SOLUTION

Agent‑Safe Tools

Verified agents Constrained tools Auditable calls

Open Quickstart

Visual representation of agent-safe tools with Gateway and Shield enforcement layers

How it works

Agent presents ARIA Passport to Gateway.
Gateway validates and checks policy for the requested tool.
Constraints and obligations enforced; tool is invoked.
Receipt is created with full context.

FAQ

How do schema pins work? Gateway validates tool/model schema hash/version and blocks drift pre‑exec.
Can we restrict tools per agent? Yes. AuthZEN constraints and allow‑lists per agent/role.
Do we get receipts? Every governed call emits a signed receipt for audit and chargeback.

Related comparisons

MCP Gateway vs API Gateway

Schema pins and plan discipline vs routing/rate‑limits.

AuthZEN overview

Decisions your gateways can actually enforce.

Watch: Tool Governance in 90 seconds

Standards

OpenID AuthZEN obligations/constraints
RAR (RFC 9396), DPoP (RFC 9449)
MCP model/tool schema pins

Learn more

Technical docs

Marketing site

MCP Gateway ARIA Shield

Related reading

MCP Primer PDP Reference