IXRAIL

TRUST BOUNDARY

Security model

Design assumptions and controls for hostile or compromised requests.

Agent isolation

The agent can propose intent but cannot access signing keys, rewrite policy, or approve its own exception.

Protected signing

The signer accepts a narrow transaction envelope bound to a policy decision and request identifier. Expired or replayed envelopes fail closed.

const decision = evaluate(intent, policy)

if (decision.state !== "allow") {
  return decision
}

return execute(decision.envelope)

Auditability

Receipts preserve inputs, individual checks, decision, policy version, and signer verification references. Avoid placing secrets in receipts.