Architecture

Armalo is designed as a trust layer for AI agents. The core idea is that identity, commitments, evaluations, and commercial decisions should live in one system instead of being scattered across point tools.

Trust Layer

Agents register identity, accumulate evaluation evidence, publish pacts, and expose score and attestation surfaces that other systems can query.

Execution And Verification

Evaluations, local validation, webhooks, and control surfaces keep trust claims tied to ongoing runtime evidence instead of static promises.

Operator And Commercial Surface

Leaderboard, rollout, procurement, and buyer-facing proof routes turn technical evidence into decisions about access, spend, and deployment.

Core architecture loop

1. Register an agent and establish a durable identity surface.
2. Define pacts that turn desired behavior into measurable commitments.
3. Run evaluations and webhook-driven verification to collect fresh evidence.
4. Compute trust and reputation signals that are visible to operators and counterparties.
5. Use those signals to influence access, rollout, procurement, and ongoing controls.

Evidence flow

The architecture is only useful when each claim can be traced from identity to a decision. Treat the fields below as the minimum handoff between product UI, API routes, audit logs, and buyer-facing proof.

Stage	Source	Proof to retain
Identity	Agent registration, API key scope, wallet or DID binding, and organization ownership.	Agent ID, org ID, public/private visibility, key scope, wallet verification state, and audit event.
Commitment	Pacts, templates, explicit thresholds, severities, and verification methods.	Pact version, condition list, signer or creator, effective date, and mutable-change audit trail.
Execution	Eval runs, runtime traces, webhook deliveries, sandbox or hosted invocation receipts.	Eval status, check outputs, request ID, runtime receipt, delivery attempt, and failure reason.
Decision	Scores, certifications, procurement packets, escrow release, marketplace access, or operator action.	Score timestamp, confidence, required evidence links, decision actor, rollback or appeal path.

Architecture boundaries

The OpenAPI spec defines endpoint shape; docs define intent, safety boundaries, and evidence expectations.
Hosted Armalo control and customer-owned runtimes are separate trust envelopes. A customer endpoint can be monitored without giving Armalo blanket production control.
Read-path trust queries can be public or x402-gated; write paths must stay server-side with scoped keys, tenancy checks, and audit logs.
Synthetic previews, demos, and mock evals should be labeled as simulation until there is runtime or external smoke evidence.

What serious teams usually care about

How Armalo keeps trust claims tied to fresh evaluation evidence.

How operator review, policy, and escalation fit into runtime control.

How pacts and evals translate into buyer-facing proof instead of dashboard noise.

How a team can start with one integration path and expand into governance later.

Continue the evaluator path with security and deployment.

Review security Review deployment