2. Core Concepts
The Event Lifecycle
A standard LLM interaction monitored by AgentID produces an event lifecycle that stitches together the pre-model and post-model phases using a unique Client Event ID.
- The
guardPhase: Your app sends the prompt to AgentID. The Guard engine evaluates the input and returns a verdict (allowedorblocked) along with an event correlation ID. - The Execution Phase: If allowed, your application executes the prompt against your chosen LLM (e.g., OpenAI, Anthropic).
- The
completePhase: Your app sends the final generated output and latency metrics back to AgentID's Ingest endpoint. - Reconciliation: AgentID stitches the
guardprompt and thecompleteoutput together into a single, immutable lifecycle record visible in your Dashboard.
(Note: Seeing two distinct network requests for one user action is the expected architecture. This guarantees that blocked prompts are recorded even if the LLM is never called).
Fail-Open vs. Fail-Closed Behavior
AgentID gives developers strict control over how the system behaves during network partitions or infrastructure timeouts.
- Strict Mode OFF (Fail-Open): The default behavior. If the AgentID Guard endpoint is unreachable or times out, the SDK will bypass the security check and allow the LLM execution to proceed. This ensures your application stays online during transient network issues.
- Strict Mode ON (Fail-Closed): If explicitly enabled in the Dashboard or local SDK, network timeouts will result in a hard block. This is designed for high-sensitivity environments (Healthcare, FinTech) where a prompt must never reach an LLM un-audited.
API Keys & Tenant Isolation
All Data Plane endpoints are secured via API keys (sk_live_...).
- Keys are scoped at the Organization and System level.
- Request identity and tenant context are cryptographically bound to the event metadata, ensuring total tenant isolation and forensic traceability.
- Keys are hashed using a pepper strategy; raw keys are never stored.