TECHNICAL ARCHITECTURE

The Single Gate Architecture

Every AI action flows through one deterministic authorization point. No bypass. No exceptions. The gate is the only path.

LLM / AI Agent
Proposes actions (untrusted)
action proposal
authorize()
THE SINGLE GATE
Budget Cap
Rate Limit
Egress Scan
Lockdown
ALLOW / DENY
Policy Kernel
Immutable rule evaluation
if ALLOW
Secure Executor
Idempotent side effects only
External API / Database
Real-world execution

Parallel Enforcement Channels

Budget Circuit Breaker

Automatic halt when spend exceeds threshold. Default: $50/day per agent.

budget_gate.ts

Rate / Loop Breaker

Detects and kills recursive loops. Tracks payload hashes to identify cycles.

rate_gate.ts

Egress Gateway

Scans all outbound data for secrets (API keys) and PII (SSNs, credit cards).

egress_gate.ts

Audit Infrastructure

Hash-Chained Ledger

Every decision is recorded with SHA-256 hash linking to the previous entry. Tamper with one record and the entire chain invalidates.

prevHash → SHA256(decision + prevHash) → hash

Rule Version Snapshots

Every decision records which rule version applied. Replay any historical decision with the exact rules that were active at that moment.

decision.ruleSetVersionId → RuleSetVersion.hash

Cryptographic Signatures

ALLOW decisions include HMAC-SHA256 signature. Prove the decision was made by this system and has not been modified.

HMAC(proposalId + outcome + timestamp, secret)

Prisma Write Guard

Runtime middleware blocks direct writes to protected tables. Only the Secure Executor can write to the audit ledger.

db-guard.ts → BLOCKED unless SecureExecutor

Deploy Runtime Governance

HALMAI installs in hours, not months. Start with audit-only mode for zero-friction proof.

Learn the CategoryRequest Enterprise Access