Overview Architecture Theory of Operation
● TECHNICAL DEEP DIVE
FOR PLATFORM ENGINEERS

Platform Architecture

The 5-Plane Sovereign Architecture with verified schema, golden fleet workers, and cryptographic evidence chain.

5
Platform Planes
Golden
Worker Fleet
Governed
Tool Registry
7
Evidence Events
Full
API Surface
Built
Running Today
SOVEREIGN ARCHITECTURE

The 5 Platform Planes

All operations revolve around the Sovereign Core (Identity & Authority). Each plane has an explicit governance primitive that cannot be bypassed.

PLANE 1

Sovereign Platform

The foundational layer: multi-tenant isolation, authentication, authorization, and resource management.

Account Isolation

Strict account_id boundaries. Enterprise-grade isolation at every layer.

Secret Registry

Vault-backed credential management. Account-scoped. Rotation without redeployment.

Audit Logging

All platform actions logged to immutable ledger. Every API call carries account/workspace context.

Governance Primitive: No worker can access data outside its authorized scope.

PLANE 2

Decision Fabric

The execution spine: worker orchestration, policy evaluation, approval gates, and state management. Not a workflow engine—policy-gated orchestration + evidence emission.

Worker Orchestration

Instantiate workers with validated payloads. Deterministic execution.

Policy Gates

Runtime policy checks before any action. Deterministic evaluation.

Approval Gates

HITL authorization. CSM/VP/CFO routing by threshold.

Signal Boundary

Strict separation: ephemeral signals vs. governed decisions.

Governance Primitive: Signals must cross the Signal/Decision Boundary before influencing any governed action.

PLANE 3

Control Plane

The API layer and runtime services. Full RESTful HTTP/JSON surface (OpenAPI 3.0 documented).

Mission Manager

CRUD + lifecycle tracking: DRAFT → ACTIVE → FINALIZED

Worker & Blueprint Registry

Sovereign worker catalog. Blueprint certification state machine.

MCP Gateway

Model Context Protocol routing. Tool governance and capability validation.

PLANE 4

Trust Anchor (Evidence Ledger)

Immutable ledger recording all decisions, approvals, and outcomes with cryptographic integrity.

7-Event Evidence Chain

Hash-chained, ordered events. Cryptographic integrity verification.

Decision Lineage

First-class forensic proof object binding the complete decision path.

Audit Replay

Reconstruct any decision from evidence chain. Non-repudiation proof.

Governance Primitive: Every governed action produces evidence. No evidence = ungoverned.

PLANE 5

Commercial Spine

Billing and outcome tracking. Converts AI-generated value into financial records. Designed for outcome-aligned economics (not seat-based).

Outcome Contracts

Baseline, target, confidence band, measurement period.

Proof Packs

Cryptographically sealed evidence bundles for verification.

Financial Outcomes

Immutable hash-chained ledger entries. Idempotency-keyed.

Attribution Engine

DAG-based credit assignment. PE-grade defensibility.

Governance Primitive: No outcome can be billed without approval evidence.

MARKITECTURE

End-to-End Execution Flow

How a signal becomes a governed, provable outcome. Every path through this architecture produces cryptographic evidence.

ENTERPRISE
Source Systems
CRM · ERP · APIs
Workflows · Data
CONTROL PLANE
API Layer
Mission Creation
Worker Registry
Blueprint Selection
DECISION FABRIC
Policy Evaluation
Policy Gates
Risk Threshold Check
Sovereign Workers
AUTHORITY GATE
Human Escalation
CSM / VP / CFO
Threshold Routing
Approve or Reject
TRUST ANCHOR
Evidence Ledger
Immutable Hash Chain
7-Event Chain
Decision Lineage
COMMERCIAL SPINE
Outcome Measurement
Attribution Engine
Proof Packs
Value Tracking
SDK / API
Integration layer
for policy setup
and worker config
DURABLE WORKFLOW ORCHESTRATION
POLICY ENGINE
Signal Ingestion
Normalize & validate
enterprise data
Policy Evaluation
Deterministic
policy checks
Decision Proposal
Worker analysis
with confidence score
Evidence Sealing
Cryptographic hash chain
& integrity root
IMMUTABLE AUDIT
Append-only ledger
Full replay
Non-repudiation
FAIL-CLOSED · FULL profile refuses to start if services unavailable PHASE-1 · Human approval required for all decisions KILL-SWITCH · Mission/Blueprint/Account revocation
Theory of Operation →
GOLDEN FLEET

The V5.8 Asset Model

How intelligence is delivered: Sovereign Workers, Certified Blueprints, Governed Tools, and Mission Payloads.

Sovereign Workers

Golden Fleet · 4 verticals · Recommend-only (Phase-1)
Revenue — Churn Orch, Deal Coach, Expansion Analyst, Rev Analyst
Compliance — GDPR Officer, SOX Auditor, Policy Guardian
Finance — Finance Auditor, Spend Auditor, Tax Sentinel
Governance — Decision Sentinel (active on every mission)

Output: Decision Proposals (not autonomous actions). Temperature=0, model pinning.

Certified Blueprints

3 blueprints · Immutable · Anti-fork integrity
⭐ Revenue Growth Accelerator

Workers: expansion_analyst + rev_analyst + churn_orch. Churn lock policy.

Expansion Accelerator

C360 signal monetization + pricing + governance gates.

Compliance Drift Sentinel

GDPR officer + SOX auditor + policy guardian. Continuous Authorization.

Lifecycle: DRAFT → CERTIFIED → REVOKED. SHA-256 hash verification (anti-fork).

MCP Tools (Governed Connectors)

Governed tools · Active prompts · Gateway-routed
  • Registry-Managed: All tools registered with metadata and capability scope
  • Capability-Scoped: Explicit read/write/delete permissions per tool
  • Target-Restricted: Whitelisted endpoint URLs only
  • Audit-Bound: Every invocation logged with tool_id, account_id, action

No tool can execute outside its registered capability scope. Unregistered tools are blocked.

Runtime Profiles (Fail-Closed)

3 profiles · 11 feature toggles
DEVwarn mode
Policy optional · Demo allowed
ALPHA_GOVERNEDfail_fast
Policy required · Demo blocked
FULLfail_closed
All required · No fallback

FULL profile: if policy engine, workflow orchestrator, or event backbone unavailable → platform refuses to start.

GUARDRAILS

5 Enforcement Boundaries

No operation can cross a boundary without explicit authorization. Violations are logged to the evidence chain.

Data Boundary

Prevents cross-account data access via account_id scope filters on all queries.

Logic Boundary

Prevents uncertified code execution via Blueprint Certification Engine.

SOR Boundary

Prevents writes to System of Record without approval. Execution boundary + authority level.

API Boundary

JWT authentication + RBAC. Every call carries account/workspace context.

Execution Boundary

Prevents autonomous execution without governance. Authority matrix + policy gates.

NON-NEGOTIABLE

5 System Guarantees

These invariants are enforced architecturally — not by configuration, not by convention. They cannot be bypassed by any user, worker, or administrator.

1
No execution without policy evaluation

Every worker action passes through deterministic policy gates. If the policy engine is unavailable, execution halts — fail-closed by design.

2
No state change without authority record

Every WRITE and EXTERNAL tool invocation requires an authority delegation — either human approval or explicit policy grant. The delegation hash is recorded.

3
No outcome claim without evidence artifact

Every financial or compliance claim produced by the platform is backed by a cryptographically sealed Evidence Bundle — cryptographically signed and hashed.

4
Full account isolation at every layer

Account boundaries are enforced via JWT-derived account_id scoping on every query, every API call, every evidence record. No cross-account data access is architecturally possible.

5
Deterministic governance override enforcement

Kill-switches operate at Mission, Blueprint, and Account levels. Activation is immediate, logged to the evidence chain, and cannot be circumvented by running workers.

These guarantees are verified in the production test suite — not aspirational documentation.

Deployment Models

ARKA AI governs execution wherever it runs. Governance and execution can be deployed independently.

RECOMMENDED

SaaS Control Plane

  • ✓ Zero infrastructure management
  • ✓ Tenant-isolated credentials and evidence
  • ✓ SOC 2–aligned operational controls
SOVEREIGN

BYOC / Sovereign Deployment

  • ✓ Full data and network sovereignty
  • ✓ Customer-controlled encryption keys
  • ✓ FedRAMP, HIPAA, PCI-DSS aligned
HYBRID

Hybrid Control + Execution

  • ✓ Centralized governance, decentralized execution
  • ✓ Compatible with enterprise data platforms
  • ✓ Evidence generated even on external execution
MARKETPLACE

Cloud Marketplace Deployment

  • ✓ AWS, Azure, GCP marketplace
  • ✓ Simplified procurement
  • ✓ Enterprise-approved deployment paths

What ARKA AI Does NOT Do

❌ Autonomous Decision-Making

Enforces policies and routes exceptions to humans. Workers produce proposals, not actions.

❌ Data Replacement

Integrates with existing CRM/ERP/billing. Does not replace Salesforce, SAP, or Stripe.

❌ Model Training on Customer Data

LLM inference uses third-party APIs with zero data retention.

❌ Regulatory Certification

Provides evidence to support audits. Certification is the customer's responsibility.

Ready to Explore ARKA AI?

Most enterprises begin with ARKA Advisors to design governance frameworks before platform deployment.

Consult with Advisors See How It Works →

© 2026 ARKA AI, Inc. All rights reserved. | Patents Pending

PrivacyTermssuccess@arkainc.ai