Standards and compatibility
Axtary's product surface is the local content-authorization path: normalize the exact action, decide before execution, issue an ActionPass for an allow, and write tamper-evident ledger evidence. Standards work is kept thin around that path so customers can evaluate Axtary beside the policy and agent-control systems they already track.
Agent Control shim
Axtary includes a credential-free Agent Control-style conformance shim for
pre_tool_call and post_tool_call envelopes.
Run it locally:
axtary acs conformance
The check uses deterministic vectors:
- an allowed Slack tool call routes through Axtary policy, receives a signed ActionPass, executes a fixture handler, and writes authorization plus execution ledger records;
- a non-allowlisted channel is denied before handler execution;
- an external-recipient message returns
step_up/escalatewithout provider execution.
Truth boundary: this is a local conformance adapter over Axtary's existing
runtime. It is not a hosted Microsoft integration or a claim of certification.
See spec/agent-control-shim-v0.md.
AgentCore and Cedar
axtary test-policy --parity runs the same fixtures through the native
evaluator, Cedar, and Rego. The report also includes an offline AgentCore
Cedar-shaped Gateway request mapping: OAuth-user tags, Gateway action/resource,
tool input, and Axtary action/payload hashes.
axtary test-policy --parity --json
Truth boundary: this proves that Axtary can export the normalized action into a Cedar-shaped AgentCore Gateway authorization request. It does not deploy an AWS AgentCore Gateway policy or claim live AWS enforcement.
MCP SEP draft
Axtary publishes a draft MCP Specification Enhancement Proposal for payload-bound
authorization and signed tool-definition provenance:
spec/sep/mcp-payload-bound-authz-and-definition-provenance.md.
The draft is grounded in the implemented MCP provenance profile
(spec/mcp-tool-provenance-v1.md): signed definition hashes, publisher keys,
version-chain checks, and payload-bound invocation. It is intentionally labeled
as an Axtary draft until the MCP community process accepts or changes it.
Truth boundary: signed tool definitions prove who published a definition and which version changed. They do not prove the tool is safe and do not detect or prevent prompt injection.