Governed agentic deployment studio

Deploy commerce agents your risk team can approve.

HARNEXA builds governed AI agents for European retail, e-commerce, and CPG workflows: persistent identity, scoped tools, approval gates, audit trails, and AgentOps evidence from day one.

Score readiness first, inspect the PHANTOM proof, then carry the evidence into founder review.

PRISM scorePHANTOM proofPassport contextDiagnostic request
Human approval before commerce actionsSynthetic public proof; no client-system writesEvidence packet before implementation

Why now

Agent adoption is moving faster than operating control.

HARNEXA is built for European mid-market commerce operators that want useful AI agents without creating invisible permissions, unmanaged spend, or compliance evidence gaps.

Agents are already inside the business

Teams adopt copilots, workflow automations, and agent demos faster than governance teams can inventory them.

Consequential actions need a boundary

CRM writes, discounts, refunds, order proposals, and customer-facing answers need scoped permissions and human approval before execution.

Article 50 makes evidence a leadership issue

Article 50 transparency obligations apply from 2 August 2026. The practical work is identity, oversight, audit trail, and clear operating records.

Agent system

One public spine, four proof roles. NEXUS stays private.

PRISM scores the workflow. PHANTOM proves the governed agent pattern. ATLAS packages the evidence for founder review. The HARNEXA Harness enforces identity, permissions, approval, audit, and AgentOps.

01

PRISMPRISMReadiness score across governance, data, human control, measurement, and operating maturity. Scores the workflow

Maps owner, data, approval, measurement, and governance gaps before HARNEXA recommends a sprint.

Public first stepScore readiness
02

PHANTOMPHANTOMGoverned CPG field-visit proof: prepares context and order proposals, then stops at human approval. Proves the governed pattern

Replays a commerce workflow where recommendations stop at the human approval boundary.

Synthetic public proofInspect proof
03

ATLAS Packages founder-review evidence

Turns readiness, proof context, and stakeholder questions into reviewable drafts. It does not send or approve.

READ_ONLY advisorCheck registry
04

HarnessHarnessHARNEXA control layer for identity, permissions, budget, risk class, approval, and audit. Enforces the boundary

Checks identity, permissions, risk class, approval, audit, revocation, and AgentOps before consequential action.

Control layerOpen trust room

Control boundary

Every tool call passes through the boundary.

The HARNEXA HarnessHarnessHARNEXA control layer for identity, permissions, budget, risk class, approval, and audit. checks identity, permissions, risk class, approval, and audit before an action becomes consequential. READ_ONLY means analysis-only work. FINANCIAL means approval-required commercial action.

Identity check
Permission check
Budget check
Approval gateFINANCIAL boundary
Computational sensors
Append-only audit log

Flagship workflow

PHANTOMPHANTOMGoverned CPG field-visit proof: prepares context and order proposals, then stops at human approval. prepares the field decision. The rep still decides.

The flagship proof is deliberately practical: a CPG visit package with account context, velocity analysis, promo compliance, and a proposed order held at the approval boundary.

PHANTOM governed workflow from READ_ONLY field analysis to a human-approved FINANCIAL boundary

Buyer path

Make the evidence path visible before founder review.

A cautious buyer should see the route without assembling it manually. Score readiness, inspect PHANTOM, package context, then request one founder-reviewed commercial path.

Buyer evidence spineScore, inspect, package, request.

The path is an evidence chain, not a funnel: each step leaves a proof artifact that makes the next commercial decision easier to review.

  1. PRISMPRISMReadiness score across governance, data, human control, measurement, and operating maturity.

    Score readiness

    Maturity level, top gap, exposure signal

    Score first
  2. PHANTOMPHANTOMGoverned CPG field-visit proof: prepares context and order proposals, then stops at human approval.

    Inspect proof

    Approval hold, audit rows, CLEAR sample

    Open proof
  3. Passport

    Package context

    Role, workflow, PRISM, protocol, AVO

    Build packet
  4. Diagnostic

    Request review

    Founder-reviewed intake with evidence attached

    Book review
Commercial paths

Choose the smallest paid step that makes deployment safer.

Start with the diagnostic when the workflow, data baseline, or governance boundary is unclear. Move to deployment only when the owner, data access, KPI baseline, and approval map are ready.

10 business daysEUR 8k–15k
Start here

Agentic Commerce Diagnostic

A governance gap assessment and prioritised agent roadmap you can act on immediately.

Use when workflow, data baseline, or approval boundary still needs proof.

  • Agent landscape audit — what is running, what it can access, what it costs
  • Governance gap report — identity, permissions, audit, approval, budget coverage
  • Top-3 agent deployment candidates with value and risk estimates
  • Prioritised roadmap with sprint sequencing
  • Executive summary for COO, CTO, and Risk stakeholders
  • PDF deliverable package
Book diagnostic sprint
1 weekEUR 6k–10k

Agent Inventory & Governance Sprint

A complete agent inventory with permissions, risk classes, and revocation paths.

Use when agents or copilots already exist but ownership and revocation are unclear.

  • Full agent identity register (agent_identity table, permissions_json)
  • Risk class mapping for each agent (READ_ONLY / FINANCIAL / DESTRUCTIVE)
  • Tool allowlist audit per agent
  • Revocation path documentation
  • AgentOps report — inventory panel, permission map, open risks
Ask about this →
2-4 weeksScoped by catalogue size
AI visibility

Agent Visibility Optimisation Sprint

Product-data readiness for agentic purchase decisions before AI agents become the buyer interface.

Use when product evidence must be readable by AI answer engines before deployment.

  • Prompt-panel audit across target buyer and operator questions
  • Catalogue, PDP, feed, and schema.org gap analysis
  • Priority assortment enrichment plan for product attributes and compatibility data
  • Product knowledge graph inputs for substitutes, accessories, and freshness evidence
  • Before/after AVO delta with feed governance rules
Ask about this →
6 weeksEUR 30k–75k
Outcome tier available

Governed Agent Deployment Sprint

A production agent in a governed harness with identity, audit, and approval gates.

Requires a named workflow owner, accessible data, KPI baseline, and approval boundary.

  • Agent design and workflow architecture
  • HARNEXA Harness integration with identity, budget, and approval gate
  • CLEAR scorecard — Cost, Latency, Efficiency, Accuracy, Reliability
  • Append-only audit trail wired to agent_audit_log
  • AgentOps report for stakeholder review
  • Handover documentation and runbook
Ask about this →
2 weeksEUR 12k–18k
Art. 50 obligations: 2 Aug 2026

EU AI Act Conformity Sprint

Audit-ready governance foundations for Art. 50 and Annex III obligations.

Use when legal, risk, or board review needs an audit-ready evidence package.

  • EU AI Act obligation mapping (Art. 50 + Annex III)
  • Transparency documentation for GPAI-touching agents
  • Audit trail and human oversight gap analysis
  • Conformity checklist (HARNEXA Harness coverage vs. obligations)
  • Client legal review package — not a compliance certificate
Ask about this →
MonthlyEUR 8k–20k / month

CAIO / AgentOps Retainer

Ongoing AgentOps visibility, governance advisory, and agent operations support.

Best after a governed deployment or governance sprint creates an operating cadence.

  • Monthly AgentOps report — inventory, audit, CLEAR, cost, risks
  • Ongoing HARNEXA Harness and agent maintenance
  • Governance advisory for new agent deployments
  • EU AI Act update monitoring and obligation tracking
  • Quarterly review with COO / CTO / Risk stakeholders
Ask about this →

Fixed scope. Named deliverables. No open-ended forward-deployed day-rates — productized sprints with optional hybrid outcome tiers after baseline proof.

Governance packet

What a client receives must survive the demo.

Every serious deployment needs named artifacts: identity, permissions, approval gates, audit rows, evaluation baselines, cost visibility, and a revocation path. HARNEXA provides governance support for legal review, not legal compliance certification.

Client evidence packetNamed artifacts, not open-ended advisory.
  • Agent identity and permission register

  • Intended purpose statement

  • Risk classification and tool boundary

  • Human oversight and approval map

  • Append-only audit trail sample

  • CLEARCLEAREvaluation frame for Cost, Latency, Efficiency, Accuracy, and Reliability. baseline and AgentOpsAgentOpsOperating layer for identity, audit review, evaluation, cost, risk, drift, and revocation. report

  • Revocation path and operating cadence

  • Governance support note for legal review

Governance support - not legal compliance certification.

AgentOps inspection surface

Agent inventory

AgentStatusRisk classRuns
PHANTOMactiveFINANCIAL47
HERMESactiveREAD_ONLY312
ATLASactiveREAD_ONLY89
ARGOSactiveREAD_ONLY156

CLEAR scorecard · last PHANTOM run

  • Cost1.00
    < EUR 0.80
  • Latency1.00
    < 30s
  • Efficiency1.00
    < 12 tool calls
  • Accuracy1.00
    >= 0.85
  • Reliability1.00
    >= 0.95

Audit traillive

    Compact AgentOps proof
    • 4 active agents inventoried with risk classes
    • PHANTOM shows FINANCIAL boundary control
    • CLEAR baseline records cost, latency, efficiency, accuracy, reliability
    • Latest audit event passes approval gate
    Decision supportThree final checks before a diagnostic conversation.

    Use these checks to decide whether to score readiness or request review with proof already attached.

    Does HARNEXA certify EU AI Act compliance?

    No. HARNEXA builds governance support and audit-ready foundations your legal team can review.

    Can PHANTOM submit orders or update CRM from the public proof?

    No. The public proof is synthetic and stops at the human approval boundary. Live writes stay disabled.

    What reaches founder review?

    Readiness score, PHANTOM proof context, role/workflow signal, evidence packet, and the requested commercial path.

    Founder-reviewed next stepBring evidence, not a generic intake.

    Score readiness if the workflow is unclear; request review when the proof context is ready.