Skip to main content

System Overview

How Everything Connects

Zero-trust security architecture connecting AI agents to your tools safely

Zero Credential Exposure

Our Security Guarantee

Zero credential exposure: Clients use gateway tokens only. Real API keys stay encrypted in Vault and are injected server-side during execution.

Component Details

Inside Peta: Core, Console, and Desk

From zero-trust gateway to human-in-the-loop controls

Peta Core

The zero-trust gateway and runtime that intercepts every MCP request, issues short-lived Peta service tokens, keeps external keys sealed in the Vault, and orchestrates managed MCP servers on demand.

Zero-Trust Gateway

Validates identity, policy, and HITL rules before routing any MCP call

Managed MCP Runtime

Transform REST APIs into MCP servers, auto-scale warm pools, and manage lifecycle automatically

Vault & Secret Injection

External credentials stay encrypted server-side; only Peta service tokens reach clients

Peta Console

The control plane for configuring policies and guardrails, provisioning Peta service tokens, and monitoring every MCP workspace from a single dashboard.

Team & AI Management

Grant precise tool access and approval rules per tenant, workspace, or agent

Service Token Lifecycle

Issue, rotate, and revoke gateway-only Peta service tokens without touching external keys

Live Observability

Track usage, costs, and audit trails across every MCP operation

Peta Desk

The desktop application that bundles an MCP client, auto-configuration engine, and human-approval console so end users and hosts connect securely without touching raw credentials.

Works Everywhere

Native desktop experience on macOS, Windows, and Linux

Human-in-the-Loop Controls

Route risky actions for approval; AI suggests, humans decide

Auto Client Configuration

Inject Peta service tokens and MCP configs into ChatGPT, Claude, Cursor, and more without manual JSON edits

IMPLEMENTATION

How Peta Gateway Works

Multi-layered security architecture operating in parallel to protect your credentials

CONNECTION LAYER

Authentication & Session Management

How AI agents connect and authenticate to the gateway:

1AI Agent Request
UsesPeta service token
Never seesReal API credentials
Authenticate
2Token Validation
VerifyJWT signature & expiry
IdentifyUser context & permissions
Proceed
3Session Established
CreateSecure MCP session
TrackAll operations logged

PROCESSING LAYER

Request Validation & Execution

How each request is processed through the gateway:

1Request Validation
Permission checkRBAC/ABAC policies
Rate limitingPer-user/tool quotas
2Credential Injection
JIT decryption30s memory TTL
Server-side onlyNever exposed to client
3Tool Execution
ExecuteWith real credentials
AuditLog all operations
4Secure Response
SanitizeStrip all secrets
ReturnClean data to agent

CONTROL LAYER

Policy Enforcement Mechanisms

Multi-dimensional security controls evaluating every request:

1Risk Assessment
Operation typeRead/Write/Delete classification
Data sensitivityPII/Financial/System detection
2Policy Decision
Rule engineRBAC/ABAC/Custom policies
Context analysisUser/Time/Location factors
3Control Actions
Response typesAllow/Block/Approve/Mask
NotificationsAlert channels & webhooks
4Audit Trail
Log everythingRequest, decision, outcome
ImmutableCryptographic signatures

Specifications

Enterprise-Ready Infrastructure

Key specifications for buyers and technical reviewers

Core Specifications

MCP Protocol
Full compliance with MCP 2025-06-18 latest specification; all standard features supported
Security
AES-256-GCM at rest; memory-only decryption; JIT access; credential injection at gateway
Identity & Access
Zero-trust, RBAC/ABAC, SSO/SAML; rate limiting
Audit & Compliance
Immutable logs; Designed to support SOC 2 Type II and HIPAA requirements; GDPR compliant
Platforms
Linux/Windows/macOS for both clients and servers
Orchestration
Kubernetes 1.21+, Docker; major cloud orchestrators (AWS/GKE/AKS/ECS)
Minimum Requirements
2 vCPU/4GB RAM/20GB SSD (4 vCPU/8GB RAM recommended)
View Full Specifications