Capability

Policy enforced inline, at the data path.

A single env-var change routes LLM traffic through the Meilynx proxy. From that one position it enforces governance pre-request and post-response — no SDK swap, no application rewrite — and raw prompts and responses never leave your perimeter.

Request a demo See deployment modes

The data path

Pre-request and post-response, every call.

Meilynx sits inline between your application and every LLM provider. It evaluates policy before the request reaches the model and again before the response returns to your application.

Meilynx Proxy · Inside your perimeter

<50ms p90 · Shadow mode supportedHover a stage to inspect

Inbound

Request

Outbound

Provider

Audit trail

Analytical store · WORM archive · Cryptographic hash chain

Capturing · 6-year floor (Fully Managed)

Every request, response, and policy decision captured to immutable storage in your environment. Examination-ready evidence — never delegated to the control plane.

Meilynx Proxy · Inside your perimeter

Request

From your application

Policy

Model allow/deny · schema

PII / MNPI

Real-time detection

Cost

Per-request · budgets

Tools

Agent allow/deny

Provider

OpenAI · Anthropic · Azure · Google

Audit trail

Analytical store · WORM archive · Cryptographic hash chain

Capturing every call · 6-year floor (Fully Managed)

Shadow mode supported for safe rollout.

Rule library

Built-in governance rules.

The controls a financial-services team needs ship in the box — PII, MNPI, and PHI detection, model access, cost, agent safety, and schema validation — extensible via WASM and webhook validators.

Model access

Allowlist and denylist the models each team and environment may call.

Cost limits

Per-request and per-period spend caps, enforced before the call is made.

PII detection

Detect and redact personal data on requests and responses, with check-digit validation.

MNPI detection

Flag material non-public information before it reaches a model or a response leaves.

Safety scan

Screen prompts and outputs against safety rules, including external guard models.

Agent & tool control

Allow or deny tool calls and block destructive commands at the boundary.

Schema validation

Enforce request and response shape so structured outputs stay within contract.

Token & length limits

Cap input tokens, message counts, and output length per policy.

Safe rollout

Observe first. Enforce when you're ready.

Every rule runs in shadow mode — log-only, no enforcement — so you can validate impact on real traffic before a single request is blocked.

Shadow mode logs what a rule would have done, with zero production impact.
Actions resolve in a fixed priority order: block, mask output, redact, warn, allow.
A Fully Managed proxy comes up observing — it passes traffic and logs findings until you publish a policy.

Extensibility

When a control isn't in the built-in library, author your own. Webhook validators call an external service in the request path; WASM validators run sandboxed governance logic you ship yourself — and every decision, built-in or custom, is sealed into the same tamper-evident audit chain.

Where it leads

Enforcement is half the story.

Examination-ready audit trailEvery enforcement decision sealed into a tamper-evident, examiner-verifiable record.Agent & MCP governanceExtend allow/deny and tracing to agent execution and tool calls.Framework coverageSee how these controls map to SR 11-7, NYDFS 500, and FINRA 24-09.

Get started

Put a policy in front of your traffic

We'll walk through the rule library, shadow mode, and how enforcement lands in the audit chain.

Request a demo