Skip to content
Reference architecture

The agent control plane, at the endpoint.

A control plane is the layer that decides what an agent is allowed to do before it acts: identity, policy, inspection, and audit over every model, tool, and MCP call. Alyria puts that layer where agents actually run, on the endpoint, across every vendor, under your keys.

Control plane vs data planeEndpoint-resident enforcementUnder your keys
Control plane

The governance and decision layer: identity, policy enforcement, real-time inspection, and audit that determine what an agent may do before it acts. Alyria is that plane for your agent fleet.

Data plane

Where the work happens: the model inference, tool calls, and API requests an agent makes. Alyria sits in front of it at the endpoint, so even agents that never touch a cloud gateway are still governed.

The flow

Callers, control plane, destinations

Every call an agent makes flows through the control plane before it reaches a model, a tool, or your data. Left to right on desktop; top to bottom on mobile.

01Callers

Where agents run

Coding agents
Claude Code · Cursor · Codex · Copilot
Chat clients
Claude · ChatGPT · internal assistants
Framework & CLI agents
LangChain · direct-provider CLIs
Autonomous / CI agents
Jira→PR · scheduled jobs
Your engineers
scoped by team and role
02The Alyria control plane

What an agent may do, before it acts

Identity & access · spans every call
SSO across your IdP
OIDC · SAML · SCIM · scoped by division and role
Interception · at the endpoint
Beacon
Every model, tool, and MCP call evaluated against policy locally. Monitor first, enforce when ready.
LyraPolicy-as-code
ConstellationMesh + memory
UmbraroadmapSecrets
Statioin devRuntime
Observability & audit · signal out
SpectraObservatory
OpenTelemetry · tamper-evident audit → your SIEM or Alyria Cloud
Custody · spans every call
Under your keys
BYOK / HYOK · verifiable kill-switch · one signed audit chain
03Destinations

Models, tools, data

Model providers
Claude · GPT · Gemini · Bedrock · self-hosted
MCP servers & tools
internal and third-party
SaaS & internal APIs
GitHub · Jira · Salesforce · databases
Your SIEM
Elastic · Kibana · Splunk (audit egress)

The enforcement point is Beacon, on the endpoint. No cloud round-trip on the hot path, and no agent slips past by avoiding a gateway.

Building blocks

One module per job in the plane

The celestial family maps one-to-one onto the architecture: where each piece sits, and what it does there.

At the endpoint

Beacon

Endpoint enforcement

A signed, user-space agent on every machine. Inventories the AI layer and evaluates policy on every MCP call locally, where the call originates. Monitor first, enforce when ready.

Authored once, enforced everywhere

Lyra

Policy-as-code

One capability-brokered, information-flow-aware policy language. Written once, enforced deterministically at the Beacon, with one signed audit chain across every decision.

Governed context over MCP

Constellation

Mesh + shared memory

Org facts and ingested docs recalled over MCP, scoped by division and role from your IdP, with a prompt-injection safety layer on every read and write.

Signal out

Spectra

Telemetry & audit

OpenTelemetry from every Beacon: policy decisions, MCP activity, inventory. Routed to Observatory or straight into the SIEM your SOC already watches.

Under your keys

Umbra

Agent secrets

Fleet data and secrets encrypted under an envelope key we delete on request; enterprises bring their own (BYOK / HYOK). Static blobs are opaque to us at rest. A2A and client-held keys are on the roadmap, behind an external audit.

In your cloud

Observatory

Cloud console

Alyria Cloud: enterprise SSO, fleet and policy dashboards, findings and posture, exportable tamper-evident audit. The managed surface over the whole fleet.

In development

Statio

Agent runtime

The governed runtime agents run inside, on a Beacon-governed node in your cloud, so every model and tool call is mediated by construction. Engine- and cloud-agnostic, Bedrock-first. In active development with a launch design partner.

Principles

What makes it a control plane, not a proxy

Cross-vendor and endpoint-resident

Enforcement lives at the endpoint, in Beacon, not only in a cloud gateway. That governs the agents a gateway never sees: framework agents and direct-provider CLIs that call models through their own libraries.

Safe enablement, not a veto

The same layer that routes agent traffic enforces policy on it, so governance and enablement stop being in tension. You can say yes to the Claude Code and Cursor rollout because you can see and bound it.

Policy as code

Rules are versioned, testable, and executable, applied at the point of use, not a wiki page. Run any policy in monitor mode first to see what it would decide before it blocks anything.

Under your keys

Fleet data is encrypted under a key you can delete or bring yourself. Cut us off and verify it in your own logs. Every agent decision lands in one signed, tamper-evident chain you can export.

Open standards, no lock-in

OAuth 2.1 and OIDC for identity, MCP for tools, OpenTelemetry for signal. Standard formats your team already routes, retains, and trusts.

Per-identity correlation

Identity threads through SSO to model call to tool call to response, so the audit trail answers who, not just what. Access is scoped by division and role resolved from your IdP.

See the plane over your own fleet.

A read-only deploy in about 30 minutes returns a board-ready Agent Exposure Report: every agent, tool, and MCP connection, and every policy violation, across the fleet.