§ technology

Five systems. One control plane.

RBAC. Audit. MCP multiplexer. Memory. Reconciler. Each one is production-grade. Together they form the governance layer that sits above any agent runtime.

01
§ identity & access

Directory-grade RBAC.

Agents, humans, and services share the same identity model: organizational units, security groups, and role bindings. Deny-override inheritance means a deny at any level wins over any allow below it. Deterministic. Auditable. Familiar.

  • 5 built-in roles — OrgAdmin, OUAdmin, AgentAuthor, DeploymentOperator, Viewer
  • Custom roles — scoped to OU or org, with fine-grained permission sets
  • Group membership — agents and humans assigned to groups, groups bound to roles
  • Deny precedence — deny bindings override allow at the same or lower scope
  • Last-admin protection — prevents accidental lockout of the final OrgAdmin
rbac evaluation
principal  usr.raj
action     agent.invoke
resource   agent:pg-writer
scope      /acme/engineering/platform

bindings:
  allow  eng-leads → OUAdmin     (platform)
  allow  usr.raj → AgentAuthor   (platform)
  deny   contractors → *         (acme)

resolution: allow
reason:     usr.raj ∈ eng-leads
no deny binding matches
02
§ compliance

Cryptographic audit chain.

Every agent turn, tool call, policy decision, and memory operation lands in an append-only, SHA-256 hash-chained log. Each row's hash incorporates the previous row's hash. Modify any historical entry and every subsequent hash breaks.

  • Append-only — database trigger rejects updates and deletes
  • Canonical serialization — deterministic JSON for hash stability
  • Advisory locks — pg_advisory_xact_lock prevents concurrent corruption
  • Daily verification — worker recomputes the full chain for every org
  • SOC 2 ready — closes the audit trail control without a separate GRC tool
audit chain entry
{
  "seq":            4892,
  "event_type":     "tool.call",
  "actor":          "agent:pg-writer",
  "action":         "sql.explain",
  "decision":       "allow",
  "prev_hash":      "sha256:7a3f...b2e1",
  "hash":           "sha256:9c1d...f4a8",
  "timestamp":      "2026-04-22T14:22:08Z"
}
03
§ tool authorization

MCP multiplexer.

Every tool call an agent makes passes through the MCP multiplexer. Per-template policy engines evaluate read/write restrictions, allowlists, row limits, and scope boundaries before any tool call executes. Shared infrastructure — no per-agent server instances.

  • 17 templates — Postgres, Slack, GitHub, Jira, Salesforce, Gmail, Zendesk, S3, and more
  • Per-call policy — every tool invocation authorized before execution
  • FleetConfigCache — 10-second poll, shared across all agents in the org
  • Path & subdomain routing — multiple MCP deployments on shared infra
  • Envelope encryption — AES-256-GCM for credentials, per-row random nonce
postgres
slack
github
jira
salesforce
gmail
zendesk
s3
confluence
linear
notion
bigquery
stripe
hubspot
datadog
pagerduty
custom
+ bring your own
04
§ intelligence

Biologically-inspired memory.

16 service modules. Hebbian associative learning, consolidation pipelines, 4-dimensional validation, injection defense, rot-aware context assembly. Every session makes every agent smarter. Governed by the same RBAC and audit chain as everything else.

  • Hebbian learning — co-retrieval strengthens associations with saturation brake
  • Kairos validation — 4-D gate: consistency, grounding, novelty, alignment
  • Context assembler — 7 sections, token budgets, rot-aware interleaving
  • Scope promotion — job → role → org with human review gates
  • Shadow eval — precision@k, recall@k, MRR, NDCG without affecting agents
memory pipeline
session.complete → consolidation
  events:       12 captured
  attribution:  3 chunks contributed
  patterns:     +1 extracted
  anti_patterns: 0

kairos_validation:
  consistency:  0.94
  grounding:    0.88
  novelty:      0.76
  alignment:    0.91
  verdict:      pass

hebbian_update:
  edges_strengthened: 2
  edges_decayed:      4
05
§ operations

Declarative reconciler.

Every resource in powerloom — agents, MCP deployments, role bindings, workflows — is a YAML manifest. weave plan diffs against live state. weave apply reconciles. Drift detection alerts when live state diverges from declared.

  • Dependency-sorted — OUs before groups, groups before agents, agents before attachments
  • Independent resource apply— one failure doesn't stop the rest; outcome table shows what succeeded
  • CI/CD nativepip install loomcli, run weave apply in any pipeline
  • Multi-runtime — 10+ provider drivers behind a unified AgentRuntime interface
  • Rollback — revert to any previous declared state via git + re-apply
$ weave apply acme/
planning changes against ou=acme/engineering/platform …

+ agent          pg-writer
                  model=claude-sonnet-4-6
+ mcp-deployment   pg-analytics
+ role-binding     eng-leads → OUAdmin
~ role-binding     contractors → deny
                  (effect: allow → deny)

Plan: 4 create, 1 update, 0 destroy
 applied in 1.4s · run apl_9f2ac4
§ start governing

Built for production.

41+ versioned builds. 760+ tests. Deployed on AWS. The architecture is real and the governance is rigorous.

Request access →Deep dive · memory