video1.0<iframe src="https://www.loom.com/embed/a9e5673f410542bcb09b8ce7813e240c" frameborder="0" width="1114" height="835" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>8351114Loomhttps://www.loom.com8351114https://cdn.loom.com/sessions/thumbnails/a9e5673f410542bcb09b8ce7813e240c-8c47717da2a08ec1.gif449.965This Loom demonstrates REXIS, a structural enforcement layer that lets humans authorize actions while an LLM runs in a micro VM with no network access or stored credentials. The operator configures tasks via a plan.toml with credentials backed by configurable backends, and REXIS proxies intercept DNS and TCP requests to enforce allow lists, such as restricting Postgres to read only. It shows protocol-aware enforcement for services like MySQL, Postgres, MongoDB, Redis, and SMTP, including an audit chain that is cryptographically hashed and tamper evident when requests are denied (for example, blocking NPM). The presenter notes SQL store latencies in millisecond ranges and that IPC is extremely fast, with the main bottleneck being multi second LLM calls to the provider.