Control Plane · Compliance · Governance

The control plane that
turns governance into proof.

API routing, compliance automation, feature flags, and license enforcement — unified in one policy-driven layer. No spreadsheets. No guesswork. Immutable evidence by default.

Cryptographic Audit Chains Default-Deny Policy Engine Zero-Deployment Updates AI-Assisted Policy Generation Local-First · Self-Hosted
Enter Decision Flow How It Works
The Problem

Most teams piece this together.
It breaks every time.

Authorization logic scatters across microservices. Audit trails become incomplete or tamper-prone. Policy changes require full redeployments. By the time SOC 2 or FedRAMP evidence is due, the gap is already expensive.

Without Hexarch
Authorization decisions scatter across applications — no centralized control plane
Audit trails are incomplete or tamper-prone — hard to verify integrity after the fact
Policy changes require code redeployment — slow, error-prone, and risky
Compliance evidence is reconstructed manually — from logs, not proof
With Hexarch
Centralized authorization enforced via API — default-deny, policy-driven allow
Tamper-evident audit chains verified cryptographically — verify_chain() → ok: true
Policy updates take effect immediately — no redeployment required
Single source of truth for every decision — structured as evidence, not logs
The Hidden Cost

Most teams think they have an audit trail.
What they have is a liability.

Unverifiable logs look authoritative. They're timestamped, detailed, well-formatted. None of that matters if their integrity depends on institutional trust rather than cryptographic proof. The cost doesn't show up on a balance sheet — it surfaces during an incident, an audit, or a regulatory inquiry. By then, it's expensive.

The moment it breaks
An external party asks for proof of integrity. The answer depends on assurances rather than mathematics. At that point the cost is no longer technical — it's reputational, contractual, and legal.
01
Operational Drag
Security teams spend disproportionate time answering questions that should be mechanical: Was logging disabled? Are these records complete? Could an administrator have altered this entry? Each unanswered question triggers manual reconciliation and cross-team escalation.
Integrity failure
02
Performative Compliance
Unverifiable logs cannot prove completeness. They cannot prove immutability. They cannot be independently validated. The result: more controls, more reports, more screenshots — and still, qualified audit findings. Compliance without verification is theater.
Structural risk
03
Insider Compounding
When logs are mutable, the system implicitly tolerates post-hoc cleanup. Even if no abuse occurs, the possibility of undetectable manipulation degrades the credibility of every record. Investigations become exercises in plausibility, not verification.
Silent exposure
The shift Hexarch makes: Policy logs become evidence by design. Records are structured to be exported, replayed, and verified outside the system — without privileged access, without institutional trust, without explanation. Governance stops being a promise and becomes a provable property.
Architecture

Three layers. One control plane.

01

Structural Forensics

Catch the failure before the first request flows. Preview policy conflicts in staging. Inspect the logic tree before it reaches production. Forensics for disasters you're now too disciplined to commit.

02

The Evidence Gate

Every request proves it belongs before it passes. Default-deny enforcement. Policy-driven allow lists. No vibes, no guesses — if your code can't produce a valid authorization signature at the gate, it stops. Period.

03

Zero-Trust Hermiticity

Your data never leaves the temple. Govern AI requests without a SaaS middleman. Local-first, self-hosted, air-gap capable. The best architecture doesn't phone home to a vendor in Virginia.

Audit Integrity

Logs answer what happened.
Audit chains answer can this record be trusted.

Every decision in Hexarch is cryptographically bound to the one before it. Deleting a record breaks the chain. Editing a record changes its hash. Inserting fake records cannot recreate the correct sequence. Verification is read-only, deterministic, and requires no privileged access — so your auditors, your security team, and external reviewers can all validate independently.

Event 1
hash: a3f1c…
prev: genesis
Event 2
hash: 7b2d9…
prev: a3f1c…
Event 3
hash: e8a04…
prev: 7b2d9…
chain verified
verify_chain("e8a04…") → ok: true
Developer Tooling

Hexarch Guardrails: The Python SDK

Policy-driven protection that drops into your existing stack. Zero configuration. Decorator-based enforcement. Budget controls built in.

guardrails.py
from hexarch.guardrails import guardian

# Auto-discovers hexarch.yaml
# No config required

@guardian.check(policy_id="soc2-data-access")
async def get_customer_data(tenant_id: str):
    # Policy enforced before execution
    # Audit event recorded automatically
    return await db.fetch(tenant_id)

@guardian.check(
    policy_id="ai-budget-gate",
    budget_cap="$0.50")
async def ai_summarize(doc: str):
    # Stops at budget threshold
    return await llm.complete(doc)
Zero-Config
Auto-discovers hexarch.yaml. No setup ceremony. Drop it in and it works.
Decorator-Based Enforcement
@guardian.check(policy_id) gates your functions at the declaration level. Authorization lives with the code, not beside it.
Budget Protection
Stop the bleed before it starts. Set per-function spend caps on AI calls. "Infinite scale" is marketing-speak for an empty bank account.
Local-First
Works offline. Air-gap capable. The best architecture doesn't need a permission slip from a server in Virginia.
Use Cases

Where Hexarch belongs in your process.

Release planning. Compliance prep. Ops handoffs. Hexarch surfaces at the exact moment you need provable controls — before shipping, not after the incident.

Regulated Industries
SOC 2 & FedRAMP Evidence
Surface the exact audit evidence your compliance framework requires. Cryptographic chains, not reconstructed logs. Automated, not manual.
SaaS Platform
Tiered Entitlement Control
Upgrade or downgrade a customer's access instantly. No deployment. No ticket. License enforcement tied directly to the policy engine.
Feature Rollouts
Beta Gating Without Risk
Gate new API versions by tenant, role, or request signature. Expand when you're confident. Roll back without touching production code.
Internal Platforms
Ops Handoff Governance
Every authorization decision is recorded, verifiable, and attributable. Handoffs between teams don't lose context or compliance state.
"

We were stitching together Kong, LaunchDarkly, and a homegrown entitlement service. Hexarch gave us all three in one control plane — and the audit trail our SOC 2 auditor actually accepted.

— Platform Lead, Series B SaaS
Open Source · Self-Hosted · Production-Ready

Free to run. Built to last.

Self-hosted edition is free. No vendor lock-in. Enterprise support available.

git clone https://github.com/your-org/hexarch-gateway
docker-compose up
Access Console View Docs See Pricing
The Final Gate

Commit to governance.
Or keep firefighting at 2 AM.

This is the same logic your auditors will verify — presented safely, intentionally, and without side effects. Your choice defines your architecture. Or your eventual compliance failure.

Access Console