Skip to content

Architecture overview (consolidated)

ASTRA reference architecture

graph TB
    subgraph "ASTRA Agent Security Control Plane"
        subgraph "Secure Agent Gateway (SAG)"
            SAG_AUTH[Authentication Layer<br/>OAuth 2.1, mTLS, JWT]
            SAG_POLICY[Policy Enforcement Point<br/>Real-time Policy Evaluation]
            SAG_ROUTE[Request Router<br/>Local vs Remote Tools]
            SAG_AUDIT[Audit Integration<br/>Decision Logging]
        end

        subgraph "Policy Plane"
            PDP[Policy Decision Point<br/>Policy Engine + Cache]
            PIP[Policy Information Point<br/>Context Assembly]
            POLICY_REPO[Policy Repository<br/>Versioned Policies]
        end

        subgraph "Audit & Lineage Plane"
            AUDIT_ENGINE[Audit Engine<br/>Immutable Event Store]
            LINEAGE_TRACKER[Data Lineage Tracker<br/>Provenance Chain]
            SIEM_EXPORT[SIEM Export<br/>Structured Events]
            HUMAN_APPROVAL[Human Approval<br/>High-Risk Escalation]
        end

        subgraph "Identity & Secrets"
            AGENT_IDP[Agent Identity Provider<br/>Credential Management]
            SECRET_MGMT[Secret Management<br/>KMS/Vault Integration]
            TOKEN_SVC[Token Service<br/>Short-lived Credentials]
        end

        subgraph "A2A Governance (Future)"
            A2A_REGISTRY[Agent Registry<br/>Capability Discovery]
            A2A_COMM[Communication Bus<br/>Secure Messaging]
            A2A_ORCHESTRATION[Orchestration Engine<br/>Workflow Management]
        end
    end

    subgraph "External Systems"
        AGENTS[AI Agents<br/>Various Frameworks]
        TOOLS[Enterprise Tools<br/>APIs, Databases, SaaS]
        ENTERPRISE_IAM[Enterprise IAM<br/>SSO, RBAC]
        ENTERPRISE_SIEM[Enterprise SIEM<br/>Security Monitoring]
    end

    %% Current Implementation (SAG + Policy + Audit + Identity)
    AGENTS --> SAG_AUTH
    SAG_AUTH --> SAG_POLICY
    SAG_POLICY --> PDP
    PDP --> POLICY_REPO
    SAG_POLICY --> SAG_ROUTE
    SAG_ROUTE --> TOOLS
    SAG_AUDIT --> AUDIT_ENGINE
    AUDIT_ENGINE --> SIEM_EXPORT
    SIEM_EXPORT --> ENTERPRISE_SIEM
    SAG_POLICY --> HUMAN_APPROVAL
    SAG_AUTH --> AGENT_IDP
    AGENT_IDP --> SECRET_MGMT

    %% Future Implementation (A2A - shown as blocks)
    A2A_REGISTRY -.-> A2A_COMM
    A2A_COMM -.-> A2A_ORCHESTRATION

    %% Enterprise Integration
    AGENT_IDP --> ENTERPRISE_IAM

    %% Styling
    classDef current fill:#e8f5e8
    classDef future fill:#f5f5f5,stroke-dasharray: 5 5

    class SAG_AUTH,SAG_POLICY,SAG_ROUTE,SAG_AUDIT,PDP,PIP,POLICY_REPO,AUDIT_ENGINE,LINEAGE_TRACKER,SIEM_EXPORT,HUMAN_APPROVAL,AGENT_IDP,SECRET_MGMT,TOKEN_SVC current
    class A2A_REGISTRY,A2A_COMM,A2A_ORCHESTRATION future

Core architectural pillars

Secure Agent Gateway (SAG)
  • Authentication and mediation: OAuth 2.1, mTLS, JWT; token exchange not pass-through
  • Enforcement: Serves as Policy Enforcement Point (PEP), evaluating policies in real time; rate limits and circuit breakers protect systems
  • Smart routing: Local tools vs. proxied MCP servers; policy-aware dispatch

The Secure Agent Gateway forms the critical entry point for all agent-to-tool interactions, functioning as the Policy Enforcement Point (PEP) within the ASTRA architecture. This component addresses one of the most significant challenges in agentic AI security: ensuring that every tool access request is properly authenticated, authorized, and audited without introducing unacceptable latency or complexity.

The gateway implements multi-protocol authentication support, seamlessly handling OAuth 2.1 flows for enterprise integration, mutual TLS for high-security environments, and JWT tokens for lightweight interactions. This flexibility ensures that ASTRA can integrate with existing enterprise authentication infrastructure while supporting the diverse authentication requirements of different agent frameworks and deployment models.

A key innovation in the SAG design is its token mediation capability, which prevents the dangerous practice of raw token forwarding. Instead of passing upstream tokens directly to downstream services, the gateway actively exchanges tokens with appropriate resource indicators and scope limitations. This approach prevents privilege escalation attacks and ensures that each service receives only the minimal access tokens required for the specific operation.

The gateway's intelligent request routing capability distinguishes between local tools that can be executed directly within the secure environment and external MCP servers that require proxied access. This routing decision considers not only the tool's location but also policy requirements, performance characteristics, and security constraints. Advanced rate limiting and circuit breaker patterns protect both individual agents and the overall system from excessive resource consumption or cascading failures.

Policy Plane
  • Real-time decisions: Policy engine-backed PDP with caching
  • Rich context: Agent, tool, environment, history, and explicit intent signals
  • Policy lifecycle: Versioned, testable policy-as-code with safe rollbacks
  • Hybrid intent-aware pipeline: Intent analysis feeds intent_risk into policy evaluation

The Policy Plane represents the intelligence center of the ASTRA architecture, implementing the Policy Decision Point (PDP) through a policy engine. This component transforms complex organizational security requirements into real-time access decisions, enabling organizations to codify their security logic in a structured, testable, and auditable format. (For example, OPA/Rego can be used to realize the policy-as-code model.)

The policy evaluation engine operates through rich context assembly, gathering comprehensive information about the requesting agent, target tool, environmental conditions, and historical patterns to make informed security decisions. This context-aware approach enables policies that can differentiate between a routine data query during business hours and an unusual access attempt outside normal parameters, providing the nuanced decision-making that modern agentic environments require.

Performance optimization through intelligent decision caching ensures that policy evaluation never becomes a bottleneck in agent operations. The system maintains a sophisticated cache of recent policy decisions while ensuring that cached results remain valid in the face of changing conditions, policy updates, or evolving threat landscapes.

Policy management follows software engineering best practices, treating security policies as versioned, testable code. This approach enables organizations to apply standard development lifecycle practices to their security logic, including code review processes, automated testing, staged deployments, and rollback capabilities when policy changes produce unexpected results.

Audit & Data Lineage Plane

Provides comprehensive audit trails and data lineage tracking for compliance.

Identity & Secrets

Manages agent identities and credentials with enterprise integration.

A2A Governance (Future)

Future capabilities for secure inter-agent collaboration and orchestration.