Handshake v1.0
Identity & Agent Tokens
TrustGate introduces the concept of Agent Binding. An API key is not just a password; it is a link to a specific Identity, Policy, and Budget.
The Token
Format: tg_sk_...
Used in Authorization: Bearer header. Validated via hash lookup.
The Identity
Each key maps to a specific Agent Name (e.g., "SalesBot"). Logs are tagged with this identity.
The Scope
Keys are bound to a Tenant and a Security Profile.
Handshake v1.0 Protocol
When a request hits the gateway, TrustGate performs a "Handshake" before contacting any LLM.
01
Extraction
Extract Bearer Token from header.
02
Resolution
Lookup SHA-256 hash in Redis/DB. Retrieve AgentID, TenantID, PolicyID.
03
Enforcement
Check Budget > Check Allow-List > Check PII Rules.
04
Injection
Retrieve Provider Key from Vault. Rewrite request headers.