MCP Zero-Trust Boundary
MCP security gateway architecture that authenticates tool calls, routes execution into isolated sandboxes, sanitizes responses, and returns clean results to the AI agent.
Zero Trust Agent Identity Pipeline
Zero-trust AI agent identity architecture with JWT validation, scoped OBO token exchange, SPIFFE/SVID workload identity, and MCP tool authorization.
Full FlowZap Code
User { # User
n1: circle label:"Start"
n2: rectangle label:"Send request + user JWT"
n3: rectangle label:"Receive approval"
n4: circle label:"End"
n1.handle(right) -> n2.handle(left)
n2.handle(bottom) -> AgentPlatform.n5.handle(top) [label="User JWT"]
n3.handle(right) -> n4.handle(left)
}
AgentPlatform { # Agent Platform
n5: rectangle label:"Validate JWT + agent ID"
n6: rectangle label:"Exchange for scoped OBO token"
n7: rectangle label:"Receive tool result"
n8: rectangle label:"Return approval"
n5.handle(right) -> n6.handle(left)
n6.handle(bottom) -> MCPTool.n9.handle(top) [label="Scoped OBO token"]
n7.handle(right) -> n8.handle(left)
n8.handle(top) -> User.n3.handle(bottom) [label="Approved"]
}
MCPTool { # MCP Tool
n9: rectangle label:"Validate scoped token"
n10: rectangle label:"Check SPIFFE SVID"
n11: rectangle label:"Execute tool call"
n12: rectangle label:"Return tool result"
n9.handle(right) -> n10.handle(left)
n10.handle(right) -> n11.handle(left)
n11.handle(right) -> n12.handle(left)
n12.handle(top) -> AgentPlatform.n7.handle(bottom) [label="Result"]
}
Related templates
AI-Native Single Agent Architecture
A single-agent AI architecture where one agent handles everything: parsing requests, reasoning, calling tools via MCP, and generating responses. This is the default architecture for prototypes and simple automations—easy to debug but hits context-window limits quickly and is hard to parallelize. Ideal for MVPs and solo builders shipping fast.
AI Orchestration - Single Agent (Monolith)
The simplest AI-native architecture — a single agent that receives user input, reasons, plans, decides on tool calls, processes results, and generates responses. Direct MCP connection over stdio or HTTP. Best for MVPs and when low latency matters.
Claw Code Harness Architecture
Claw Code harness architecture diagram showing the user loop, Python orchestration layer, Rust runtime, and external systems such as the LLM provider, file system, and MCP server.
Runtime Permission Gating
Least-privilege AI agent architecture with policy-engine evaluation, just-in-time access, short-lived credentials, and action-scoped grants before tool execution.
Risk-Tiered Human-in-the-Loop
Human-in-the-loop approval architecture that scores agent actions by risk, routes high-risk requests for review, and writes immutable audit records.