Standards and compatibility

Axtary's product surface is the local content-authorization path: normalize the exact action, decide before execution, issue an ActionPass for an allow, and write tamper-evident ledger evidence. Standards work is kept thin around that path so customers can evaluate Axtary beside the policy and agent-control systems they already track.

Agent Control shim

Axtary includes a credential-free Agent Control-style conformance shim for pre_tool_call and post_tool_call envelopes.

Run it locally:

axtary acs conformance

The check uses deterministic vectors:

  • an allowed Slack tool call routes through Axtary policy, receives a signed ActionPass, executes a fixture handler, and writes authorization plus execution ledger records;
  • a non-allowlisted channel is denied before handler execution;
  • an external-recipient message returns step_up / escalate without provider execution.

Truth boundary: this is a local conformance adapter over Axtary's existing runtime. It is not a hosted Microsoft integration or a claim of certification. See spec/agent-control-shim-v0.md.

AgentCore and Cedar

axtary test-policy --parity runs the same fixtures through the native evaluator, Cedar, and Rego. The report also includes an offline AgentCore Cedar-shaped Gateway request mapping: OAuth-user tags, Gateway action/resource, tool input, and Axtary action/payload hashes.

axtary test-policy --parity --json

Truth boundary: this proves that Axtary can export the normalized action into a Cedar-shaped AgentCore Gateway authorization request. It does not deploy an AWS AgentCore Gateway policy or claim live AWS enforcement.

MCP SEP draft

Axtary publishes a draft MCP Specification Enhancement Proposal for payload-bound authorization and signed tool-definition provenance: spec/sep/mcp-payload-bound-authz-and-definition-provenance.md.

The draft is grounded in the implemented MCP provenance profile (spec/mcp-tool-provenance-v1.md): signed definition hashes, publisher keys, version-chain checks, and payload-bound invocation. It is intentionally labeled as an Axtary draft until the MCP community process accepts or changes it.

Truth boundary: signed tool definitions prove who published a definition and which version changed. They do not prove the tool is safe and do not detect or prevent prompt injection.