Skip to main content

Trust Fabric

The Trust Fabric is the combination of identity, policy, and cryptographic proof that secures the Open Agentic Platform. It ensures that every action is authenticated, authorized, and recorded.

The Chain of Trust

The trust fabric operates across the three layers of OAP:

  1. Identity (OIDC Login): Trust begins with the user. Developers authenticate via Rauthy, the platform's native OIDC provider. Rauthy federates with GitHub, ensuring that the user's identity is tied to their organization membership.
  2. Scope Gate: When a user logs in, they receive a JWT containing specific scopes. The deployd-api and stagecraft services use these scopes to gate access to platform resources.
  3. Spec-Bound Action: In the OPC desktop, the user's identity is used to acquire project-level grants from the platform. The axiomregent MCP server uses these grants, combined with the Policy Kernel, to authorize agent actions. Every action is thus bound to the user's intent and the repository's specifications.
  4. Recorded Index: The stagecraft service maintains an immutable audit log of all significant actions, providing a server-side record of local agent activity.
  5. Hashed Certificate: Finally, the output of the process is sealed with a Governance Certificate. This hashed artifact proves that the artifacts were generated by the authorized process and have not been tampered with.

Why This Matters

In a traditional system, a developer's local machine is a black box. If a developer uses an AI coding assistant, the platform has no visibility into how the code was generated.

By extending the trust fabric from the platform down to the local MCP server, OAP brings the agentic development loop under governance. The platform knows who initiated the session, what policies applied, and how the final artifacts were produced.