AGT And MeshGuard Architecture
AGT and MeshGuard occupy different layers.
| Layer | Responsibility | Owner |
|---|---|---|
| PEP | Intercept agent actions in process and ask for a decision. | AGT, LangChain adapters, Bedrock adapters, OpenAI Agents adapters, or custom code. |
| PDP | Evaluate tenant policy against the request context. | MeshGuard control plane. |
| Audit | Persist decisions and operator actions in a tamper-evident stream. | MeshGuard audit service. |
| Operations | SSO, SCIM, RBAC, alerting, SIEM egress, deployment, evidence export. | MeshGuard operator surface. |
Request Flow
mermaid
sequenceDiagram
participant Agent as AGT-instrumented agent
participant PEP as MeshGuard AGT adapter
participant PDP as MeshGuard PDP
participant Audit as MeshGuard Audit
participant SIEM as Customer SIEM
Agent->>PEP: action + context
PEP->>PDP: PolicyRequest
PDP-->>PEP: PolicyResponse
PEP->>Audit: decision event
Audit-->>PEP: audit anchor
Audit->>SIEM: normalized egress
PEP-->>Agent: allow, deny, require_approval, or errorBoundary Principles
- The PEP is pluggable. AGT is first-class, not exclusive.
- The PDP contract is stable and framework-neutral.
- Tenant ID is mandatory on every control-plane request.
- Audit records are portable and exportable.
- Self-hosted, sovereign, and air-gapped deployments use the same product surface as SaaS.
Deployment Modes
| Mode | Control-plane location | Best fit |
|---|---|---|
| Managed SaaS | MeshGuard cloud | Default production fleet governance. |
| Dedicated tenant | Single-tenant MeshGuard cloud | Mid-enterprise isolation and predictable capacity. |
| Customer cloud | Customer AWS, Azure, GCP, OCI, or sovereign account | Regulated or procurement-constrained enterprises. |
| Self-hosted Kubernetes | Customer cluster | Sovereign and high-control environments. |
| Air-gapped | Offline install bundle | Defense and disconnected environments. |