ARIA MCP GATEWAY

ARIA MCP Gateway

Enforce policy everywhere — pre‑exec governance for agents and tools.

Platform TeamsSecurity +1 more

Book demo Read docs Quickstart

Read the Strategy Memo → Authorization model (PDP/PEP/PIP/PAP) → AuthZEN Draft‑04 → MCP vs API Gateway →

Visual representation of gateway architecture with modular enforcement layers

Why it wins

Budget caps (402) and per‑route constraints

Tool allow‑lists and anti‑injection checks

Params/egress allowlists at the edge

BFF plumbing without exposing tokens

Signed receipts for compliance

How it works

Validate ARIA Passport and session.
Check policy for requested tool and operation.
Enforce constraints and obligations; call tool.
Write a signed, hash‑chained receipt.

Guardrails at the edge

Gateway enforces the PDP's guardrails where calls enter: scope and parameter allow‑lists, egress rules, anti‑injection checks, and budget stops. Safe by default, fast in practice.

Plan JWS (per step)


{
  "step": 3,
  "tool": "billing.export",
  "params_fingerprint": "sha256-...",
  "schema_hash": "sha256-...",
  "iat": 1738020000
}

Gateway verifies the JWS signature and payload fields to ensure the call matches the planned step.

Schema pins & allowlists


{
  "schema": { "id": "billing.export", "version": "2.3.1", "hash": "sha256-..." },
  "params_allow": ["account_id", "month"],
  "egress_allow": ["https://api.example.com"]
}

Pins prevent drift; parameters and egress are enforced at the boundary with PDP constraints.

Budget control: pre‑gate + settle

The PDP checks live budgets before a call (no tokens spent). For streams, Shield reserves a cap and truncates output the instant the budget boundary is reached.

See it live Read docs