Technical Architecture

ClearanceFlow Architecture

How ClearanceFlow solves the agent trust problem with Terminal 3 Agent Auth, selective disclosure, and deterministic policy enforcement.

The Problem

Without ClearanceFlow

•AI agents cannot act on behalf of users because there is no trust layer
•Sharing full identity credentials creates massive privacy risks
•No verifiable delegation chain means no accountability
•Autonomous agents with unchecked authority are dangerous

With ClearanceFlow

•Agent acts under verifiable delegated identity via Terminal 3
•Selective disclosure reveals only minimum necessary facts
•Tamper-evident audit trail records every action and decision
•Deterministic policy engine prevents AI bypass of authorization rules

System Architecture

PRESENTATION LAYER

Landing Page

Demo Intake

Delegation UI

Approval Workspace

Audit Trail

Ask AI

Architecture

CORE LOGIC LAYER

AI Extraction (NVIDIA NIM)

Terminal 3 Agent Auth

Selective Disclosure

Policy Engine (Deterministic)

Audit Trail (Tamper-Evident)

Sandbox Executor

EXTERNAL SERVICES

NVIDIA NIM API

Llama 3.1 inference

Terminal 3 T3N SDK

Identity & auth

Terminal 3 Ledger

On-chain verification

Sandbox Network

Test token execution

Request Flow

Upload

User submits invoice/request

AI Extract

NVIDIA NIM parses fields

Delegate

User grants scoped permissions

Verify

Terminal 3 checks delegated identity

Disclose

Only minimum claims revealed

Policy

Deterministic rules validated

Decide

AI recommends, engine decides

Execute

Sandbox token payment

Audit

Tamper-evident record created

Terminal 3 Agent Auth Integration

Agent Identity Establishment

The agent creates a did:t3n identity via the T3N SDK. This identity is registered on-chain and serves as the agent's verifiable credential.

T3nClient → handshake() → authenticate() → DID

Acting-on-Behalf Authorization

A human delegator grants scoped permissions to the agent. The delegation is cryptographically signed and verifiable on the T3N ledger.

Delegator signs → Scope defined → On-chain grant

Selective Disclosure

When the agent needs to verify claims, only the minimum necessary information is revealed. The agent never sees raw personal data — only boolean attestations.

Claim request → Privacy filter → Boolean result

Verifiable Permission Checks

Every action is checked against the delegation scope. The agent cannot exceed its granted authority — this is enforced deterministically, not by AI judgment.

Action request → Scope check → Allow/Deny

AI vs Deterministic Separation

AI-Driven (NVIDIA NIM)

• Document field extraction from invoices
• Request summarization
• Anomaly detection hints
• Approval rationale generation
• Grounded Q&A over system state

Deterministic (Policy Engine)

• Amount threshold validation
• Vendor allowlist enforcement
• Delegation scope verification
• Authorization boundary checks
• Expiry and completeness validation

Privacy Preservation

3/5

Claims Disclosed

Only boolean attestations, no raw data

PII Exposed

Full profile, email, address all redacted

100%

Audit Coverage

Every disclosure logged with purpose

Tech Stack

Frontend

Next.js 15 (App Router)React 19TypeScriptTailwind CSS v4shadcn/uilucide-react

AI / Inference

NVIDIA NIM APIOpenAI-compatible endpointLlama 3.1 8B InstructStructured JSON prompts

Auth / Trust

Terminal 3 T3N SDK@terminal3/t3n-sdkDID: t3n identitySelective disclosure protocol

Validation & Data

Zod schemasTypeScript strict modeIn-memory store (demo)Chain-hash audit trail

← Ask ClearanceFlow Try the Demo →