Skip to main content

Architecture

An AARM system consists of six components working together: 
┌─────────────────────────────────────────────────────────────┐
│                       AARM SYSTEM                           │
├─────────────────────────────────────────────────────────────┤
│                                                             │
│   ┌──────────────────┐      ┌──────────────────┐            │
│   │ Action Mediation │ ───► │ Policy Decision  │            │
│   │ Layer (AML)      │      │ Point (PDP)      │            │
│   └──────────────────┘      └────────┬─────────┘            │
│                                      │                      │
│                                      ▼                      │
│                             ┌──────────────────┐            │
│                             │ Policy Enforce-  │            │
│                             │ ment Point (PEP) │            │
│                             └────────┬─────────┘            │
│                                      │                      │
│         ┌────────────────────────────┼────────────────┐     │
│         ▼                            ▼                ▼     │
│  ┌─────────────┐          ┌──────────────┐    ┌─────────┐   │
│  │  Approval   │          │   Receipt    │    │Telemetry│   │
│  │  Service    │          │  Generator   │    │Exporter │   │
│  └─────────────┘          └──────────────┘    └─────────┘   │
│                                                             │
└─────────────────────────────────────────────────────────────┘

Components

Action Mediation Layer

Intercepts tool invocations and normalizes to canonical schema

Policy Engine

Evaluates actions and enforces decisions

Approval Service

Human-in-the-loop for high-risk actions

Receipt Generator

Cryptographically signed audit records

Data Flow

1

Intercept

Action Mediation Layer captures tool invocation from agent
2

Normalize

AML converts protocol-specific request to AARM action schema
3

Evaluate

Policy Decision Point matches action against rules
4

Enforce

Policy Enforcement Point implements decision (allow/deny/modify/step-up)
5

Approve

If STEP_UP, Approval Service routes to human approvers
6

Execute

If allowed, action forwards to tool
7

Record

Receipt Generator creates signed audit record
8

Export

Telemetry Exporter sends events to SIEM/SOAR

Component Responsibilities

ComponentInputOutputRequired
Action MediationProtocol requestAARM ActionYes
Policy Decision PointActionDecisionYes
Policy Enforcement PointAction + DecisionEnforced resultYes
Approval ServiceActionApproval resultYes
Receipt GeneratorAction + Decision + ResultSigned receiptYes
Telemetry ExporterReceiptSIEM eventsRecommended