Architecture

System Overview

┌─────────────────────────────────────────────────────────────────┐
│                         AVON Architecture                        │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│   ┌─────────┐  ┌─────────┐  ┌─────────┐                         │
│   │ Agent 1 │  │ Agent 2 │  │ Agent N │    Endpoints             │
│   └────┬────┘  └────┬────┘  └────┬────┘                         │
│        │            │            │                                │
│        └────────────┼────────────┘                                │
│                     │  UDP 4600 (Post-Quantum Encrypted)          │
│              ┌──────▼──────┐                                      │
│              │   Gateway   │  Load Balanced Entry Point           │
│              └──────┬──────┘                                      │
│                     │  gRPC (mTLS)                                │
│   ┌─────────────────┼─────────────────┐                          │
│   │                 │                 │                           │
│   ▼                 ▼                 ▼                           │
│ ┌──────┐      ┌─────────┐      ┌──────┐                         │
│ │ Auth │      │  Pulse  │      │  CA  │    Control Plane         │
│ └──────┘      └─────────┘      └──────┘                         │
│                     │                                             │
│   ┌─────────────────┼─────────────────┐                          │
│   │                 │                 │                           │
│   ▼                 ▼                 ▼                           │
│ ┌────────────┐ ┌──────────┐ ┌───────────────┐                   │
│ │  Policy    │ │  Admin   │ │  PostgreSQL   │                   │
│ │  Engine    │ │  API     │ │  + Redis      │                   │
│ └────────────┘ └──────────┘ └───────────────┘                   │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘

Components

Component	Language	Purpose	Scaling
Gateway	Rust	UDP entry point for all agent connections. Handles packet validation, rate limiting, and connection multiplexing.	Horizontal, stateless (3+ replicas)
Auth Service	Rust	Agent authentication, session token generation, credential verification.	Horizontal, stateless
CA Service	Rust	Post-quantum certificate issuance and revocation using Dilithium signatures. Integrates with HSMs.	Limited horizontal (2 replicas), stateful
Pulse Service	Rust	Continuous session verification via heartbeat protocol. Manages token rotation and dead session cleanup.	Horizontal, stateless
Policy Engine	Python/FastAPI	Attribute-based access control (ABAC) evaluation. Context-aware authorization decisions.	Horizontal, stateless
Admin API	Python/FastAPI	RESTful management interface for agent, policy, and session administration.	Horizontal, stateless
Agent	Rust	Single-binary endpoint client. Establishes encrypted tunnels, manages TUN interface, and maintains heartbeats.	One per endpoint

Data Layer

PostgreSQL 14+ — persistent storage for agents, sessions, certificates, and policies
Redis 7+ — session caching and ephemeral state

Both support managed cloud services (AWS RDS, Cloud SQL, ElastiCache, Memorystore) or self-hosted deployments.