesssecurity posture + cost structure
Architectguardrails, policy & FinOps model
Embedimplemented alongside your team