The full architecture spec is in active development. Here's the structure of what it will cover when published — and how to get the working draft today.
An end-to-end walk through Permit0's engine — how a tool call becomes a canonical action, gets scored, evaluated, and either executed under a signed token or blocked.
The full request lifecycle from agent tool call to gated execution. How the SDK intercepts, how the gate communicates with the policy plane, where state lives, and where the hot-path latency budget is spent (target: <5ms p99).
How heterogeneous tool calls — LangChain, MCP, CrewAI, OpenClaw, raw Python — normalize into canonical actions across 21 domains. The 7-stage compilation pipeline, the canonical ActionSpec schema, and how new tools and frameworks plug in without policy rewrites.
The 9-flag × 10-amplifier scoring model. Why risk is intrinsic to the verb (universal baseline) and amplified by context (session, actor, environment, amount, destination). The math behind the score, and how it composes with policy to drive ALLOW / DENY / REVIEW outcomes.
A deterministic scorer makes the first decision. An optional LLM reviewer runs second — and is architecturally permitted only to deny or escalate, never to approve. Why this asymmetry is the only LLM-in-the-loop pattern that doesn't compromise determinism.
PASETO v4.public format, payload binding to argument hashes, constraint envelopes, TTL, replay protection, signing infrastructure, and the verification path inside the Execution Gateway. Why an adversarial prompt cannot bypass a signed gate, even with valid OAuth credentials.
How policies are authored, versioned, and distributed across deployment modes. The DecisionRecord schema produced for every evaluation — signed, replayable, and exportable. How the audit trail composes into evidence for SOC 2, EU AI Act, NAIC, SR 11-7 reviews.
Two paths — pick whichever fits your timeline.
The founders are happy to share the WIP architecture document on a 30-minute call and answer security questions in real time. We've done dozens of these — they're substantive, not sales calls.
Talk to founders →One email when this document ships. No newsletter, no marketing cadence — just the link to the published doc.
We'll only use your email to send this single notification.