The Problem
Enterprise teams deploy autonomous AI agents to production:
- Trading bots move millions
- Payroll agents process salaries
- Infrastructure agents provision cloud resources
But here's the gap: Who's accountable? How do you audit? How do you comply?
Most teams treat agents as black boxes. This is a regulatory nightmare for finance, healthcare, and enterprise tech.
The Solution: Zarynx
Zarynx is a governance layer for autonomous AI agents, built with Aurora PostgreSQL as the critical backbone.
Architecture
Agents (API) → Policy Engine → Double-Entry Ledger → Hash-Chained Receipts
↓
Aurora PostgreSQL
Every agent action flows through:
- Policy Evaluation — Is this action allowed? Does it need approval?
- Ledger Posting — Post to a double-entry ledger (debit + credit)
- Cryptographic Receipt — Generate hash-chained proof
- Multi-Tenant Isolation — RLS ensures data isolation
Why Aurora PostgreSQL?
This wasn't just a technology choice—it was an architectural necessity.
1. ACID Transactions
Finance requires absolute consistency. Every debit must have a matching credit. The ledger balance can never be out of sync.
-- Aurora enforces balance correctness
ALTER TABLE accounts ADD CONSTRAINT balance_check CHECK (balance >= 0);
If your application posts a debit but crashes before posting the credit, Aurora rolls back the entire transaction. Your ledger stays balanced.
2. Row-Level Security
Multi-tenant SaaS with Aurora RLS means data isolation is a database primitive, not an application responsibility.
-- Each org sees only their data
CREATE POLICY org_isolation ON receipts
USING (org_id = current_user_id);
3. Referential Integrity
Foreign keys prevent orphaned records. If a transaction references a policy, that policy must exist. Aurora enforces this at the database level.
4. Cryptographic Verification
Every receipt contains a hash of the previous receipt—a tamper-proof chain.
-- Each receipt links to the previous one
receipts: [
{ id: 1, hash: "sha256_a7f...", prev_hash: null },
{ id: 2, hash: "sha256_b2e...", prev_hash: "sha256_a7f..." },
{ id: 3, hash: "sha256_c4d...", prev_hash: "sha256_b2e..." }
]
Edit receipt #2's payload? The hash changes. The chain breaks. Tampering is immediately detectable.
The Build Stack
- Frontend: Next.js 16, React 19, TypeScript, Vercel
- Backend: Next.js API Routes, server-side policy evaluation
- Database: Aurora PostgreSQL (Serverless v2)
- Infrastructure: Vercel (frontend) + AWS Aurora (database)
Key Features
1. Policy Engine
- Define rules: "Allow DevOps to provision infrastructure under $10K/day"
- Real-time evaluation: Is this action allowed, blocked, or requires approval?
- Versioning: Policy changes take effect immediately
2. Double-Entry Ledger
- Every transaction posts to two accounts (debit + credit)
- Balance is derived, never stored
- ACID guarantees prevent corruption
3. Hash-Chain Verification
- Verify: Check all receipts link correctly
- Simulate Tamper: Break a receipt, show chain fails
- Restore: Recalculate hashes, repair chain
4. Co-Sign Workflow
- Agent requests require human approval for high-risk actions
- Approval inbox shows pending items
- Co-sign completes the transaction
5. Real-Time Dashboard
- Overview: Active agents, total balance, pending approvals
- Ledger view: Complete transaction history
- Audit trail: Cryptographic proof of every action
Live Demo
🔗 Live: https://v0-zarynx.vercel.app/
__
Key Learnings
Aurora is not "just PostgreSQL in the cloud"
It's a deliberate architectural choice for production systems requiring:
- Absolute consistency (ACID)
- Data isolation (RLS)
- Integrity constraints (foreign keys, CHECK)
- High availability (automatic failover)
When you're building compliance-critical systems, your database choices matter enormously.
This project demonstrates that. Every feature of Zarynx depends on Aurora's reliability guarantees.
What's Next?
- Pricing engine: \$99/org + \$29/agent + \$0.001/transaction
- Compliance reports: SOC 2, HIPAA, audit trails
- Agent marketplace: Pre-approved agents with policies
Top comments (0)