Integration

Authority integrates at the action boundary — the commit point where actions produce irreversible state change. Integration is not a choice of pattern; it is the requirement to place Authority on the only path where consequential actions commit.

The action boundary is defined in Ambit Authority.

Where Authority Sits

Authority mediates every consequential action at the boundary between your system and the downstream services it targets. This is the only point where governance cannot be bypassed without changing infrastructure.

Your System

Agent, orchestrator, or application

proposes an action

Ambit Authority

Governance decision at the action boundary

execution boundary

Downstream System

Tool, API, database, or external service

executes (if allowed)

Authority does not replace your agent runtime, API gateway, or orchestration layer. It inserts a governance decision into the path that already exists between intent and execution. Evidence is committed synchronously as part of the decision, before execution.

Pipeline Layers

Authority deployment has three dimensions: pipeline layer — when governance can intervene; integration pattern — how Authority is inserted; enforcement plane — what consequence surface is governed.

Authority can integrate at multiple layers for visibility, but enforcement is authoritative only at the action boundary — where actions commit to external systems.

Intent

Formation

Transport

Execution

execution boundary

External Systems

An action passes through three layers before reaching an external system. Each offers a different combination of context quality and enforcement strength — but only one provides complete mediation.

Action Formation

High context. Advisory only. Easily bypassed.

Where actions originate — agent runtimes, SDK wrappers, tool invocations. High semantic context, but advisory only. Alternative execution paths bypass this layer entirely.

Transport & Coordination

Medium context. Partial enforcement. Still bypassable.

Where actions move between components — API gateways, service meshes, message queues. Stronger enforcement than formation, but still bypassable. Not the final point of consequence.

ExecutionAuthoritative Layer

Complete mediation at commit. No action reaches an external system without evaluation.

Where actions commit to external systems — the action boundary. Complete mediation: no action reaches a downstream system without evaluation. The only point where governance cannot be bypassed without changing infrastructure.

Only one layer prevents bypass

Formation and transport provide context visibility and incremental control. But neither can prevent an action from reaching a downstream system through an alternative execution path. Only the execution layer — the action boundary — provides complete mediation.

Layer	Context Quality	Enforcement Strength	Bypass Risk
Action Formation	High	Advisory	High
Transport & Coordination	Medium	Partial	Medium
Execution	Structural	Authoritative	None

Integration Patterns

Authority can be integrated through three common boundary patterns: embedded SDK, centralised gateway, or co-located sidecar deployment.

SDK

Authority executes authorisation inside your application via a lightweight SDK invocation. SDK integration is authoritative when it sits on the execution path — bypass requires modifying application code. Example: application invokes refund.issue from an internal code path.

Gateway

Authority evaluates at a centralised enforcement boundary — an action gateway, tool proxy, or service mesh entry point. The gateway enforces authorisation decisions; it does not terminate or transform traffic. Example: model proposes a refund API call routed through the enforcement gateway.

Sidecar

Authority deployed as a co-located service alongside the agent runtime, reachable over a local enforcement interface. Example: agent runtime in Kubernetes calls the local governance service before tool execution.

Choose SDK when the execution path is owned by application code. Choose Gateway when actions exit through a centralised egress path. Choose Sidecar when execution occurs in orchestrated runtimes requiring process isolation. In all patterns, decisions are synchronous and fail-closed — execution does not proceed without a decision. All integration patterns produce identical decisions and byte-verifiable evidence; only placement changes, not the governance outcome. No valid integration leaves an execution path that bypasses Authority.

The Execution Boundary

The execution boundary is where a proposed action would commit a state change to an external system. At this boundary, Authority renders a deterministic authorisation decision before the action is allowed to execute. Every decision produces verifiable evidence.

This boundary functions as a commit gate for autonomous systems — actions are only applied to external systems after successful authorisation. If Authority is not on the execution path, governance is advisory and bypassable.

Governance decisions are synchronous and fail-closed: if a decision cannot be made, the action does not execute.

Enforcement Planes

Enforcement planes are defined by where actions can produce or extend real-world consequences — not by how they are implemented.

The following planes represent all surfaces through which consequential actions are expressed. Governance must operate across all of them — but enforcement is only authoritative at the action boundary.

Tool Boundary

▎

Govern invocation of capabilities exposed through tools, APIs, and execution interfaces — function calls, MCP tool servers, API invocations, and workflow triggers. The tool boundary defines what capabilities are invoked and under what constraints.

Runtime Boundary

▎

Govern the execution environment in which processes operate — file system access, network access, system calls, resource limits, and isolation. The runtime boundary defines what resources an executing process can access.

Code Execution Boundary

▎

Govern whether new executable capability may be introduced into the system — execution permission, language and interpreter restrictions, and sandbox constraints for dynamically generated code. Distinct from runtime containment: this boundary controls the introduction of capability, not the environment in which it runs.

Data Boundary

▎

Govern access to enterprise data sources — read and write permissions, query constraints, scope limitation, classification and data handling policies across structured and unstructured data systems.

Memory Boundary

▎

Govern persistent agent state and long-term memory — write permissions, retention and lifecycle policies, integrity and tamper detection, and access control across agents and sessions.

Network/Telemetry Boundary

▎

Govern outbound communication to external systems — destination restrictions, protocol constraints, payload inspection, and telemetry scope and data egress policies.

Not every system surface is an enforcement plane. Some — such as prompt filtering, output validation, and model routing — influence behaviour but operate before action formation and do not determine whether a consequential action is authorised:

Model Boundary

▎

Govern interaction with the model — prompt construction and filtering, output shaping and validation, model selection and routing. These controls are probabilistic and operate before action formation. They influence system behaviour but do not determine whether a consequential action is authorised.

Delegation and Orchestration

Multi-agent orchestration does not introduce new enforcement planes. Messages between agents traverse existing planes (tool, network, memory), shared state is governed at the memory and data boundaries, and capability invocation remains governed at the tool boundary. The governance challenge in orchestration is the resolution of delegation chains across composed actions — evaluated deterministically at the action boundary before execution.

Bypass Detection

When an action reaches a downstream system without passing through Authority — via a misconfigured path, a direct connection, or an ungoverned runtime — no evidence record is produced. The decision ledger has no entry. The hash chain has no link. This absence is the signal: a state change without a corresponding governance decision is a detectable governance failure. Observatory monitors the decision ledger for exactly this — gaps, missing records, and sequence discontinuities.

From Enforcement to Assurance

Each decision produces a governance receipt — a tamper-evident record of the action, policy, delegation, and outcome, committed to the decision ledger.

Observatory interprets these records — generating governed traces, root-cause narratives, and assurance reports without sitting in the enforcement path.

Enforcement becomes evidence. Every action is controlled. Every decision is provable.

Integration architecture is defined by your action boundary, action classes, and governance requirements. Deployment is tailored to your environment.

See where Authority fits in your architecture.

Evaluate your action boundary