MACAWMACAW
Get Started
Docs/Architecture/Trust Layer

Trust Layer

MACAW creates a distributed trust mesh where AI agents, tools, and LLMs register as endpoints and communicate with cryptographic guarantees. Policy enforcement happens at every endpoint, not a central chokepoint.

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                        AI Workloads                              │
│   ┌──────┐  ┌──────┐  ┌─────────┐  ┌──────┐  ┌─────┐           │
│   │ Tool │  │OpenAI│  │LangChain│  │Claude│  │ MCP │           │
│   │  DB  │  │Agent │  │  Agent  │  │ LLM  │  │Agent│           │
│   └──┬───┘  └──┬───┘  └────┬────┘  └──┬───┘  └──┬──┘           │
└─────┼─────────┼───────────┼──────────┼─────────┼────────────────┘
      │         │           │          │         │
      ▼         ▼           ▼          ▼         ▼
┌─────────────────────────────────────────────────────────────────┐
│                    MACAW TRUST LAYER                             │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │  Adapters: SecureOpenAI | SecureAnthropic | SecureMCP     │  │
│  │            SecureLangChain | MACAWClient                   │  │
│  └───────────────────────────────────────────────────────────┘  │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │                    Control Plane                           │  │
│  │  ┌──────────┬───────────┬───────────┬─────────────────┐   │  │
│  │  │  Agent   │  Policy   │  Audit    │    Identity     │   │  │
│  │  │ Registry │  Store    │  Logs     │    Bridge       │   │  │
│  │  └──────────┴───────────┴───────────┴─────────────────┘   │  │
│  └───────────────────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────────────────────┘

Every participant in the mesh—apps, agents, tools, LLMs—becomes a verified endpoint with a cryptographic identity. Endpoints can dynamically register and deregister as workloads scale.

Control Plane Services

The control plane provides four core services that enable secure communication across the mesh:

Agent Registry

Maintains a live inventory of all registered endpoints. Each agent receives a unique cryptographic identity used for signing and verification.

  • • Dynamic registration/deregistration
  • • Public key distribution
  • • Capability advertisement
  • • Health monitoring

Policy Store

Central repository for MAPL policies. Policies are distributed to endpoints for local evaluation—no round-trip to the control plane for each decision.

  • • Hierarchical policy composition
  • • Runtime policy updates
  • • Version management
  • • Conflict resolution

Audit Logs

Tamper-evident record of all operations. Every invocation, policy decision, and context change is logged with cryptographic proof.

  • • Signed audit entries
  • • Configurable signing modes
  • • SIEM integration
  • • Compliance reporting

Identity Bridge

Connects enterprise identity providers to the trust mesh. JWT claims from Keycloak, Okta, Auth0, or Azure AD are mapped to policy attributes.

  • • Multi-IDP support
  • • Claims mapping
  • • Token validation
  • • Session management

Distributed Trust Mesh

Unlike hub-and-spoke architectures, MACAW creates a true mesh where any endpoint can communicate with any other endpoint. The control plane facilitates discovery and policy distribution, but doesn't sit in the data path.

Endpoints come and go dynamically. When an agent registers, it receives a keypair and joins the mesh. When it deregisters, its keys are revoked and pending invocations are rejected.

   Agent A ◄────────► Agent B
      │                   │
      │                   │
      ▼                   ▼
   Tool X ◄────────► Tool Y
      │                   │
      │                   │
      ▼                   ▼
   LLM 1  ◄────────►  LLM 2

Each connection is:
• Signed by sender
• Verified by receiver
• Policy-enforced at endpoint

Zero Trust Principles

MACAW implements zero trust from first principles. Every request is verified regardless of source, and policy is enforced at the endpoint—not a central gateway.

PrincipleImplementation
Never trust, always verifyEvery invocation is cryptographically signed and verified at the receiver
Least privilegePolicies default to deny; explicit grants required for each resource
Assume breachEach endpoint enforces policy independently; compromised nodes can't escalate
Minimize blast radiusPolicies scoped to tools and prompts limit damage from any single compromise

Deployment

The control plane runs as a managed service in the cloud. For enterprises with specific requirements, hybrid deployments are supported.

Client workloads connect via MACAWClient or framework adapters. Configuration is managed through the Console—no YAML files in client code.

Cloud (Default)

Fully managed control plane. Connect via API key from Console.

Hybrid

Control plane in your VPC with cloud management. For regulated industries.

Multi-Tenant

Each tenant isolated with unique API keys and separate audit logs.

Related

Authenticated Workflows

Signed invocations and verification

Identity Bridge

Enterprise IDP integration

MAPL

Policy language

Quick Start

Get started in 5 minutes