Agent Runtime Governance Control Plane
Watchlight AI Beacon is a comprehensive platform for discovering, securing, and governing AI agent ecosystems. The platform deploys progressively in three tiers.
Tier 1: Discovery & Registry
| Component | Purpose |
|---|---|
| wl-registry | Centralized catalog of AI agents and MCP servers with trust state management |
| wl-registry-frontend | Registry dashboard with interactive topology visualization |
| wl-discover | Network scanner with multi-tier agent framework detection |
Port: 8443 (Registry Dashboard via Caddy)
Tier 2: Authorization
| Component | Purpose |
|---|---|
| wl-apdp | High-performance Cedar Policy Engine with intent-goal authorization |
| wl-apdp-frontend | Policy management dashboard with AI-assisted policy generation |
Port: 443 (Policy Manager via Caddy)
Tier 3: Runtime Governance
| Component | Purpose |
|---|---|
| wl-proxy | Pingora-based governance proxy — transparent policy enforcement on every API call |
| wl-secrets-broker | Policy-enforced secrets management with Ed25519-signed SCTs |
| wl-guardrails | Content safety engine using Rego/OPA policies (coming soon) |
Port: 9443 (Governance Proxy)
Supporting Services
| Component | Purpose |
|---|---|
| Caddy | Auto-TLS reverse proxy (self-signed or Let's Encrypt) |
| OpenBao | In-memory secret management (Vault-compatible) |
| PostgreSQL 16 | Shared database for registry and authorization |
Beacon Dashboard
Two web dashboards provide unified management:
- Registry Dashboard — server monitoring, topology visualization, trust management, config presets, container security metadata
- Policy Manager — Cedar policy authoring, intent/goal management, delegation chains, audit logs, compliance reports
Python SDK
Client libraries for integrating Watchlight with AI agent frameworks:
pip install wl-apdp # Core authorization client
pip install wl-registry # Registry client
pip install wl-apdp[langgraph] # LangGraph integration
pip install wl-apdp[crewai] # CrewAI integration
pip install wl-apdp[autogen] # AutoGen integration
Technology Stack
| Layer | Technology |
|---|---|
| Backend | Rust (Axum 0.7, Tokio, SQLx) |
| Authorization | Cedar Policy Language 4.5.1 |
| Proxy | Pingora (Cloudflare) |
| Database | PostgreSQL 16 |
| Frontend | React 18, TypeScript, Vite 6, Tailwind CSS |
| Python SDK | Python 3.10+, asyncio |
| Secrets | OpenBao (Vault-compatible, in-memory) |
| Observability | OpenTelemetry, Prometheus, structured JSON logging |
Next Steps
- Architecture — Deep dive into system architecture
- Progressive Deployment — Understand the three-tier model
- Quickstart — Deploy Tier 1 in 5 minutes