L1 — LLM Surface
Tool registry + system-prompt enforcement. The LLM only knows about tools the gateway exposes; system prompts that try to circumvent purpose declarations fail at the gateway.L2 — Fastify Gateway
Intercepts every LLM tool call before it leaves your network. The gateway is the choke point — every other layer assumes the gateway has already extracted intent.L3 — Intent Intelligence
A FastAPI extractor that parses the tool call into a structured purpose record. Per-user history is keyed byuser_id so anomalies surface
(“alice never reads SSN; this call wants SSN — flag”).
L4 — Policy Layer
Declarative rules that match purposes to allowed elements. Policy always wins over history inference. A purpose explicitly allowed in policy is allowed even if it’s anomalous; a purpose explicitly denied is denied even if it’s been used before.L5 — Token + Credential Layer
Intent tokens minted from approved purposes. Optional Okta token hooks enrich IdP-issued tokens with thepurp claim. Vault issues just-in-time
database credentials scoped to the active intent token.
L6 — DB Proxy
Column-level enforcement at the database. Queries are rewritten or blocked based on the activepurp.elements list. Blocked columns are highlighted
in the audit log with remediation suggestions.
Visual
Adoption order
You don’t install all six on day one. The maturity model walks you up the stack — start at L1+L2 (observe), add L3+L4 when patterns are clear, layer L5+L6 when compliance demands enforcement.Read next
- The maturity model — phases of adoption
- Install the gateway — get L1+L2 running today