ARIA Shield

Overview

ARIA Shield is the runtime enforcement product for SPAs and AI providers (formerly BFF). It enforces stream‑time caps, leakage guards, and budget/402 semantics under PDP constraints. It is complemented by the ARIA MCP Gateway for agent→tool enforcement.

What to expect here

• Explanation: concepts, architecture, and threat model
• How‑to: common tasks and integrations
• Reference: APIs, configuration, and operations

Related

• Services overview: /docs/services/index
• Marketing overview: /docs/marketing/index
• ARIA Shield (formerly BFF):
  • Explanation: /docs/services/bff/explanation/llm-dynamic-model-routing
  • How‑to (Budgets): /docs/services/bff/how-to/llm-routing-budgets
  • Reference (Config): /docs/services/bff/reference/llm-routing-config
  • Reference (PDP): /docs/services/bff/reference/llm-routing-pdp
• ARIA MCP Gateway:
  • Index: /docs/services/mcp-gateway/index

Guides & specs

• Patent portfolio: ARIA Patent Portfolio – Attorney Brief
• PM overview (no‑code): ARIA — Agent Risk & Identity Authorization
• PM exec overview: ARIA – Product Management Overview
• Seven controls (plain language): ARIA’s Seven Controls
• Deep dives:
  • Tool Schema Attestation
  • Privacy‑Preserving Capability Proofs
  • Behavioral DNA (BDNA) Monitoring
  • Receipt Chains (Immutable Audit)
• Architecture & profile: ARIA – Intro & Architecture
• Placeholder (TBD): Guide 3

Competitive notes

• SPA security: Curity’s Token Handler positions an OAuth agent + API gateway proxy issuing secure HTTP‑only cookies and translating them to tokens at the gateway. Source: Curity Token Handler
• Our positioning: ARIA Shield + ARIA MCP Gateway with centralized PDP mapping, SSE pre‑checks, per‑service token brokering, and enterprise observability. See: marketing/competitive.md and services/bff/explanation/bff_gateway.md.