For deeper diagrams, see Architecture Diagrams. QWED separates untrusted model translation from deterministic verification so you can enforce AI reliability, tool call verification, and zero-trust policy boundaries at runtime.
Core principle
Translation is useful but untrusted. Verification is the trust anchor.Layered architecture
1) API Gateway
- Authentication and authorization
- Rate limiting and tenancy controls
- Request routing and transport security
2) Translation Layer (untrusted)
- Converts natural language into structured inputs
- Can use any LLM provider (cloud or local)
- Output is always treated as untrusted until verified
3) Verification Engines (deterministic)
| Engine | Purpose |
|---|---|
| Math | Symbolic arithmetic and algebra checks |
| Logic | SAT/SMT verification and constraint solving |
| Code | AST and symbolic security analysis |
| SQL | Query safety and structure validation |
| Schema/Taint/Graph/Stats/Fact/Image/Reasoning | Domain-specific verification paths |
4) Agent security guards
Guards inspect tool calls, contexts, and policy boundaries before execution.| Guard | Purpose |
|---|---|
| RAGGuard | Defends retrieval contexts from injection/poisoning |
| ExfiltrationGuard | Prevents unauthorized data movement |
| MCPPoisonGuard | Validates MCP tool definitions and safety |
| SovereigntyGuard | Enforces data residency and routing policy |
| SelfInitiatedCoTGuard | Checks reasoning flow integrity |
| ProcessVerifier | Milestone-based process validation |
| StateGuard | Deterministic workspace rollback via shadow git snapshots |
5) Attestation and audit
Each verification can emit signed evidence for traceability and compliance workflows.Request lifecycle
Security model snapshot
| Threat | QWED response |
|---|---|
| Hallucinated claim | Rejected or corrected by deterministic check |
| Prompt injection | Translation may be affected, but verifier/guards enforce policy |
| Unsafe code or SQL | Blocked by parser, AST checks, and guard rules |
| Untrusted tool action | Guarded and policy-checked before execution |
Related verification guides
LLM verification
See how QWED validates LLM outputs with formal methods instead of probability-only confidence.
AI agent verification
Apply policy enforcement and pre-execution checks to autonomous agents.
Prompt injection defense
Review production guidance for prompt injection defense and OWASP LLM risks.
MCP security
Secure Model Context Protocol integrations and verify tool execution paths.
Deployment modes
| Mode | Fit |
|---|---|
| Cloud API | Fastest start, hosted control plane |
| Self-hosted | Data control in your VPC/Kubernetes |
| Hybrid | Mix cloud scale with local policy boundaries |