Five-layer map

How DriftGuard stacks detection, status, policy, remediation, and agent-facing tools into one contract reliability story.

Use this map when explaining DriftGuard to platform teams or investors: each layer is optional to adopt — start at detection, add status gates, then policy and remediation packages.

Layer stack

Diagram: five layers from scheduled watches through MCP agent tools
Conceptual stack — not every deployment enables all five layers on day one.
┌─────────────────────────────────────────────────────────────┐
│ 5 · Agent surface — MCP tools, agentActions, FuseGuard      │
│     compare_json · get_watch_status · preflight · ack       │
├─────────────────────────────────────────────────────────────┤
│ 4 · Remediation — SchemaSync PRs, MockDrift, ToolChange     │
│     human ack · draft PR · CI replay gates                  │
├─────────────────────────────────────────────────────────────┤
│ 3 · Policy — drift presets, block_new_runs, ack-to-unblock  │
│     agent bindings · approval rules (CP-2)                  │
├─────────────────────────────────────────────────────────────┤
│ 2 · Status plane — drift_status, incidents, portfolio       │
│     preflight · GET /api/watches/:id/status                 │
├─────────────────────────────────────────────────────────────┤
│ 1 · Detection — watches, snapshots, diff-core               │
│     breaking / warning / info · MCP tool removal = breaking │
└─────────────────────────────────────────────────────────────┘
         ▲ vendor APIs · OpenAPI · MCP tools/list

Layer 1 — Detection

Watches poll external contracts on a schedule. Snapshots normalize to schema; @driftguard/diff-core classifies changes. Same semantics in OSS CLI and hosted pipeline.

Docs: Watches · Change records

Layer 2 — Status plane

Canonical drift_status per watch, open incidents, and fleet summaries. Orchestrators call preflight before agent runs instead of re-diffing manually.

Docs: Glossary: drift_status · Preflight API

Layer 3 — Policy & governance

Drift policies on agent bindings choose notify-only, ack-required, block new runs, or auto draft PR. Policies gate whether preflight returns 409.

Console: Needs Review hub for incidents awaiting ack.

Layer 4 — Remediation

Human and automated paths to fix or verify contract changes: SchemaSync draft PRs, MockDrift replay in CI, ToolChange manifest lint, FuseGuard loop fuse.

Docs: How-to guides

Layer 5 — Agent surface

MCP server exposes offline diff plus hosted watch status. Every drift change can carry an agentAction string for orchestrators and coding agents.

Docs: MCP tools reference · /agents.md

Adoption paths

Start hereLayers enabledTypical buyer
OSS compare_json in CI1 (local)Developer team
Hosted watches + Slack1–2Platform / SRE
Preflight + policies1–3Agent platform team
Full control plane1–5Production AI agents

Related

  • System architecture — OSS vs hosted split
  • Comparison table
  • Security overview