Architecture Overview
Runplane uses a two-plane architecture that separates configuration and management (Control Plane) from runtime evaluation and enforcement (Runtime Plane).
┌─────────────────────────────────────────────────────────────┐
│ CONTROL PLANE │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Policy │ │ Agent │ │ Audit & Approval │ │
│ │ Editor │ │ Registry │ │ Management │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ RUNTIME PLANE │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Canonical │ │ Policy │ │ Execution │ │
│ │ Action │──▶│ Engine │──▶│ Gateway │ │
│ │ Mapper │ │ │ │ │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ TOOL PROVIDERS │
│ Stripe │ AWS │ Database │ Slack │ Custom APIs │
└─────────────────────────────────────────────────────────────┘Control Plane
The Control Plane handles configuration, management, and observability. It is not in the critical path of execution decisions.
Policy Configuration
Define rules that map action types to decisions. Policies specify conditions under which actions should be allowed, blocked, or require approval.
Agent Registry
Register AI agents with specific roles and permissions. Each agent receives an API key and is bound to applicable policies.
Audit Dashboard
View decision history, approval queues, and execution logs. All decisions are recorded with full context for compliance.
Runtime Plane
The Runtime Plane evaluates every action request in real-time and enforces policy decisions before execution.
Canonical Action Mapper
Normalizes tool calls from any framework into canonical action types. This abstraction enables provider-agnostic policy enforcement.
stripe.charges.create → create_chargePolicy Engine
Evaluates the canonical action against applicable policies. Computes risk score and determines decision: ALLOW, BLOCK, or REQUIRE_APPROVAL.
Execution Gateway
Enforces the policy decision. On ALLOW, invokes the tool. On REQUIRE_APPROVAL, pauses and waits for human decision. On BLOCK, returns error.
Execution Flow
- 1
Agent initiates tool call
LLM decides to execute a tool with specific parameters
- 2
SDK wraps execution with guard()
Tool call passes through Runplane before reaching the provider
- 3
Action mapped to canonical type
Provider-specific call normalized for policy evaluation
- 4
Policy engine evaluates
Deterministic decision based on configured policies and context
- 5
Decision enforced
Tool executes (ALLOW), waits for approval (REQUIRE_APPROVAL), or is blocked (BLOCK)
- 6
Decision logged
Full audit trail recorded with context, decision, and outcome
Canonical Terminology
guard()Primary SDK function for execution governance
canonical actionNormalized action type for policy evaluation
execution gatewayRuntime enforcement point for decisions
safety gateDeterministic checkpoint before execution
policy engineRule evaluation and decision computation
approval workflowHuman-in-the-loop decision process
Security Model
- •All API communication encrypted via TLS 1.3
- •Agent authentication via API keys with role-based scoping
- •Multi-tenant isolation with organization-level data separation
- •Audit logs immutable and cryptographically verifiable
- •Execution context never stored beyond audit requirements