Skip to main content

Purpose

The Action Mediation Layer (AML) is the entry point for all tool invocations. It:
  1. Intercepts requests before they reach tools
  2. Normalizes protocol-specific formats to AARM schema
  3. Enriches with identity and context
  4. Forwards to Policy Decision Point

Action Schema

Every action is normalized to this schema:
{
  "action_id": "act_7f8a9b2c",
  "timestamp": "2025-01-15T10:30:00.000Z",
  "tool": "email",
  "operation": "send",
  "parameters": {
    "to": "recipient@example.com",
    "subject": "Report",
    "body": "..."
  },
  "identity": {
    "human": "alice@company.com",
    "service": "agent-svc",
    "session": "sess_abc123"
  },
  "context": {
    "conversation_id": "conv_xyz",
    "prior_actions": ["db.query"],
    "data_classification": ["PII"]
  },
  "risk_signals": {
    "injection_score": 0.12
  }
}

Protocol Adapters

The AML includes adapters for different tool protocols:

MCP Adapter

class MCPAdapter:
    def to_action(self, request: MCPToolCall) -> Action:
        return Action(
            tool=request.tool_name,
            operation=request.method,
            parameters=request.params,
            identity=self.extract_identity(request.metadata),
            context=self.build_context(request),
            timestamp=datetime.utcnow()
        )

HTTP Adapter

class HTTPAdapter:
    def to_action(self, request: HTTPRequest) -> Action:
        return Action(
            tool=self.identify_tool(request.url),
            operation=request.method.lower(),
            parameters=request.json or request.form,
            identity=self.extract_identity(request.headers),
            context=self.build_context(request),
            timestamp=datetime.utcnow()
        )

Identity Extraction

The AML extracts identity from request metadata:
def extract_identity(self, metadata: dict) -> Identity:
    return Identity(
        human=metadata.get("x-user-id"),
        service=metadata.get("x-service-id"),
        session=metadata.get("x-session-id"),
    )
Identity claims should be validated against trusted sources (IdP, service registry).

Context Building

Context includes session state relevant to policy decisions:
def build_context(self, request) -> Context:
    session = self.session_store.get(request.session_id)
    return Context(
        conversation_id=session.conversation_id,
        prior_actions=session.action_history[-10:],
        data_classification=session.data_accessed,
        environment=self.get_environment()
    )

Meta-Tool Resolution: Some agent platforms use wrapper tools (meta-tools) where the actual tool identity is embedded in the parameters. For example, an MCP invocation may arrive as tool_name: "mcp_tool" with the actual server and tool names in the parameters JSON. The AML MUST resolve these before policy evaluation.See OpenTelemetry Ingestion: Meta-Tool Resolution.

Requirements

RequirementDescription
Complete interceptionAll tool invocations must pass through AML
Schema complianceOutput must conform to AARM action schema
Identity bindingEvery action must have identity context
IdempotentSame request produces same action representation
Meta-tool resolutionWrapper tools must be resolved to actual tool identity before policy evaluation