System architecture

One control plane.
Twelve agents. Signed reasoning. Reversible action.

Multi-agent, not monolith. A typed message bus carries every decision. A policy gate sits between every agent and any side effect. The reasoning trace is the product — auditors and investors both read it.

Topology

What sits where

   ┌──────────────────────────────────────────────────────────────┐
   │                  Mythal Control Plane                  │
   │     FastAPI · Postgres · Redis · Agent Bus · Policy Gate     │
   └──────────────────────────────────────────────────────────────┘
            ▲                                          ▲
            │                                          │
   ┌────────┴────────┐                        ┌────────┴────────┐
   │   Scanner /     │                        │   Console       │
   │ Advisory Feeds  │                        │   (Next.js 15)  │
   └────────┬────────┘                        └─────────────────┘
            │
   ┌────────▼────────┐
   │ Rail Simulator  │   ← Meridian Continental Railway (MCR)
   │  (MCR estate)   │
   └─────────────────┘

Control plane is one FastAPI process today, with background tasks driving the per-finding pipeline. The agent bus is a Postgres-backed signed table plus a Redis pub/sub channel — every message persists before any side effect runs, which is the audit guarantee.

Data flow

One finding's lifecycle

01

Scanner Liaison

Ingest + canonicalize

02

Threat Intel

KEV · EPSS · exploit

03

Patch Hunter

Vendor fix · reliability

04

Impact Analyst

CMDB · blast radius

05

Change Risk

Window · canary

06

OT Safety Officer

Veto · compensating

07

Planner

Plan + rollback

08

Policy Gate

Auto / single / dual / deny

09

Executor

Apply or wait

10

Verifier

Rescan · health

11

Compliance

Evidence emitted

12

Inventory

Continuous · independent

Policy gate

Seven rules between every agent and any side effect

Rule ID	Name	Decision
`SG-POL-001`	CCS requires dual approval + open window + valid rollback	`dual_approval` or `deny`
`SG-POL-002`	Any OT-zone asset requires OT Safety Officer sign-off + dual approval	`dual_approval`
`SG-POL-003`	IT auto-apply — criticality ≤ Medium, reliability ≥ 0.85, canary peer, window open, rollback valid	`auto_apply`
`SG-POL-004`	Default IT remediation path	`single_approval`
`SG-POL-005`	No exfiltration to non-allowlisted tools	`deny`
`SG-POL-006`	Reversibility required — no approval without validated rollback	`deny`
`SG-POL-007`	Change blackout windows honored	`deny`

Stack

Production tech stack

Backend

Python 3.12 · FastAPI · Pydantic v2 · SQLAlchemy 2.0 · Alembic · Celery · Redis · PostgreSQL 16 (Timescale ext) · OpenSearch.

Agent runtime

Anthropic Claude (Opus 4.7 / Sonnet 4.6) or OpenAI (o4-mini / gpt-4o-mini). Deterministic fallback always available.

Frontend

Next.js 15 · TypeScript · SWR · Recharts · react-flow. Three-theme system (CSX · Salesforce · Aurora).

Auth

OIDC · Auth0 / Keycloak · SAML SSO · OPA for fine-grained authz · separate OT operator role with dual-approval keys.

Infra

Docker · Helm · Kubernetes (EKS / AKS) · Terraform IaC. Optional on-prem appliance via k3s single-VM.

Observability

OpenTelemetry · Prometheus · Grafana · Loki. Structured JSON logging mandatory across every agent.

Security model

Trust boundaries

External feeds (untrusted)

NVD, KEV, vendor PSIRTs, scanner outputs, ticket comments. Wrapped in <untrusted_external> tags in agent prompts. Pre-flight injection classifier flags suspicious patterns.

Customer estate (read-only by default)

The Executor agent is the only component permitted to make state-changing calls, and only after the policy gate has approved.

OT zones (extra-locked)

State-changing actions require OT Safety Officer sign-off, dual approval, open maintenance window, AND tested rollback. All four.

Signed ledger

Every AgentMessage carries an HMAC-SHA256 signature over canonical JSON. Tampering with the audit ledger is detectable.

One control plane.Twelve agents. Signed reasoning. Reversible action.