> ## Documentation Index
> Fetch the complete documentation index at: https://docs.uselayerup.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Agents Overview

> Layerup AI Agents are sovereign, containerized reasoning workloads that deploy entirely within your private cloud — no SaaS boundary, no shared infrastructure, no egress to Layerup.

# 0 — Agents overview — sovereign deployment, governed inference, zero-egress architecture.

Layerup AI Agents are not a SaaS product. They are a containerized, tenant-isolated reasoning workload that you deploy, own, and operate entirely inside your existing private cloud infrastructure — whether that is Amazon Web Services, Microsoft Azure, or Google Cloud Platform.

The agents drop into your environment the way any enterprise container workload does: procured through a cloud marketplace, delivered into your private registry, executed inside your VPC, and governed by your own native cloud security tooling. At no point does application data, underwriting logic, inference output, or audit telemetry cross the boundary into Layerup-controlled infrastructure during production operation.

| attribute        | value                                                                    |
| ---------------- | ------------------------------------------------------------------------ |
| deployment model | Private VPC / VNet — your cloud account, your network                    |
| procurement      | AWS Marketplace · Azure Marketplace                                      |
| inference        | Amazon Bedrock · Azure OpenAI — within your cloud tenant                 |
| data residency   | Zero-egress — no application data leaves your network boundary           |
| security posture | No-new-perimeter — operates within the controls you already own          |
| configuration    | Agent Operating Procedure (AOP) — version-controlled, human-readable     |
| audience         | Enterprise Architecture · Information Security · Underwriting Governance |
| document version | v1.0 · June 2026                                                         |

***

## 0.1  The five sovereign guarantees

Every Layerup AI Agent deployment is built around five structural guarantees that cannot be configured away.

<CardGroup cols={2}>
  <Card title="Sovereign Tenancy" icon="shield-halved">
    Your agent runs exclusively within your cloud account. No compute, memory, network space, or data storage is shared with any other Layerup customer — or with Layerup itself. The agent is provisioned inside your VPC on AWS or your VNet on Azure and never leaves it.
  </Card>

  <Card title="Zero-Egress Data Residency" icon="lock">
    Application packets, medical records, financial statements, LLM inference calls, reasoning chains, confidence scores, and audit logs all stay inside your network boundary. No copy of any production data is transmitted to Layerup's infrastructure at any time.
  </Card>

  <Card title="No-New-Perimeter" icon="diagram-project">
    The agent does not introduce a net-new security surface. It operates entirely within the IAM policies, network controls, encryption keys, and compliance tooling your security team has already established. Amazon Inspector, Bedrock Guardrails, CloudWatch, Azure Defender — these are your tools, configured by your team.
  </Card>

  <Card title="Least-Privilege Identity" icon="user-lock">
    The agent container is granted only the specific, enumerated permissions required for its defined workflow — nothing more. A dedicated IAM Execution Role (AWS) or User-Assigned Managed Identity (Azure) is scoped to specific S3 buckets, SQS queues, Bedrock model ARNs, and CloudWatch Log Groups. Broad administrative access is architecturally excluded.
  </Card>

  <Card title="Governed Inference" icon="scale-balanced">
    All LLM inference is routed through Amazon Bedrock or Azure OpenAI — managed services operating within your cloud tenant under your data processing agreements. Your team configures and manages the AI safety guardrails (Bedrock Guardrails / Azure AI Content Safety) that govern every inference call. Layerup does not configure, manage, or bypass these controls.
  </Card>

  <Card title="Deterministic Audit" icon="receipt">
    Every agent reasoning step, source citation, model response, guardrail evaluation, and output decision is written to your own observability infrastructure — CloudWatch Logs or Azure Monitor — in structured, queryable format. The audit trail is immutable, append-only, and retained for a minimum of seven years. It belongs to you.
  </Card>
</CardGroup>

***

## 0.2  What this is not

<Warning>
  Layerup AI Agents are not a SaaS API, a shared inference endpoint, or a third-party service that your data is sent to. If any proposed integration requires sending application data to a Layerup-controlled endpoint during production operation, that is a misconfiguration. The sovereign deployment model is the only production model Layerup supports for regulated enterprise customers.
</Warning>

The agent is also not a rules engine or a workflow automation script. It is a reasoning workload — one that reads your documents, applies your underwriting logic as expressed in its Agent Operating Procedure, invokes foundation models under governed constraints, and produces structured, evidence-cited, confidence-scored outputs. The human underwriter retains decision authority at every stage of the rollout.

***

## 0.3  Architecture at a glance

The following diagram describes the full boundary of the Layerup AI Agent within an AWS deployment. The Azure topology is structurally identical, with equivalent managed services.

```mermaid theme={null}
flowchart TB
  subgraph yourcloud ["Your Cloud Account (VPC / VNet)"]
    subgraph intake ["Intake Layer"]
      S3IN[S3 Input Bucket<br/>CMK-encrypted]
      SQS[SQS Intake Queue]
    end
    subgraph compute ["Agent Compute — Private Subnet"]
      AGT[Layerup Agent Container<br/>Bedrock AgentCore / ECS Fargate / AKS]
      AOP[(Agent Operating Procedure<br/>version-controlled config)]
    end
    subgraph inference ["Governed Inference"]
      BDR[Amazon Bedrock<br/>VPC Endpoint]
      GRL[Bedrock Guardrails<br/>configured by your team]
    end
    subgraph output ["Output Layer"]
      S3OUT[S3 Output Bucket<br/>structured JSON]
      CWL[CloudWatch Logs<br/>immutable audit trail]
      SQS2[SQS Completion Queue]
    end
    SOR[Systems of Record<br/>Policy Admin · CRM · DMS]
  end

  MKTPL[AWS Marketplace<br/>container image delivery] -->|signed OCI image| ECR[ECR Private Registry]
  ECR -->|pull within account| AGT
  S3IN --> AGT
  SQS --> AGT
  AOP --> AGT
  AGT --> BDR
  BDR --> GRL
  GRL --> BDR
  AGT --> S3OUT
  AGT --> CWL
  AGT --> SQS2
  SQS2 --> SOR

  classDef boundary fill:#fafafa,stroke:#111,stroke-width:1.5px,color:#111;
  classDef store fill:#f4f4f2,stroke:#111,color:#111;
  classDef external fill:#fff,stroke:#555,stroke-dasharray:4 4,color:#333;
  class yourcloud,intake,compute,inference,output boundary;
  class S3IN,S3OUT,CWL,SQS,SQS2,AOP store;
  class MKTPL external;
```

*Fig. A0.1 — Full deployment boundary. Everything inside the outer box is your cloud account. Layerup has no access to any resource inside the boundary after the initial container image delivery.*

***

## 0.4  How this document is organised

This documentation set covers six architectural domains in detail. Each section is intended for the relevant function in your enterprise architecture review:

<CardGroup cols={2}>
  <Card title="Deployment Architecture" icon="building" href="/agents/deployment/options">
    On-premises, private cloud, or Layerup-hosted cloud — compare all three deployment models, HIPAA obligations, and go-live timelines. For Enterprise Architecture and Network Security.
  </Card>

  <Card title="Infrastructure & Compute" icon="server" href="/agents/deployment/compute">
    Container image delivery, private registry integration, pre-deployment security scanning, execution environments, and compute scaling model. For Platform Engineering.
  </Card>

  <Card title="Security & Governance" icon="shield" href="/agents/security/iam">
    IAM least-privilege model, AI guardrails, encryption standards, vulnerability management, and supply chain security. For Information Security and Compliance.
  </Card>

  <Card title="Data & Integration" icon="arrows-left-right" href="/agents/data/pipeline">
    End-to-end data flow, event-driven ingestion, document processing, output schema, and write-back integration patterns. For Integration Architecture.
  </Card>

  <Card title="Observability & Resilience" icon="chart-line" href="/agents/observability/telemetry">
    Telemetry architecture, deterministic audit trails, log retention, error handling, and fallback protocols. For IT Operations and Internal Audit.
  </Card>

  <Card title="Configuration & Lifecycle" icon="gears" href="/agents/lifecycle/aop">
    Agent Operating Procedure onboarding, configuration as code, CI/CD pipeline, and safe deployment strategies. For Platform Engineering and Underwriting Governance.
  </Card>
</CardGroup>