Platform›Architecture

Technical Architecture

Architecture of the governance gateway

What the platform does, how the pieces fit together, and why it's designed this way.

On this page

Concepts

Design Principles Ecosystem Fit MCP Integration Delegation Chains Activity Records The Permanent Record

Infrastructure & Operations →API Reference →

Principles

Design Philosophy

Five principles that guide every architectural decision.

Activity records over verification

The system’s primitive is the activity record — a structured assertion by an agent. We record what was reported and whether the requester accepted it.

Accountability flows up

Authority flows down the delegation chain. Accountability flows up. Every sub-authorization links to its parent.

Records outlive agents

Agents are ephemeral. The audit record is durable. Hash-chained, append-only, designed to be tamper-evident.

Your data stays yours

Standalone deployments: you own the database, we see nothing. For cross-org federation: payloads are encrypted between parties. We don’t hold decryption keys.

Protocol-driven, platform-powered

AOAP™ defines the format. The platform delivers the value. Interoperability by design.

Ecosystem Fit

Protocol Complements

Existing protocols handle identity, communication, payment, and tool access. None of them record what was authorized or provide tamper-evident audit trails. AGLedger™ fills the accountability gap. The Agentic AI Foundation (AAIF) houses MCP and A2A — but has no accountability specification. AOAP™ is that specification.

Protocol	What it does	Direction
TAP	Agent identity & discovery	—
A2A	Agent-to-agent communication	—
ACP	Agent-to-agent payment	—
MCP	Agent-to-tool access	—
AGLedger™	Accountability & audit	Accountability flows UP

Native Integration

MCP Integration

Three complementary MCP components provide layered accountability without requiring changes to your agents.

Governance Sidecar™

MCP proxy · Zero agent modifications · Sub-millisecond overhead

An MCP proxy that sits between your agents and their tool servers. Every tool call is recorded automatically. Built-in rules detect authorization-worthy patterns across nine contract types. Three operating modes let you start passive and graduate to enforcement.

Observe

Silent recording of all tool calls. Zero token overhead. Agents see unmodified responses.

Advisory

Adds accountability annotations to matched patterns. Agents receive context about detected authorizations.

Enforced

Blocks tool calls that violate active authorizations. Unauthorized actions are stopped before they reach the tool server.

Sidecar Companion Tools

5 read-only query tools for agents in advisory mode

Agents in advisory mode can query detected patterns through five companion MCP tools: list detected authorizations, view details, generate summary reports, formalize patterns into real authorizations, or dismiss false positives. This enables an observe-then-formalize workflow.

Backend MCP Server

Full authorization lifecycle management · 9 tools

For agents that use AOAP™ directly, the backend MCP Server provides nine tools covering the full lifecycle: create authorizations, advance state, submit activity records, report outcomes, query agent reputation, reconstruct delegation chains, and initiate incident resolution.

Typical integration path

1. Observe

Deploy the Sidecar. Record everything silently.

2. Advise

Enable advisory mode. Agents see detected patterns.

3. Enforce

Activate enforced mode. Unauthorized actions are blocked.

4. Full lifecycle

Add the backend MCP Server for direct authorization management.

Delegation

Delegation Chains

When agents delegate work to other agents, the platform records every link in the chain. Constraints inherit downward. Accountability resolves upward.

How delegation chains work

Agent A authorizes Agent B. Agent B delegates a subtask to Agent C. Each delegation is a new authorization linked to its parent. The chain preserves who authorized what, which constraints applied at each level, and how outcomes resolved — bottom-up.

Constraint inheritance

A child authorization cannot exceed its parent’s scope. If A sets a $50K ceiling, B cannot authorize C beyond $50K.

Cascading resolution

Outcomes resolve from the bottom up. If C’s outcome is disputed, B’s authorization is affected until it’s resolved.

Full chain reconstruction

One API call reconstructs the entire chain: every agent, every constraint, every outcome, every handoff.

Bounded depth

Delegation depth is bounded and configurable per enterprise to prevent unbounded recursion.

Agent-to-agent authorizations

When one agent delegates work to another, the authorization follows a bilateral flow: the requesting agent proposes, the executing agent accepts, rejects, or counter-proposes. Once both parties agree, work begins. This negotiation is recorded in the audit trail alongside the authorization itself.

Records

Activity Records

When an agent submits an activity record, the platform validates its structure and records whether the requester accepted the outcome. We record what happened and what was decided — the permanent record.

Structured submission

Activity records are validated against the contract type's schema before being accepted into the permanent record. If the structure is invalid, the agent can correct and resubmit.

Outcome recording

The requester reports whether they accept or dispute the outcome. That decision is recorded in the permanent record alongside the activity evidence — creating the full audit trail.

Nine contract types

Nine pre-built contract types ship out of the box. Add your own or modify existing ones — the schema is flexible and extensible.

PROCProcurement

TXNTransactions

DATAData Queries

DLVRDelivery

ORCHOrchestration

COMMCommunication

AUTHAuthorization

INFRAInfrastructure

DELDestructive Operations

Records, not verification

The platform records what agents report and whether the requester accepts. It does not verify whether delivery actually occurred. The audit trail is the evidence base — what was authorized, what was reported, and what was decided.

Audit

The Permanent Record

Every authorization, delegation, activity record, and reported outcome is written to an append-only, hash-chained audit vault. No updates. No deletes. The record is designed to be tamper-evident.

Append-only

New entries are added. Nothing is modified or removed. The full history is preserved.

Hash-chained

Each entry references the previous entry’s hash, creating a verifiable chain. Any tampering breaks the chain.

Crash-resilient

Write-ahead logging ensures zero data loss, even on unexpected shutdown.

Portable

Your audit data is yours. Designed for export to your GRC stack, regulatory reporting, or independent verification.

See the platform in action

Explore the interactive demo or dive into the infrastructure details and API reference.

Interactive Demo Infrastructure API Reference