The product
The era of agents is here.
Coordination across agents. Every action recorded, attributed, and anchored, so policy has a substrate to verify against. An audit chain the auditor can interrogate. The audit substrate deployed inside your boundary, air-gap-capable where the workload requires it. One substrate, four properties, every action attributed.
§ 01 Four properties
01
Coordination
Your workload is not a single prompt. It is a chain.
An agent receives the work, hands off to the next agent, which hands off again, down to the agent that records the outcome. Each handoff is itself an action that needs attribution, and each receiving agent decides on the previous agent's record. The seam between agents is where the work actually lives, and the seam is what coordination governs.
- The chain is legible at every link: which agent acted, which received, in what order, on which data, under which policy.
- Handoffs carry the record forward. The receiving agent inherits the audit context the prior agent emitted, not a summary of it.
- Branching is governed. When a decision splits into parallel actions, every branch is tracked as an attributed action of the agent that branched.
- Multi-agent dependencies surface where the work crosses. Asking which agent did this gets an answer, not a guess.
02
Policy-as-code
Policy is code, versioned and reviewed by your team. The substrate records what each agent did, attributable to the policy version that applied. The runtime that applies policy at the moment of action is in active development.
The policy that authorizes an agent action is not a slide, a wiki page, or a guardrail that catches mistakes after the fact. It is code, reviewed by your team, deployed alongside Plexus. The substrate records the action and the outcome, attributable to the policy version that applied, and the record survives the action. Applying the policy at the decisional event is the role of the runtime, in active development.
- Reviewable: pull-request review by your model-risk, compliance, and security functions. The version that authorized an action is the version the auditor reads.
- Testable: the policy can be run against representative actions before it lands. Coverage of the decision space is a property of the policy.
- Recorded where the action happens: not at an API gateway hours later, not at a dashboard watching afterward, but at the event itself.
- When an action is refused, the refusal is recorded: an attributed audit event showing the agent that attempted and the outcome.
03
Immutable audit
The record of what happened cannot be altered after the fact. By anyone.
Each recorded action is hashed into a chain whose continuity an auditor can prove was not altered, from the first record to the current state. Operators cannot rewrite the record. Agents cannot rewrite the record. The substrate cannot rewrite the record.
- Hash-chained at write: each action's hash includes the prior action's hash, so the chain verifies from any point back to the start.
- Retention that satisfies the audit window, held for the required retention period, not at the operator's discretion.
- Integrity is provable, not asserted: the verification is something an auditor runs, not something the operator certifies.
- The record is the action. There is no separate logging layer to fall behind or drop fields. The record is produced as the action happens, so no action passes without becoming part of the record.
04
Tamper-evidence
If the record is altered, the substrate detects it. The auditor sees the alteration.
Tamper-evidence is a property of how the chain is built, not a feature added on top. Any modification to a recorded action, to the substrate that holds the chain, or to a system upstream of it produces a chain that does not verify. The auditor running the verification sees the failure.
- Alteration of a recorded action breaks the chain; the verification fails.
- Alteration of the substrate that holds the chain breaks the chain; the verification fails.
- Alteration upstream (the agent, the policy, the data) is itself a recorded action, attributable to whoever caused it.
- It is built to be auditable not because the operator is trusted, but because the auditor trusts no operator.
§ 02 How it works
Governed autonomy, licensed by tier
Four classes of agent, four levels of trust. You move up the ladder as the audit trail earns it.
- Supervised for the agent the operator watches; every action approved before it runs.
- Coordinated for the multi-domain agent, governed within policy, every handoff attributed.
- Autonomous-within-Policy for the agent that decides on its own, inside bounded authority.
- Air-gapped for the workload where the data does not leave the boundary, by construction.
Policy-as-code, in practice
The policy lives in your repository. The review goes through your pull-request process. The deployment ships through your release pipeline. The runtime that applies the policy to the agent's proposed action is in active development; the substrate records the decision that was made, attributable to the policy version that applied.
The team responsible for the policy reads the policy. The auditor reads the policy. The substrate records what the agent did against it, including any refusal, so no action passes without becoming part of the record.
The audit chain, in practice
When an agent acts, the substrate records the action and attributes it: the agent, the time, the data it saw, and the parent action that produced it. The record is hashed into the chain. The chain ships to retention.
When the auditor arrives, the auditor runs the verifier. The verifier walks the chain. The chain either verifies or it does not. This is how someone asks to see the trace and gets an answer.
§ 03 Deployment
Inside your perimeter. The substrate is air-gap-capable today; the models are not.
The substrate runs where your workload runs: private cloud, on-premise, or air-gapped infrastructure. The deployment posture is your decision, workload by workload.
For the highest-tier workload, air-gapped deployment is what the auditor expects. An air-gapped deployment, by construction, cannot constitute a data transfer to a vendor. The data does not leave the boundary. The substrate operates without external network connectivity, and the audit chain ships to retention inside the boundary being audited.
What zero cloud dependency means for the substrate
The substrate does not require an outbound connection to a vendor cloud to operate. It does not phone home. It does not require a vendor-managed coordination service to run the policy on your behalf, or a vendor-managed surface to produce the audit chain. You run the substrate. You audit what it produced.
When posture is the differentiator
An organization running multi-agent production cannot depend on a switch held in a room you do not reach. The deployment posture is what answers the operational-continuity question, the data-residency question, and the sovereignty question. We build the substrate that lets you choose the posture the workload requires, and operate it where you operate every other governed system.
§ 04 Engagement
From Discovery to Pilot to Design Partner.
Each tier of engagement is sized to the workload it serves. Nothing skips a tier on the substrate an auditor will ask about.
Discovery
Bounded and paid. Produces a workload map and a substrate-tier recommendation against your governance posture, the artifact your risk, audit, and finance functions read together. It is not a pitch. It is the first piece of work.
Pilot
A defined workload, deployed on the substrate, inside the boundary you choose. The Pilot proves the substrate produces the audit chain your auditor accepts, scoped to a workload your team can supervise.
Design Partner
The workload runs on the substrate. The audit chain is the system of record. The team that owns the workload owns the policy that governs it, operated against your SLOs and your audit demands.
§ 05 What ships now
Shipping now, in active development, and on the roadmap.
We are pre-launch. This is what the substrate does today, what is being built, and what is planned. Nothing on this page is presented as shipping unless it ships. The record is produced today; the runtime that applies policy at the moment of action is in active development.
The substrate records what each agent did, attributable to the policy version that applied. Enforcement of policy at the moment of action is a property of the runtime in active development, not of the record.
Pre-launch · first design partners
Become a design partner.
We are pre-launch and selecting our first design partners carefully. The Discovery cycle is the first conversation: bounded, paid, and it produces an artifact you can take to your board. If you are running multi-agent production and the audit cannot answer the question your auditor is now asking, that is the conversation we are here to start.
See the ways to engage →