# How It Works

This page describes toani Vault from a system perspective: how components work together and how a complete Agent call flows across layers.

> For product introduction, see [toani Vault Product Overview](/about-toani/toani.ai.md). For implementation details, see [Credential Stack Technical Architecture](/toani-vault/credential-stack.md).

## Three-Layer Trusted Execution System

toani Vault is the core product in the **Credential Stack** layer of toani.ai's trusted execution system. The entire platform consists of three independent trust layers stacked vertically:

<figure><img src="/files/CuYYQwZAsHaEbXTXROP1" alt=""><figcaption></figcaption></figure>

**Layer responsibilities:**

| Layer               | Core Question                                                         | Key Technology                                                                                                                                                         |
| ------------------- | --------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Identity Bridge     | "Who is this Agent? Who does it represent?"                           | DID binding, zkKYA compliance proof                                                                                                                                    |
| Agent Trust Gateway | "Is this operation allowed? Does it need human approval?"             | Dynamic policy engine, HITL workflow, PASETO Token                                                                                                                     |
| Credential Stack    | "How are credentials securely used, and how are results trustworthy?" | Intel SGX TEE, AES-256-GCM, zkMe Credential W3C VC directed presentation, immudb ([Platform Security Foundations](/about-toani/platform-security.md) Sections 3 and 5) |

## toani Vault Internal Components

<figure><img src="/files/4n94NDBc1kjZe6bcei5R" alt=""><figcaption></figcaption></figure>

## Complete Data Flow: A Bank Statement Query

Below is a complete data flow showing an AI Agent performing a bank statement query through toani Vault:

<figure><img src="/files/Lwzw88P9bEn6CnPWx4zr" alt=""><figcaption></figcaption></figure>

**Key security property**: Credential plaintext exists only in TEE enclave memory during steps 7-9; Agent only touches the output from step 12 throughout the entire flow.

## Complete Data Flow: Identity Verification with zkMe Credential

The following shows an Agent using a zkMe Credential stored in toani Vault to complete identity verification at a bank (zkKYC shown as example; zkPoAI accredited investor verification, AMLMe compliance checks, and other credential types follow the same flow):

<figure><img src="/files/ce3koXrChaKZmv8eZCZ2" alt=""><figcaption></figcaption></figure>

**Key security property**: the W3C VC plaintext exists only in enclave memory during steps 7–10. The Agent receives only the verification summary at step 12; it never touches the user's name, ID number, financial data, or other raw identity fields.

## Multi-Tenant Isolation Model

toani Vault uses a **dual-layer isolation** to ensure strict separation of different tenant data:

<figure><img src="/files/4mAHvWGjsWtqvte6CCFP" alt=""><figcaption></figcaption></figure>

Even if SQL injection bypasses RLS, attackers only gain access to the other tenant's ciphertexts. Without SGX hardware, those ciphertexts cannot be decrypted.

## Audit Observability

Each critical point generates an audit event, forming a complete operation call chain:

<figure><img src="/files/szqBfJ3WFKPqq4mPICSN" alt=""><figcaption></figcaption></figure>

All events are recorded in immudb and queryable via `GET /api/v1/audit/logs`, supporting filtering by Session, Agent DID, Credential ID, and time range. Log integrity can be independently verified through `POST /api/v1/audit/logs/:id/verify`.

## Integration Methods Comparison

| Integration Method | Best For                                 | Documentation                                        |
| ------------------ | ---------------------------------------- | ---------------------------------------------------- |
| **TypeScript SDK** | Node.js environments, LangChain/AutoGen  | [SDK](/toani-vault/getting-started/sdk.md)           |
| **CLI**            | Ops management, script automation, CI/CD | [CLI](/toani-vault/getting-started/cli.md)           |
| **HTTP API**       | Non-Node.js environments, custom clients | [API](/toani-vault/getting-started/api-reference.md) |
| **WebSocket**      | Real-time operation progress push        | [Sandbox](/toani-vault/getting-started/sandbox.md)   |
| **MCP Server**     | Claude / MCP-compatible Agents           | See MCP Server integration documentation             |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.toani.ai/toani-vault/how-it-works.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.