Deployment requirements.
Operational requirements for deploying AGA cryptographic runtime governance. AGA provides the governance mechanism. The deployer provides the infrastructure isolation and key management that makes it trustworthy.
Network Isolation.
The MCP governance proxy is effective only when it is the sole path between the agent and external resources. AGA does not provide network isolation. AGA provides the mechanism to specify, verify, and prove that isolation was in place.
Kubernetes
NetworkPolicy restricting agent pod egress to gateway IP/port only. Admission webhook configured to reject pods that launch without a valid sealed policy.
Standalone
iptables/nftables rules restricting agent process network access to gateway listener. seccomp profile blocking raw socket creation. AppArmor profile confining filesystem access.
Air-Gapped
Physical network isolation. gateway is the only device with external connectivity. Evidence bundles transferred via removable media for offline verification.
Signing Key Requirements.
| Level | Key Storage | Rotation | Suitability |
|---|---|---|---|
| Minimum | File-based PEM (chmod 0600) | Manual via aga rotate | Development, testing |
| Recommended | HSM (FIPS 140-3 Level 3) or TPM 2.0 | Every 24h or 1,000 receipts | Production, enterprise |
| Maximum | k-of-n threshold across distributed HSMs | Automated, policy-driven | Defense, critical infrastructure |
The ML-DSA-65 + Ed25519 hybrid composite (NIST FIPS 204) is implemented and cross-verified today, and Ed25519 is the live default signature. HSM-backed key custody remains on the roadmap.
Measurement Cadence.
| Deployment Type | Cadence | TOCTOU Window | Rationale |
|---|---|---|---|
| SCADA / ICS | 100ms | 100ms | PLC firmware integrity, actuator state |
| Autonomous Drone | 150-250ms | 150-250ms | Kill-chain governance, ROE compliance |
| AI Agent (MCP) | Per tool call | 0ms | Synchronous decision, zero TOCTOU |
| Container / K8s | 500ms-5s | 500ms-5s | Image hash, runtime config, mount integrity |
Evidence Retention.
Evidence bundles are self-contained and offline-verifiable. Retention periods depend on the applicable compliance framework.
| Framework | Minimum Retention |
|---|---|
| SOX Section 802 | 7 years |
| HIPAA Security Rule | 6 years |
| EU AI Act (Art. 12) | Duration of AI system lifecycle |
| NIST SP 800-53 (AU-11) | Per organizational policy |