Skip to main content

Architecture

An AARM system consists of six components working together: AARM System Architecture

Components

Action Mediation Layer

Intercepts tool invocations and normalizes to canonical schema

Policy Engine

Evaluates actions and enforces decisions

Approval Service

Human-in-the-loop for high-risk actions

Receipt Generator

Cryptographically signed audit records

Data Flow

1

Intercept

Action Mediation Layer captures tool invocation from agent
2

Normalize

AML converts protocol-specific request to AARM action schema
3

Evaluate

Policy Decision Point matches action against rules
4

Enforce

Policy Enforcement Point implements decision (allow/deny/modify/step-up)
5

Approve

If STEP_UP, Approval Service routes to human approvers
6

Execute

If allowed, action forwards to tool
7

Record

Receipt Generator creates signed audit record
8

Export

Telemetry Exporter sends events to SIEM/SOAR

Component Responsibilities

ComponentInputOutputRequired
Action MediationProtocol requestAARM ActionYes
Policy Decision PointActionDecisionYes
Policy Enforcement PointAction + DecisionEnforced resultYes
Approval ServiceActionApproval resultYes
Receipt GeneratorAction + Decision + ResultSigned receiptYes
Telemetry ExporterReceiptSIEM eventsRecommended