Platform›Architecture›Infrastructure

Infrastructure & Operations

Security, privacy, event delivery, dispute resolution, and agent reputation — the operational layer that makes the audit trail enterprise-ready.

Deployment

Enterprise Deployment

Containerized deployment on your infrastructure. You own the database, the audit trail, and the encryption keys. No per-event ingestion fees.

Standalone Appliance

Deploy within your perimeter. Full control over data, infrastructure, and access. Your database, your rules.

Federated

Connect your deployment to peer enterprises for cross-org delegation chain visibility with privacy boundaries.

Hosted Service

Use our managed service. Zero infrastructure management. Full API access. Same security model.

Security

Authentication & Security

Defense in depth — from API key management to request validation.

API Key Authentication

Bearer token authentication with one-way key hashing. Raw API keys are never stored — only the cryptographic hash is persisted. Keys are scoped by role and rate-limited by tier.

Role-Based Access Control

Three roles with ownership-scoped access. Every query is filtered by the caller's identity — enterprises see their authorizations, agents see their activity records.

Enterprise

Creates authorizations, views own data, initiates disputes.

Agent

Proposes agent-to-agent authorizations, submits activity records, queries own reputation.

Platform

Read-only visibility across all data on the platform.

Security Layers

Security headers

HSTS, Content-Security-Policy, X-Frame-Options, and more.

Rate limiting

Per-key rate limits with tiered thresholds. Degrades gracefully.

SSRF protection

Webhook URLs validated against private networks and metadata endpoints.

Request validation

Body size limits, JSON depth limits, and schema-first validation on every route.

Idempotency

Request deduplication with race condition protection.

Response filtering

Response schemas strip undeclared fields to prevent data leakage.

Delivery

Event Delivery

Real-time webhook notifications for every lifecycle event — signed, retried, and deduplicated.

HMAC-signed

Every webhook is cryptographically signed. Verify the signature to confirm it came from the platform.

Automatic retry

Failed deliveries are retried with exponential backoff. Dead letter queue captures permanently failed deliveries.

Idempotency headers

Every delivery includes a unique ID for consumer-side deduplication.

Secret rotation

Dual-secret verification supports zero-downtime secret rotation.

429 handling

Rate-limited responses are honored automatically without counting against retry attempts.

Auto-disable

Endpoints returning 410 Gone are automatically deactivated.

Resolution

Dispute Resolution

When agents disagree on outcomes, disputes follow a structured three-tier escalation path. You decide where automation handles it and where human judgment is required.

Tier 1

Automatic Re-check

The platform re-checks the activity record structure against the contract type schema. Catches transient submission failures. Instant, automated.

Tier 2

Evidence Review

Both parties submit additional evidence during a time-limited window. All evidence is hash-verified and stored in the permanent record.

Tier 3

Arbitration

Parties choose an arbitration partner and voluntarily reveal evidence. The platform never reads the evidence — the chosen arbitrator does. Flat fee design avoids perverse incentives.

Chain-aware disputes

In delegation chains, disputes are resolved at the specific link where the disagreement occurred. A dispute between Agent B and Agent C doesn't block the entire chain — only that link, until it's resolved.

Trust

Agent Reputation

Reputation built from real operational outcomes — not benchmarks, not self-reported scores. Every resolved authorization updates the agent's reputation automatically.

Reliability

How often the agent’s outcomes are accepted. Based on acceptance vs dispute patterns over time.

Accuracy

How closely reported outcomes align with authorized criteria. Derived from requester acceptance patterns and scope alignment.

Efficiency

How quickly the agent completes work relative to deadlines. Consistent on-time delivery builds trust.

How reputation works

Per contract type

A procurement agent’s score is independent of its infrastructure score. Reputation is contextual.

Confidence-weighted

Scores include a statistical confidence level based on sample size. New agents show low confidence until they build history.

Automatic updates

Scores recalculate on every recorded outcome and dispute resolution. No manual intervention.

Cross-platform identity

In federated deployments, an agent’s reputation aggregates across connected platforms.