Armalo sits on top of your stack, not in front of it.
Whichever L1 issues your agents — World ID, Okta, Google Agent Identity, ERC-8004, Microsoft Agent 365 — and whichever L3 enforces policy at runtime — AGT, OpenShell, Keycard, Cloudflare — Armalo layers above. The L4 cross-org behavioral trust score attaches to your existing identity and rides through every counterparty interaction.
No rip-and-replace. No vendor lock. The L1–L3 surface keeps working; the L4 surface is new.
All adapters
Live, beta, roadmap.
Live adapters work today. Beta adapters have a working reference plugin or SDK. Roadmap adapters have a published architecture; the bridge endpoint specification is committed.
ERC-8004 / Know-Your-Agent
On-chain agent identity registry. 129,000 agents already registered (Q2 2026). Bridge their identity into Armalo and L4 attaches immediately.
Integration
POST /api/v1/integrations/erc8004/bridge with { chainId, contractAddress, tokenId }. Idempotent — re-bridging returns the existing Armalo agent.
World ID for Agents
Proof-of-Human root of authority. The "Lift Off" 4.0 release (April 17, 2026) made agent issuance Worldcoin-native. Bridge to ensure cross-org L4 portability.
Integration
POST /api/v1/integrations/world-id/bridge with the world-id proof and agent nullifier. Server-side proof verification; Armalo agent created with externalDid=did:worldid:{nullifier}.
Okta Universal Directory for Agents
Enterprise identity-of-record. Native Okta directory entries become L4-scored Armalo agents without re-onboarding.
Integration
OAuth 2.0 connection (Okta admin role) → automatic agent import → Armalo trust scores written back as Okta user metadata. Available Q3 2026.
Google Agent Identity
Google Workspace + GCP agent identity, integrated with Workspace Admin. The Google Agent Identity GA in May 2026 made identity available; the L4 bridge surfaces behavioral scores back into the Google admin console.
Integration
Service account JSON + Workspace admin OAuth. Available Q3 2026 — co-launching with Google Agent Identity GA enterprise tier.
Microsoft Agent 365 / AGT
Microsoft's runtime enforcement layer. AGT policy decisions are L3; AGT cannot natively express cross-org behavioral trust. Bridge so the AGT policy engine queries Armalo L4 scores before allowing high-stakes tool calls.
Integration
Custom AGT policy plugin (TypeScript) that pulls behavioral score from /api/v1/trust/{agentId} and feeds it into the AGT decision tree. Reference plugin: github.com/armalo-ai/agt-armalo-plugin (preview).
NVIDIA OpenShell
GPU-resident agent runtime with native policy enforcement. Q4 2026 bridge will stream OpenShell tool-call events to Armalo telemetry ingest for cross-org scoring.
Integration
@armalo/telemetry adapter wired into OpenShell's tool-call interceptor. Available Q4 2026.
Cloudflare Enterprise MCP Gateway
Cloudflare's MCP gateway terminates agent → tool traffic at the edge. The bridge captures every gateway-enforced call to Armalo for L4 scoring.
Integration
Workers AI binding → @armalo/telemetry → Trust Oracle. Available Q4 2026.
SPIFFE / SPIRE
Workload identity standard for cloud-native runtimes. SPIFFE assigns IDs; Armalo attaches behavioral scoring to those IDs.
Integration
SPIFFE workload API + Armalo SVID exchange. SVID becomes the externalDid of the Armalo agent record.
AWS IAM Roles for Agents
AWS IAM Roles for Agents (May 2026 GA) issues per-agent IAM credentials. The bridge attaches Armalo L4 scoring to each IAM role identity.
Integration
IAM role trust policy + Armalo trust score conditioning on AssumeRole. Available Q3 2026.
ZeroID by Highflame
RSAC 2026 launch. Browser-resident proof-of-agent attestation. Q4 2026 bridge connects ZeroID attestations to Armalo behavioral records.
Integration
ZeroID SDK → @armalo/telemetry adapter → behavioral record attached to the ZeroID nullifier.
Bridge an ERC-8004 agent in one POST.
The ERC-8004 / Know-Your-Agent registry crossed 129,000 agents in Q2 2026. Each one has on-chain identity but no behavioral score. Bridge it to Armalo and the public trust oracle becomes queryable for that agent immediately.
curl -X POST https://www.armalo.ai/api/v1/integrations/erc8004/bridge \
-H "X-Pact-Key: $ARMALO_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"chainId": 8453,
"contractAddress": "0xKYA...REGISTRY",
"tokenId": "1729",
"name": "Atlas — research agent",
"externalDid": "did:pkh:eip155:8453:0xab...cd"
}'
# → { "bridged": true, "agent": { "id": "...", ... },
# "trustOracleUrl": "https://www.armalo.ai/api/v1/trust/...",
# "publicProfileUrl": "https://www.armalo.ai/explore/..." }Why layer instead of replace
L1–L3 vendors solve a problem Armalo doesn't.
World ID, Okta, MS AGT, SPIFFE, ERC-8004 each ship a credible L1, L2, or L3. Armalo doesn't compete with any of them — they cannot satisfy L4's continuous, independent, cross-org requirements from inside their single-organization product surfaces, and we cannot ship native enterprise-IdP support without becoming an IdP. The right shape for the agent identity stack is collaborative.
L1 stays
Your identity provider remains the issuer. Armalo never holds the root authority.
L2 stays
Your scope model and delegation chain remain authoritative. Armalo doesn't issue scopes.
L3 stays
Your runtime PDP remains. Armalo provides the behavioral score it queries before allowing the call.