Enterprise
Argentor ships enterprise-grade infrastructure — RBAC, multi-tenancy, quotas, compliance modules, and a readiness endpoint — without external plugins.
Readiness Endpoint
A single endpoint reports the complete deployment posture:
GET /api/v1/enterprise/readiness
Example response:
{
"version": "1.3.0",
"posture": "ready",
"score": 71,
"runtime": {
"skills_registered": 42,
"active_connections": 0,
"active_sessions": 0,
"uptime_seconds": 60
},
"checks": [
{
"id": "rest_api",
"category": "runtime",
"title": "REST API mounted",
"status": "active",
"detail": "REST management endpoints are available under /api/v1."
}
],
"next_actions": [
"Wire deployment-specific auth, SSO, rate limits, and approval policy."
]
}
Check statuses
| Status | Meaning |
|---|---|
| active | Verified against the running gateway instance |
| available | Compiled in, ready to wire for a deployment |
| attention | Missing runtime wiring or failed runtime check |
RBAC & Permissions
Role-based access control is built into argentor-security. Each agent runs with an explicit PermissionSet that controls which skills it can invoke and which resources it can access.
use argentor_security::{PermissionSet, Capability};
let permissions = PermissionSet::builder()
.allow(Capability::FileRead)
.allow(Capability::WebFetch)
.deny(Capability::ShellExec)
.build();
let runner = AgentRunner::new(config, registry)
.with_permissions(permissions);
Multi-Tenancy
The gateway supports multi-tenant deployments where each tenant has isolated sessions, separate rate limits, and audited access logs.
- Per-tenant API keys with independent quotas
- Session isolation — one tenant cannot read another's conversation history
- Per-tenant audit trails exportable to SIEM (JSON/CEF)
- Per-key rate limiting configurable at the gateway level
Compliance Modules
The argentor-compliance crate ships four compliance frameworks out of the box:
| Module | Coverage |
|---|---|
| GDPR | Data subject requests, retention policies, audit logs, PII scanning |
| ISO 27001 | Access control evidence, incident logging, asset registry |
| ISO 42001 | AI risk register, model governance, human oversight hooks |
| DPGA | Data processing agreements, transfer impact assessments |
Security Guardrails
The 6-layer GuardrailEngine runs on every request and response:
- PII detection — names, emails, phone numbers, credit cards, SSNs
- Prompt injection — jailbreak patterns, instruction overrides
- Toxicity — harmful, violent, or discriminatory content
- Shell injection — command metacharacters in tool arguments
- Base64 exfiltration — encoded payloads in outputs
- Unicode smuggling — homoglyphs, zero-width characters
let guardrails = GuardrailEngine::builder()
.with_pii_scanning(PiiScanMode::RedactAndLog)
.with_prompt_injection(InjectionMode::Block)
.with_toxicity_threshold(0.8)
.build();
Observability
Argentor exposes first-class observability without external plugins:
- Prometheus metrics at
/metrics— latency histograms, skill call counters, guardrail hit rates - OpenTelemetry traces — every agent turn, skill call, and LLM request is a span
- Structured audit log — JSON/CEF, queryable, SIEM-exportable
- Health endpoint at
/health— liveness + readiness signals
Quotas & Rate Limiting
cargo run -p argentor-cli -- serve \ --bind 0.0.0.0:8080 \ --rate-limit-per-key 1000/min \ --max-concurrent-sessions 500 \ --token-quota-per-day 10000000
Human-in-the-Loop
The orchestrator supports approval gates — pause execution and wait for a human decision before a specific skill executes:
use argentor_orchestrator::ApprovalPolicy;
let policy = ApprovalPolicy::require_approval_for(vec![
"shell_exec",
"file_delete",
"api_key_rotate",
]);
let orchestrator = Orchestrator::new(config)
.with_approval_policy(policy);
Smoke Test
cargo test -p argentor-gateway --test regression_api enterprise_readiness
Production Deployment
See the full deployment guide for Docker, Kubernetes, Helm, and multi-region setups: