Give your agents context — not the whole haystack.
Oxagen keeps the context window free, not full. A typed knowledge graph and RBAC-scoped retrieval feed every model call only what it is authorized to see — through one metered, audited invoke() chokepoint, across the API, MCP server, and in-app agent.
More free than full.
The naive pattern stuffs every document into the prompt until the window saturates — latency and cost climb, and recall collapses in the noise. Oxagen does the opposite: it retrieves only the precise, authorized slice your task needs, so the window stays open and the model stays sharp.
- Typed knowledge graph. Entities and relationships in Neo4j — retrieval targets meaning, not a wall of text.
- RBAC-scoped retrieval. The graph only returns what the caller is authorized to see; isolation is enforced, not hoped for.
- Metered + instrumented. Every retrieval and model call records context tokens used, latency, and surface of origin.
Free, not full. Oxagen retrieves only the authorized, relevant slice from your typed knowledge graph — RBAC-scoped, so the window stays open and the model stays sharp.
Capable AI for your teams. The controls your security team requires.
One audited chokepoint
Every capability — model call, tool invocation, code execution, memory write — passes through a single invoke() kernel that enforces IAM, meters credits, and writes an immutable audit record. There is no alternate path.
Security overviewTenant isolation with RLS
Every tenant-scoped row carries org_id and workspace_id, and Postgres row-level security is enforced by the database. The oxagen_app role has no BYPASSRLS — an unscoped query returns zero rows, not another tenant's.
How isolation worksSOC 2-aligned controls
Designed SOC 2-first. Role-based IAM with default-deny, two independent audit stores with 7-year retention and chain-hash tamper evidence, versioned migrations, and sandboxed code execution that is network-denied by default.
SOC 2 mappingParity across every surface
Each capability is declared once in the contract registry and exposed identically across the REST API, the MCP server, and the in-app agent. The same action produces the same audit record no matter where it came from.
Capability modelEverything is reachable three ways.
One capability model, exposed identically across the REST API, the MCP server, and the in-app agent. Pick a surface and start building.
Getting started
Sign up, create your organization and workspace, send your first message.
CLI
Install the oxagen CLI, run the agent loop locally, query the knowledge graph from your terminal.
REST API
/v1 endpoints, API-key authentication, the capability registry, and the chat streaming transport.
MCP server
Connect at /mcp over streamable HTTP; org + workspace scope carried by your API key.
Agent platform
Tools and capabilities, agent memory, plan mode and approvals, code execution, the research swarm.
Plugins
Capability packs, the static registry, tiers and entitlement gating, and the workspace marketplace.
Start with the context window open.
Install the CLI and ask your codebase a question, or read the getting-started guide to stand up an organization and workspace.