№ 01 · platform
OW
OpenWatch
The compliance OS.
A fleet eye, heartbeat, and control plane. Continuous posture, temporal queries, drift detection, governance workflows, and audit-ready evidence, for any team running Linux at scale.
Production-safe infrastructure for the agentic era
The safety layer for every Linux change, human or agent.
Hanalyx builds the rollback-safe primitives, the control plane, and the spec compiler that let teams and agents modify production without breaking it.
“No Linux change should ever be unsafe, unauditable, or unreversible, whether a human or an AI made it. That sentence is our entire company.”
●The portfolio
Three open-source tools. One trust chain.
OpenWatch is the platform. Kensa is the engine. Specter compiles the specs the other two are built from.
№ 02 · engine
Kn
Kensa
The change engine.
Transactional configuration management. 508 rules, 23 typed mechanisms, automatic rollback. A single binary, no agent. The layer the rest of the family runs on.
№ 03 · toolchain
Sp
Specter
The spec compiler.
A compiler for specifications: the toolchain we use to build OpenWatch and Kensa, open to anyone who wants machine-enforced spec rigor for their own systems.
Experience across
DHSFBIHPEAT&T
For AI platform teams
Give your agents a production-safe API surface.
Letting an agent run ssh+sudo on your fleet is unbounded. Letting it call Kensa is a contract: every change is captured, validated, and reversible by construction.
01
Bounded blast radius23 typed mechanisms. Agents can only express changes Kensa knows how to capture and roll back. Free-form shell is not a mechanism.
02
Auditable by defaultEvery run emits signed JSON evidence: command, stdout, expected vs. actual, timestamp. Drop it into a SIEM, hand it to a reviewer, attach it to a PR.
03
Rollback as a primitiveValidation fails, and Kensa reverses automatically from captured pre-state. The agent never has to know how to undo what it just did.
04
Deterministic across hosts22 runtime probes detect host capabilities, so one rule works across RHEL 8/9/10, Rocky, and Alma without per-host scripting.
Evidence
Every run produces signed JSON you can hand to an auditor.
Every check is backed by signed evidence, not screenshots. Each one captures the exact command, expected vs. actual, the rollback path, and the agent that requested it. Machine-verifiable end to end.
- Mechanism + pre-state hash. Proves we knew the system before we touched it
- Change command + exit code. Proves what was actually executed
- Validation result + reason. Proves whether the change took effect
- Rollback verification. Proves the system returned to a known-good hash
- Multi-framework mapping. One scan, every framework: STIG, CIS, NIST
evidence/runs/2026-05-06T14:22Z.jsonSIGNEDSHA-256 verified
{"run_id": "kn-2026-05-06-7f3a","host": "app-7.prod.example.com","agent": "platform-agent/3.2","outcome": "rolled_back","rule_id": "ssh-disable-root-login","frameworks": {"cis_rhel9_v2": "5.1.20","stig_rhel9_v2r7": "V-257947","nist_800_53": "AC-6(2), AC-17(2)"},"mechanism": "config_value","pre_state": { "captured": true, "method": "file_snapshot", "sha256": "f8c9a4...e21b" },"change": {"command": "sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config","exit_code": 0, "duration_ms": 142},"validation": {"passed": false,"reason": "sshd config-test failed: bad keyword 'PermitRootLogin'"},"rollback": {"triggered": true, "method": "file_restore","verified_sha256": "f8c9a4...e21b", "duration_ms": 38, "outcome": "ok"},"signed_by": "hanalyx-evidence-key-2026-q2"}
Why now
AI agents are about to make more production changes than humans ever did. That is fine, provided someone can answer one question: can you prove the change was safe, and undo it if it wasn't?
Built on 12+ years securing Linux across the U.S. Army, DHS, FBI, and DoD, where the answer always had to be yes, in writing, with evidence. The same discipline now ships as tooling for the agentic era.
Make production changes safe to reverse.
Put OpenWatch and Kensa in front of your fleet, and your agents.