A rule the agent must remember
CLAUDE.md says to confirm destructive actions. The production-debug credential still owns the database.
Harnexis gives leaders and operating teams one shared view of AI-assisted engineering work: what needs attention, who owns the next decision, where material exposure remains, and what previous decisions actually changed. The technical evidence stays one click away.
Coding assistants now invoke subagents, open pull requests, diagnose failures, and recommend production changes. Usage dashboards show activity. Prompt files describe intent. Neither tells an operating team what to do next or proves what its decisions changed.
See enrolled work by accountable workflow, repository, harness, credential, and action class without inventing child-agent identities from content.
Turn observed evidence into a scoped action with a named owner, expected effect, safety boundary, and measurement window.
Keep expected impact separate from observed results, including verified quality, evidence gaps, demotions, and protection outcomes.
The first screen is deliberately plain. Underneath it, Harnexis preserves the append-only records, policy versions, provenance, verified outcomes, and authority observations technical teams need to trust the conclusion.
Import read-only GitHub pull-request, review, and CI evidence. No new approval inbox is required to see the first posture.
Show where AI work appears, what evidence is missing, and which scoped action a named operating team should consider next.
Customer-owned policies define scope and thresholds. Authority evidence shows whether destructive capabilities remain available outside the model.
Compare the expected effect with observed post-decision evidence. Every simplified statement resolves to technical records.
Instructions tell an agent what it should do. They do not remove what its credential can do. Harnexis makes that gap visible, helps prepare a customer-owned least-privilege correction, and records how and when the resulting boundary was observed.
CLAUDE.md says to confirm destructive actions. The production-debug credential still owns the database.
The customer applies least-privilege database or Vault configuration. Harnexis reads effective authority back, then the customer can challenge the same artifact safely against a disposable clone.
Scoped assurance, never magic: every claim names the agent identity, action class, environment, enforcement points, observation time, expiry, maximum drift-detection interval, and evidence strength. Point-in-time evidence does not claim continuous or execution-time protection. Unknown credentials or bypass paths produce a critical finding — never a green badge.
Technical teams can inspect the underlying tier, policy threshold, action class, blast radius, verification record, demotion trigger, and authority boundary. Executives do not need to learn those objects to understand the decision.
The default for every new agent and action class. Humans see and approve each proposal; every verdict feeds the ledger.
The agent acts; humans review a policy-defined sample. Verified outcomes keep the trust score honest between checks.
Unsupervised inside an explicit blast radius. One verified failure and the circuit breaker demotes the agent — automatically, in seconds.
See where enrolled AI work appears, what material evidence gaps remain, which operating team owns the next decision, and what prior decisions changed.
Move from a noisy estate to a concrete action with scope, expected effect, safety boundary, measurement window, and technical evidence.
Prompt rules receive no security credit. Inspect which destructive capabilities remain available, how strong the latest evidence is, when it expires, and what identities are uncovered.
Follow a simplified statement back to the action, human verdict, policy version, provenance, verified outcome, and authority observation that support it.
Claude Code, Codex, OpenCode, service identities, and subagents create one operating problem even when durable child identity is unavailable.
A circuit breaker protects the next action. It cannot restore a deleted database; destructive authority must be removed at the enforcement point before an incident.
A decision should name its owner and expected effect, then return with observed quality, rework, protection outcome, and an honest evidence boundary.
Trust, computed — not vibes.
The read-only import shows where enrolled AI-assisted work appears, which review and outcome evidence exists, and where the strongest gaps remain. Design partners can then add policy-backed decisions and a scoped authority-assurance pilot without giving Harnexis a production owner credential.