Documentation
New to Strathon? Start with the Getting Started guide: it takes you from zero to a running firewall blocking a real agent action.
| Doc | Covers |
|---|---|
| Getting started | Install, connect an agent, write your first policy, see it block a call |
| Core concepts | The mental model: spans, traces, policies, the seven actions, inline enforcement, audit log |
| Scope & limitations | What the three enforcement layers do and don't do, and what's roadmap vs shipped |
| Runtime intervention | CEL policies, the seven actions (block/steer/throttle/log/alert/require_approval/allow), allow-list mode, time-based rules, policy versioning, halts, budgets, webhooks |
| Analytics | Trace list, trace tree, span aggregation, behavioral drift detection (Vigil) |
| Spans | Span search, attribute filtering, partitioned storage |
| Audit log | Tamper-evident audit log, hash chain, SCIM filters, Merkle anchors |
| API keys | Capability-scoped API keys, rotation, scopes reference |
| Projects | Multi-project management, CRUD, auto-key minting |
| Budgets | Cost and iteration budgets, auto-halt, circuit breakers |
| PII redaction | PII redaction at ingest |
| Retention | Trace retention, per-project configuration |
| Sampling | Head-based sampling, force-keep rules |
| Metrics | Prometheus metrics, health endpoints |
| Self-hosting | Docker, env vars, Postgres setup |
| Scaling | Horizontal scaling, PgBouncer, read replicas |
| RBAC | Role-based access control, 4 roles, auth methods |
| CEL reference | CEL policy language reference, 20+ examples |
| Compliance mapping | NIST AI RMF and EU AI Act evidence mapping |
| MCP gateway | MCP security gateway, tool-call policy enforcement |
| Egress proxy | Egress proxy, outbound request policy enforcement |
| Locking egress | Make the proxy mandatory via network isolation |
| Troubleshooting | Common issues and FAQ |
| frameworks/ | Per-framework integration guides (10 frameworks) |