Architecture
How Froda AI fits your stack
Every agent does two things: it calls a model, and it calls tools. Govern those two connection points and you govern the whole agent — without touching its code.
Governance Control Plane
Where governance teams author & deploy
Agent Frameworks
No SDK. No wrappers. No code changes.
Froda AI Gateway
Model calls
Metered spend · budget caps
Tool calls
Policy on every invocation
ALLOW · BLOCK · REDACT · HITL
Models & tools
Reached only after policy passes. Keys stay in the vault — the agent never sees them.
System of Record
Immutable accountability, per tenant
Integration
Zero SDK. Two endpoints and a bearer token.
The same integration works whether the agent is built on LangGraph, ZeroClaw, OpenFang, CrewAI, n8n, or anything else. Swap frameworks and nothing about your governance changes.
1. Register the agent
Add the AI system and its agent in the dashboard, pick the framework. The agent is now a governed identity in your registry.
2. Mint an agent-bound token
One bearer token, bound to that agent. Point it at a different agent's endpoint and the gateway returns 403. Revocable in one click.
3. Point the two slots at the gateway
Wire the agent's model slot and tool slot to the gateway URL. That's the whole integration — no library import, no refactor.
# MCP tool endpoint (Streamable HTTP or SSE)
url: https://gateway.froda.ai/mcp/stream/<agent_id>
auth: Bearer <agent_token>
# model calls route through the gateway too
model_base_url: https://gateway.froda.ai/llm
Runtime
What happens on every call
The gateway sits in the execution path. Policy isn't advice the agent can ignore — it's a gate the action can't skip.
Zero-trust discovery
The gateway returns only the methods this agent's policy contracts authorize. An unregistered agent sees nothing.
Deterministic evaluation
Every invocation is checked against the hierarchical policy — Global → Org → System → Agent — before it runs.
ALLOW · BLOCK · REDACT · HITL
A BLOCK short-circuits before the tool executes and returns a structured reason (matched rule, policy id, request id).
Immutable audit row
Every call — allowed or blocked — is written to the cryptographic ledger with the agent, tool, policy, and outcome.
Compatibility
Standard transports, first-party connectors
Standard MCP transports
Streamable HTTP and SSE are both served, side by side. Wire whichever your framework prefers — the auth and agent-binding behave identically on both.
Native + MCP connectors
First-party tools (Gmail, Google Workspace, Stripe, Slack) run in-process against the provider API. Everything else connects as a standard MCP server. No local subprocess to manage.
Multi-step stays governed
The gateway returns data; your agent's LLM decides the next step. Each call is independently evaluated, metered, and HITL-routable — the gateway never takes over the workflow.
Data & Deployment
You choose where it runs and what leaves
Runs in your boundary
Deploy as managed SaaS, in your own VPC, or fully on-prem / air-gapped. In a self-hosted deployment, agent traffic and audit data never leave your network.
The gateway sits between your agents and the models and tools they reach. It processes the metadata it needs to make and record a policy decision:
- Which agent acted, under which policy, and the delegation chain behind it
- The tool, method, and the specific field values a rule evaluates
- The decision (ALLOW / BLOCK / REDACT / HITL) and the matched rule
The Multi-Agent Problem
Why guardrails break down
Single-turn guardrails assume one agent, one prompt, one response. Agent-to-agent delegation breaks that assumption — and most governance tools with it.
Legacy guardrails inspect one input and one output. But autonomous agents hand work to other agents — and risk compounds with every hop. Froda AI was built to govern the delegation chain, not just isolated chatbots.
Privilege Escalation Protection (Confused-Deputy Blocked): The downstream delegated scope never granted write access. The execution chain is provenance-stamped end-to-end at runtime.
Every delegation carries the authority it was granted — no more, no less. An agent can't launder a privilege it was never given through a downstream call.
Hierarchical policy inheritance — Global → Org → System → Agent — means one rule can cover the whole organization, with overrides at any level of the chain.
Delegation provenance, confused-deputy blocking, and hierarchical inheritance — shipped. No other governance platform enforces this at the tool-call level.
One-click kill switch
Cut an agent's tool calls, LLM access, and credentials in a single action — instant containment when something goes wrong.
Loop & runaway protection
Cryptographic fingerprinting detects and halts runaway identical tool calls before they burn budget or spam downstream systems.
Per-agent budget caps
Hard spend limits per agent with BLOCK / THROTTLE / WARN. Cost is attributed to the agent identity that incurred it.
Enterprise Readiness
Deploy your way. Procure the easy way.
Choose the deployment model that fits your security and compliance architecture — and pay for it with budget that's already approved.
Azure Marketplace
Deploy directly from your Azure tenant.
- Skip Vendor Onboarding: Pre-vetted listing shortcuts security assessment and procurement review.
- Counts Toward Your MACC: Transact through your existing Microsoft agreement — purchases burn down Azure committed spend.
- No New Procurement Cycle: Your cloud budget is your Froda budget. Already approved.
Managed Cloud (SaaS)
Best for teams prioritizing speed and zero-ops.
- Fully Managed: No infrastructure or maintenance overhead.
- Seamless Integration: Works with your existing AI stack—no refactoring required.
- Scales With You: From single agents to enterprise-wide governance.
Private VPC & On-Prem
Best for enterprises with strict data sovereignty requirements.
- Full Control: Maintain full control over updates, releases, and policy changes.
- Zero External Exposure: Keep all data and AI activity within your network—no external exposure.
- Air-Gapped Ready: Fully deployable in private VPCs, on-prem, and air-gapped environments.
Ready for Governed AI Innovation?
From a zero-trust agent registry to real-time enforcement and compliance—all in one platform.
Book a demoNo credit card required. Deploy from Azure Marketplace or SaaS in under 30 minutes.