Agent Execution Infrastructure

The execution layer
for production
AI agents.

Policy before every action. Exactly-once execution guarantee. SHA-256 receipt on every outcome.

ProposeEvaluateExecute ×1Receipt
Get Started Free
$pip install statis-ai
Read the docs

Free to start · No credit card required · Self-hostable

Press K to search docs

Works with your entire stack

OpenAI
Anthropic
GitHub
Slack
Stripe
Linear
Notion
Vercel
Snowflake
Jira
Datadog
OpenAI
Anthropic
GitHub
Slack
Stripe
Linear
Notion
Vercel
Snowflake
Jira
Datadog
OpenAI
Anthropic
GitHub
Slack
Stripe
Linear
Notion
Vercel
Snowflake
Jira
Datadog
AWS
Kubernetes
HubSpot
PostgreSQL
MongoDB
Zapier
n8n
Mistral AI
Gemini
Cursor
LangChain
Vercel
AWS
Kubernetes
HubSpot
PostgreSQL
MongoDB
Zapier
n8n
Mistral AI
Gemini
Cursor
LangChain
Vercel
AWS
Kubernetes
HubSpot
PostgreSQL
MongoDB
Zapier
n8n
Mistral AI
Gemini
Cursor
LangChain
Vercel
agent.log — prod-worker-3ERROR
prod-worker-3@statis:~$ tail -f agent.log
[09:23:11.204]action_idact-7f3a1c
[09:23:11.206]adapterstripe.charge
[09:23:11.207]amount$299.00
[09:23:11.441]executions2 ← fired twice
[09:23:11.442]receiptnone
[09:23:11.442]audit_trailnone
[09:23:11.443]statusUNKNOWN
[09:23:12.001] WARN customer support ticket #4821 opened
prod-worker-3@statis:~$
The problem

Agents in production
need a guardrail layer.

Your agent just charged a customer twice. There’s no receipt, no audit trail, no way to know which policies ran or why. You find out when support calls.

Every AI agent that touches production systems — billing, CRM, communication, data — needs policy evaluation before it acts and a tamper-evident record of what happened after.

Agent retries charge customer twice
Exactly-once execution lock
No visibility into what ran or why
SHA-256 receipt on every action
No way to stop a rogue action mid-flight
Policy engine evaluates before execution
Console

See everything. Control everything.

Every agent action observable, every policy decision auditable, every connector under one roof.

console.statis.dev

Home

Last 24h
Live

Actions Today

12,847

+1,203 vs yesterday

Execution Rate

99.97%

of committed

Escalations

3

awaiting review

Receipts Minted

1.28M

all time

Recent Actions

↻ auto-refresh

IDServiceActionStatusTime
act-f93asvc-landingdeploy_landing_pageCOMPLETED4s ago
act-e41bsvc-apirun_test_suiteCOMPLETED12s ago
act-d28csvc-infraupdate_dns_recordESCALATED1m ago
act-c77dsvc-commssend_slack_alertCOMPLETED3m ago
act-b19esvc-apiscale_api_workersCOMPLETED7m ago
SDK

Three lines to
governed execution.

Propose an action. The policy engine evaluates it against your rules. Execute with an exactly-once guarantee. Every outcome gets a tamper-evident receipt.

01pip install statis-ai
02Set STATIS_API_KEY
03propose → execute
agent.py — python3
~/projects/my-agent python3 agent.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
from statis_ai import StatisClient
 
client = StatisClient(api_key="sk-statis-...")
 
# Propose an action — nothing executes yet
action = await client.propose(
    entity_id="acct-8821",
    action_type="apply_discount",
    payload={"percent": 15, "reason": "churn_risk"},
)
 
# Policy engine evaluates. Execute if approved.
if action.status == "APPROVED":
    receipt = await action.execute()
    print(receipt.id)  # sha256:a3f29c...
Method

How we think about governed execution.

Five principles that shape every decision in the Statis codebase. These aren't marketing — they're the trade-offs we refuse to make.

01

Determinism over ML.

Your governance layer shouldn't hallucinate. Rules are versioned, testable, reversible — no magic, no prompts in the critical path.

02

Audit is the product.

The ledger isn't a feature, it's the thing you're paying for. Every receipt tamper-evident, queryable, and exportable.

03

Operator-first tooling.

SDKs, CLIs, and infrastructure-as-code. No required dashboard. Built for the people who actually own production.

04

Self-hostable by default.

Docker Compose, bring your own database, run on your own metal. No vendor lock-in on the trust layer.

05

Reversible by design.

Every policy versioned, every decision explainable, every action undoable. Mistakes should be recoverable, not catastrophic.

The Statis Manifesto

Agents need
infrastructure,
not guardrails.

Every action flows through a deterministic trust layer. Every outcome is receipted. Every decision is reversible, auditable, and reproducible. That's the product.

Questions

Frequently asked.

Shadow mode lets you run Statis alongside your existing agents without changing a single line of agent code. Statis observes every action proposal, evaluates it against your policy rules, and flags what would have been DENIED or DUPLICATE — without blocking any execution. Zero production risk. Zero integration work. Purpose-built for design partners evaluating Statis before full adoption.
Vector databases are for semantic retrieval — memory. Statis is for deterministic structured state and governed execution — reality. If an agent needs context, use RAG. If it needs to know what's true right now and act on it safely, it needs Statis.
No. Statis sits between your agents and your production systems. Your agents propose actions via a simple API. Statis handles evaluation, execution, and receipts. Minimal changes to existing agent code.
Authorization answers "can this agent do this?" Statis answers "given the current state of this entity and its history, should this action happen right now?" The policy evaluates entity state, not just roles — and every decision is receipted against a versioned rule.
When an action is approved, Statis acquires a distributed lock on the action ID, calls the adapter, writes the receipt atomically, and releases the lock. If any agent retries with the same action ID — even concurrently — the receipt is found and execution is blocked. The external system is never called twice.
Yes. Statis ships with a Docker Compose setup for self-hosted deployment. VPC and managed hosting options are also on the roadmap for enterprise design partners. If data residency is a requirement, reach out directly.
Sub-second in normal operation. State is materialized and pushed to subscribers in near real-time. The reducer pattern ensures state is always derived from the canonical event log, not from polling or caching.
receipt_id sha256:a3f29c...
action deploy_landing_page
status COMPLETED
policy infra_deploy_v1
Dogfood

We used Statis to build Statis.

Every action proposal, policy check, and execution receipt on this site ran through our own infrastructure.

Built for production

Enterprise-ready from day one.

The controls your security team will ask for before procurement — already built in.

SOC 2 Type II

Audit in progress. Security controls across access, availability, and confidentiality.

OIDC SSO

Native Okta, Entra ID, and any OIDC-compliant provider. SCIM provisioning included.

Self-hostable

Deploy on your own infrastructure with Docker Compose. No data leaves your VPC.

Tamper-evident Receipts

Every action produces a SHA-256 signed receipt. Immutable. Auditable. Cryptographically verifiable.

Data Residency

Choose your region. On-prem deployment available for regulated industries.

Full Audit Logs

Complete decision history. Every policy evaluation, every escalation, every outcome — forever.

Get started

Ship your first governed
action in 5 minutes.

Free to start. No credit card required. Scales to millions of actions.

Start for freeRead the docs →

pip install statis-ai