1. Overview & Architecture

What is AgentID?

AgentID is a security, compliance and observability System of Record for AI systems. It is not just a "prompt filter." It is a full control plane that sits invisibly between your application and the LLM execution layer to enforce policies, capture immutable telemetry, and generate automated compliance artifacts (such as those required by the EU AI Act).

• Read the full Node.js / TypeScript SDK Guide
• Read the full Python SDK Guide

The Two-Plane Architecture

To guarantee zero-trust security without bottlenecking your application, AgentID operates on a strict two-plane design:

• The Control Plane: The UI Dashboard and backend logic where you define system configurations, guardrail policies, RBAC (Role-Based Access Control), API keys, and manage QMS (Quality Management System) compliance workflows.
• The Data Plane: The highly available runtime endpoints (/guard and /ingest) that process your live traffic, enforce deterministic pre-execution checks, and trigger async deep-scan audit jobs.

The Dual-Phase Engine

AgentID ensures that security never comes at the cost of unacceptable latency. We achieve this through a dual-phase evaluation model:

1. Phase 1: Deterministic Fast Path (Pre-Execution): When your app calls guard(), the payload is evaluated against deterministic heuristics (PII detection, injection patterns, toxicity blockers). This is highly optimized for speed, returning an allow/block decision in milliseconds.
2. Phase 2: Async Semantic Deep Scan (Post-Execution): Once the model completes its generation, the log() payload triggers an asynchronous deep AI audit. This layer infers complex semantic risks (e.g., subtle data leaks, hallucination likelihood) and enriches the event metadata in your Dashboard without blocking your application's runtime.