Your AI calls are going directly to providers. No policy. No audit trail. No cost controls.
Govern data exposure, route requests intelligently, and make every model call auditable.
Built for engineering teams shipping AI in production. Once you're past the prototype, you need policy enforcement, cost controls, and a complete audit record — not just a provider API key.
Used by engineering teams hardening production AI and enterprises building compliant AI pipelines.
When compliance asks, the record is already there.
Every policy decision generates a signed ledger entry. Nothing to configure, nothing to enable separately — the record follows the trace from the first request.
See the governance ledger guide for the report and export flow.
Same rules. Different decisions.
Please summarize this support ticket. The customer is Alex and their card ends in 1234.
$ olyx trace --local-ref ticket_24A1 id: trace_01J6AF... status: pending distribution.payload_storage_mode: cloud_anonymized
Summarize 2,000 support logs and extract the top three recurring themes.
$ olyx trace --local-ref batch_run_09 id: trace_01J7BB... status: pending distribution.payload_storage_mode: cloud_anonymized
Classify a medical intake form without sending payloads to cloud storage.
$ olyx trace --local-ref intake_form_03 id: trace_01J8CC... status: pending distribution.payload_storage_mode: customer_managed distribution.local_ref: intake_form_03
Every request is evaluated against your policy, scrubbed where needed, then routed on cost and intent complexity. Three inputs — three different outcomes from the same control plane.
Three steps to full control.
Install the CLI, open the dashboard to copy your API key, then verify the connection with olyx inspect.
$ gh release download v0.1.0 --repo olyxlabs/olyx-cli \ $ olyx login Opening https://app.olyxai.io/login $ export OLYX_API_KEY=ak_... $ olyx inspect
Point your existing AI client at the Olyx endpoint. No other code changes required.
client = ProviderAI(api_key="...")
base_url="https://app.olyxai.io/api/v1"
Record the request with a local reference, then open the trace detail to inspect routing, security signals, boundary evidence, and replay status.
$ olyx trace --local-ref ticket_24A1 id: trace_01J6AF... status: pending boundary: customer_managed trace_detail: trace_01J6AF... route: private_runtime signals: pii=true injection=false secrets=0 summary: $0.0184 · p95 842ms
One integration. Complete execution control.
Keep your existing AI clients and add Olyx to the request path. Provider credentials never leave your environment.
OpenAI-schema compatible — base URL change only. Providers with a different native API shape (Anthropic, Gemini, Bedrock) use built-in schema adapters. See the model providers guide.
Rules applied before every model call — not after.
Route by cost, latency, or sensitivity. Automatic failover.
Every decision recorded with full input/output context.
Requests blocked or redacted when policy requires it.
You decide what gets through, what gets redacted, and where your data lands.
Configured rules can redact sensitive values, alert your team, or block the request entirely. Sensitive fields stay out of cloud storage when your policy requires it.
Compare traces and replays to see which route ran, what it cost, and where latency landed — instead of piecing it together from provider logs.
Your API keys and data stay in your environment by default. Cloud-side coordination is optional and policy-driven — not assumed.
One base URL. Zero secrets stored. Every decision traced.
Keep your existing AI client code and point it at the Olyx endpoint.
Your AI provider API keys stay in your environment — never sent to Olyx.
Every request is logged with its routing decision, cost, and policy outcome.
Production AI needs a control plane.
Every request governed. Every route intentional. Every decision observable.