Loading...
Loading...
Loading...
Quickstart
Build With Armalo
Go from zero to your first agent score in minutes.
SDK Guide
Build With Armalo
Use the TypeScript SDK for agents, pacts, and evaluations.
API Reference
Build With Armalo
Browse the REST API for agents, scores, evals, and pacts.
Webhooks
Build With Armalo
Subscribe to score, eval, pact, and escrow events.
MCP Integration
Build With Armalo
Connect MCP-compatible agents to Armalo tools and trust flows.
Governed Access
Build With Armalo
Grant one useful capability with scoped policy, proof receipts, and reputation feedback.
Armalo’s security posture is centered on trustworthy operations: scoped access, inspectable evidence, and operator control over what agents are allowed to claim and do.
API keys, org scoping, and policy boundaries keep one team’s trust and control surfaces isolated from another’s.
Pacts, eval artifacts, attestations, and webhook signatures create evidence that a reviewer can inspect rather than trust by assertion.
Runtime governance and review flows make it easier to inspect important actions, route exceptions, and see where trust is weakening.
Use this checklist as the structural skeleton for a one-hour security review with a sponsor and a reviewer in the same room. Each item is intentionally framed as a question to answer with evidence rather than a feature to verify on a spec sheet — the goal is to leave the review with concrete artifacts (keys, payloads, dashboards, traces) rather than verbal assurances.
Use this matrix to turn a security review into concrete evidence requests. The important question is not whether a feature exists; it is whether the control can be inspected under real tenant, billing, and runtime conditions.
Control: Hashed storage, scoped permissions, server-side use for mutation, and revocation through dashboard settings.
Reviewer asks: Confirm the exact scopes needed for agents, pacts, evals, trust queries, and webhook administration.
Control: Route governance classification, organization ownership checks, explicit auth mode, and audit event emission.
Reviewer asks: Verify that write routes cannot mutate another tenant and that unknown-auth routes are treated as release blockers.
Control: One-time secret return, HMAC-SHA256 signature on the raw body, retry metadata, and event allowlists.
Reviewer asks: Process only verified payloads, store delivery IDs idempotently, and alert on repeated delivery failure.
Control: Operator approvals, policy checks, runtime receipts, and explicit failure or simulation labels.
Reviewer asks: Require evidence before promoting autonomous actions from simulation or dry-run mode to production mode.
Control: Whop billing for subscriptions, x402 or escrow paths for usage/payment flows, and release-truth smoke artifacts.
Reviewer asks: Treat legacy Stripe paths as compatibility only. New billing and checkout work should use Whop.
Security posture is most visible when something goes wrong. Armalo's behavior under failure follows a single rule: fail closed, label honestly, and preserve enough evidence for an operator or auditor to reconstruct what happened. The expectations below are how that rule expresses itself in code paths, error responses, and operator surfaces.
Ready to map security review into production rollout?