Reference Architectures

Direct Connection

Direct Connection is the simplest reference architecture. Agent clients connect directly to individual tool servers without intermediary layers.

Architecture diagram

Agent Client ---> Tool Server

A single agent communicates directly with a single tool server. No control plane or routing layer interposes between them.

Characteristics

Direct Connection suits small deployments with limited scope. The architecture minimizes complexity at the cost of centralized control. Each agent-server pair requires individual security configuration.

Control implementation distributes across clients and servers. No central point exists for policy enforcement or observability aggregation.

Priority controls

ComponentPriority Controls
ClientAZN-01, VAL-01, VAL-02, OBS-01
ServerEXE-01, EXE-02, DAT-01, DAT-02
TransportDAT-03, IDN-02

Client-side controls address authorization and input validation. Server-side controls address execution isolation and data protection. Transport controls ensure secure communication.

Typical certification profile

Direct Connection deployments typically certify at Essential or Standard profiles. The architecture suits experimental deployments and internal tools with limited scope.

Previous
Architecture overview
Next
Control plane