ZT-Infra Architecture
This public architecture diagram shows how the developer site, Hello World quickstart, adapters, control plane, deployed runtimes, and evidence systems fit together.
What This Shows
- Agent interfaces: LangGraph, OpenAI, MCP, A2A, and custom adapters normalize requests into one control-plane contract.
- Public developer path:
zt-infra.organd this repo provide the public quickstart, local mock control plane, and adapter onboarding path. - Adapter contract layer: SDK wrappers and protocol gateways call policy before execution and return the same audit envelope.
- Control plane: the current implemented endpoint is
POST /actions. - Execution containment layer: Docker Local and Nono brokers run approved work after policy allows it.
- Private AWS MVP runtime: the full infrastructure repo runs
zt-provisioner, Tailscale access, SSM fallback, Nginx, and verification. - Evidence systems: audit records can be hash-chained, KMS-signed, written to CloudWatch, and optionally anchored through DAAL.
Layer Boundaries
| Layer | Example primitives | ZT-Infra relationship |
|---|---|---|
| Identity | SPIFFE/SPIRE, NANDA-style agent identity | Consume identity and bind it into actor. |
| Policy / governance | CSA ATF, OPA, Cedar | Wrap policy decisions in an agent-shaped contract. |
| Execution containment | nono, gVisor, Firecracker, Kata, browser sandboxes | Handoff approved work to a broker; record evidence. |
| Observability | SIEM, OpenTelemetry, eBPF/runtime telemetry | Emit consistent audit records. |
Current Versus Future
Current
- public developer site and Hello World quickstart;
- local mock control plane for onboarding;
POST /actionspolicy decision contract;- signed audit record shape;
- Nono and Docker broker examples;
- framework wrappers for LangGraph, OpenAI, MCP, and A2A in the full MVP.
Future
- canonical transient agent identity;
- workload-bound credentials;
- signed runtime attestation;
- trust bundles and federation;
- richer identity and authorization APIs.