◈ SecuriX

Policy as Code

Manage security boundaries and agent permissions via the Developer Policy Console.

Policy as Code

SecuriX allows you to decouple your application logic from your security logic. By using Policy as Code, you can define granular restrictions that are enforced in real-time by the SecuriX Gateway.

Developer Policy Console

The Developer Policy Console (dev.securix.app) is where you manage your security posture without redeploying code.

  • Separation of Concerns: Your application layer handles the "How", and SecuriX handles the "Who" and "What".
  • Real-time Updates: Change a policy in the console, and it is instantly enforced across all active agent sessions.

Context-Aware Restrictions

Go beyond simple "allow/deny" with context-aware boundaries:

  • Draft-only Mode: Allow an AI agent to read emails but only create drafts, never send.
  • Domain Blocking: Block data access if the recipient domain matches @bank.com or @competitor.com.
  • PII Redaction: Automatically redact Social Security Numbers or credit card details from agent inputs/outputs.

Example: Real-World Guardrails

Here are common policies you can implement using SecuriX PDL (Policy Definition Language):

1. Draft-only Mode (Gmail)

Ensure an AI agent can never send an email autonomously, but can still draft them for user review.

policy "gmail_draft_only" {
  description = "Block actual sending of emails"
  target      = "google.gmail.messages.send"
  effect      = "deny"
  
  llm_error = "I am restricted to creating drafts only. I have created a draft for you to review in Gmail."
}

2. PII Redaction

Automatically redact sensitive information before it reaches the agent's context.

policy "redact_pii" {
  description = "Redact SSNs and Credit Cards"
  target      = "google.*"
  action      = "redact"
  
  patterns = ["ssn", "credit_card"]
}

3. Domain Whitelisting

Restrict the agent to only communicating with specific domains.

policy "whitelist_domains" {
  target = "google.gmail.send"
  
  condition {
    recipient_domain not_in ["yourcompany.com", "trusted-partner.org"]
  }
  
  effect = "deny"
  llm_error = "Security policy restricts me to internal domains only. Please use a company email address."
}

By moving security to the policy layer, you reduce the surface area for bugs and ensure that your AI agents operate within safe, predefined boundaries.

SDK Integration

Build secure AI agents with 4 lines of code using the SecuriX SDK.

Self-healing Auth

Let your AI agents fix security and connection issues autonomously.

On this page

Policy as CodeDeveloper Policy ConsoleContext-Aware RestrictionsExample: Real-World Guardrails1. Draft-only Mode (Gmail)2. PII Redaction3. Domain Whitelisting