# Nyx

> AI-powered Kubernetes network security. Kernel-native enforcement, no sidecars.

## Docs

- [Enforcement Modes](https://docs.tracenyx.ai/concepts/enforcement-modes.md): The three enforcement modes — dry-run, audit, and enforce — and how to stage a policy safely from preview to live blocking.
- [Priority System](https://docs.tracenyx.ai/concepts/priorities.md): How Nyx orders and resolves policies — the four priority bands and first-match evaluation.
- [Tiers](https://docs.tracenyx.ai/concepts/tiers.md): How Nyx measures usage by monitored namespace, and what each tier is for.
- [Hardening](https://docs.tracenyx.ai/guides/hardening.md): A recommended path to a hardened, zero-trust posture with Nyx — default-deny, egress lockdown, and platform guardrails.
- [Installation](https://docs.tracenyx.ai/installation.md): Install Nyx on Linux and Windows nodes, configure image pull credentials, and verify your deployment.
- [Welcome to Nyx](https://docs.tracenyx.ai/introduction.md): AI-powered, kernel-native network security for Kubernetes — policy enforcement and traffic observability with no sidecars.
- [Quickstart](https://docs.tracenyx.ai/quickstart.md): Install Nyx on your Kubernetes cluster and see live network traffic in the dashboard — in about ten minutes.
- [NyxClusterConfig](https://docs.tracenyx.ai/reference/nyxclusterconfig.md): Cluster-wide configuration — the default mode, enforcement, and excluded namespaces for a cluster.
- [NyxClusterNetworkPolicy](https://docs.tracenyx.ai/reference/nyxclusternetworkpolicy.md): Cluster-scoped network policy — full field reference for the NyxClusterNetworkPolicy CRD.
- [NyxNetworkPolicy](https://docs.tracenyx.ai/reference/nyxnetworkpolicy.md): Namespace-scoped network policy — full field reference for the NyxNetworkPolicy CRD.

## OpenAPI Specs

- [openapi](https://docs.tracenyx.ai/api-reference/openapi.json)