Registry

Agent Registration & Discovery

Maintains a real-time inventory of every agent in your organization. Detects shadow AI by correlating behavioral telemetry, and scores each agent's potential blast radius before it can cause harm.

Broker

Credential Issuance & Secret Vault

Issues short-lived, task-scoped tokens signed with RSA-2048. Each token carries only the permissions the task requires — nothing more. Secrets are stored encrypted and scoped per-workspace.

Enforcer

Policy Enforcement & Authorization

Evaluates every authorization request against configurable Rego policies using Open Policy Agent. Decisions factor in agent identity, org context, revocation status, and current blast-radius score.

Guardian

Revocation & Kill-Switch

Hard-kill or soft-suspend any agent globally in under 500ms. Revocation propagates to all Enforcer instances immediately. Designed to fail closed — when in doubt, access is denied.

Control Plane

Dashboard at ctrl.beak.thebirdling.com

Web-based control plane for your team: agent registry with shadow AI alerts, credential monitor, policy editor, incident console with one-click kill, and a filterable audit log. Operator login via email + TOTP MFA.