| ID | Title | Description | Threat Mappings |
|---|---|---|---|
| CCC.MARefArc.CP01 | User-facing application surface | Presentation and orchestration surface (web, mobile, chatbot, workflow tool, or integrated enterprise system) that captures user intent, forwards requests to the agent layer, and returns agent outputs. | 2 |
| CCC.MARefArc.CP02 | Human-in-the-loop output review | Application-embedded controls that allow users to review, approve, or modify agent outputs before they are executed or shared. | 3 |
| CCC.MARefArc.CP03 | Agent registry and lifecycle management | Catalog of available agents with their capabilities, metadata, and configuration, supporting versioning, lifecycle management, and controlled onboarding of new agents. | 2 |
| CCC.MARefArc.CP04 | Agent request routing | Validates incoming application requests and routes each to the correct agent or agent group, abstracting agent-layer complexity behind a consistent interface. | 0 |
| CCC.MARefArc.CP05 | Agent-ingress zero-trust guardrails | Treats all inputs as untrusted and enforces authentication, authorization, input validation, content filtering, access control, rate limits, and dynamic policy before any request reaches an agent. | 3 |
| CCC.MARefArc.CP06 | Agent collaboration and orchestration patterns | Supports supervisor/worker decomposition, skills-based routing, and agent-as-a-tool handoff for decomposing and executing complex tasks across multiple agents. | 3 |
| CCC.MARefArc.CP07 | Unified sandboxed agent runtime | Secure, sandboxed environment where all agentic reasoning and execution occurs, providing task state management for pause/resume/handoff and intercepting and validating tool calls with credentials handled securely within the sandbox. | 4 |
| CCC.MARefArc.CP08 | Built-in trusted tools | A collection of bundled, trusted tools providing fundamental capabilities: the MCP client bridge to the external MCP layer, a sandboxed shell, workspace I/O, and web search. | 5 |
| CCC.MARefArc.CP09 | Agent memory | Short-term in-session context management (trimming and summarization to control length, cost, and latency) and durable long-term memory across sessions, including session summaries and user/task personalization. | 2 |
| CCC.MARefArc.CP10 | Sandboxed workspace file system | A sandboxed, persistent file system that agents use to read and write files, enabling work with large artifacts. | 1 |
| CCC.MARefArc.CP11 | Adaptive learning | Generates learning signals based on execution outcomes to refine prompts, adjust agent configurations, or improve tool-selection strategies. | 2 |
| CCC.MARefArc.CP12 | Authoritative knowledge source bases | Internal and external repositories of structured data, unstructured documents, and graph-based representations that provide authoritative information for grounding. | 5 |
| CCC.MARefArc.CP13 | Vector-based semantic retrieval | Vector databases providing semantic search and grounding so agents can find relevant information from large text corpora. | 6 |
| CCC.MARefArc.CP14 | Approved-model registry and lifecycle | Catalog of approved models with metadata, version information, configuration parameters, and usage constraints, ensuring agents access only models meeting organizational, regulatory, and security standards. | 10 |
| CCC.MARefArc.CP15 | LLM inference gateway routing | Validates inference requests and routes each to the correct model instance, abstracting model hosting behind a consistent interface. | 3 |
| CCC.MARefArc.CP16 | Model-interaction zero-trust guardrails | Enforces authentication and authorization for every inference request and applies input validation against prompt injection, output filtering and redaction, access control, rate limits, and cost management before and after model execution. | 10 |
| CCC.MARefArc.CP17 | Approved MCP server registry and lifecycle | Catalog of approved MCP servers with metadata, capabilities, configuration, and usage constraints, ensuring agents connect only to servers meeting organizational, security, and compliance requirements. | 1 |
| CCC.MARefArc.CP18 | MCP connection gateway routing | Validates MCP connection requests and routes each to the correct server instance, abstracting MCP connectivity behind a consistent interface. | 0 |
| CCC.MARefArc.CP19 | MCP-interaction zero-trust guardrails | Enforces authentication and authorization for every MCP request and governs which agents may use which tools, applying rate limits and validating tool-call parameters. | 3 |
| CCC.MARefArc.CP20 | Feedback engine | Collects and aggregates structured and unstructured feedback from users, evaluators, and automated systems, including correctness assessments, preference signals, and quality ratings, to inform system improvement. | 2 |
| CCC.MARefArc.CP21 | Human supervision and oversight | Mechanisms for human reviewers to inspect, approve, correct, or override agent outputs, supporting human-in-the-loop and human-over-the-loop workflows for sensitive or high-impact tasks. | 3 |
| CCC.MARefArc.CP22 | Runtime protection | Monitors agent actions and model outputs during execution to detect unsafe, non-compliant, or anomalous behavior, enforcing constraints, blocking disallowed actions, or triggering escalation. | 2 |
| CCC.MARefArc.CP23 | Cross-layer telemetry collection | Captures logs, traces, metrics, and events emitted by every layer to support debugging, auditability, distributed tracing, and operational monitoring across the request lifecycle. | 1 |
| CCC.MARefArc.CP24 | Anomaly detection | Identifies unusual or unexpected patterns across telemetry to surface failures, regressions, misuse, or emerging risks before they impact performance or compliance. | 0 |
| CCC.MARefArc.CP25 | Signal correlation | Correlates signals across logs, traces, metrics, and events into a unified view, connecting symptoms to root causes across cross-layer dependencies. | 1 |
AI/ML / Multi Agent Refarch
Multi-Agent Reference Architecture Capabilities
Version: DEV