FAQ

Frequently Asked Questions (FAQ)

Quick answers to common questions about ARAL. Organized by audience and topic for easy navigation.

For Beginners
For Developers
For Architects
For Security Teams
For Enterprise
Contributing & Community

For Beginners

What is ARAL?

ARAL (Agent Reference Architecture Layers) is an open standard that defines how to build AI agents using a structured 7-layer architecture. Think of it as a blueprint for creating secure, scalable, and compliant AI agents.

Why do I need ARAL?

Without ARAL:

Reinvent the wheel for each agent
Security vulnerabilities
No standard testing
Hard to scale

With ARAL:

Proven architecture patterns
Built-in security (60 requirements)
Conformance testing
Easy to scale and integrate

Is ARAL free to use?

Yes! ARAL is completely free and open:

Code: Apache 2.0 License
Specifications: Creative Commons CC BY 4.0
No vendor lock-in: Use any LLM, any cloud, any language

How long does it take to learn?

30 minutes: Understand concepts + first agent
2-3 hours: Build complete agent with capabilities
6 hours: Production-ready multi-agent system

What programming languages are supported?

Language	Status	SDK Version
Python	Production	v1.2.0
TypeScript	Examples	Community
Go	Examples	Community
Rust	Planned	v1.3.0
Java	Planned	v1.4.0

Recommendation: Start with Python for production use.

For Developers

Which profile should I choose?

Quick Decision:

ARAL-CORE: You’re learning or building a standalone agent
ARAL-ORCH: You need multiple agents working together
ARAL-INTEROP: You’re integrating with external enterprise systems

Can I use ARAL with LangChain/AutoGen/CrewAI?

Absolutely! ARAL is designed for interoperability:

# Example: Wrap LangChain in ARAL
from langchain.chains import LLMChain
from aral import Capability

langchain_chain = LLMChain(...)

@Capability(id="langchain_search")
async def search(query: str) -> dict:
    result = await langchain_chain.arun(query)
    return {"results": result}

See Framework Comparison Guide for detailed migration paths.

How do I handle secrets securely?

Never hardcode secrets! Use vault references:

# ❌ WRONG: Hardcoded secret
API_KEY = "sk-1234567890abcdef"

# ✅ CORRECT: Vault reference (ARAL-S-080)
capability = Capability(
    id="api_call",
    secrets=["vault://aws/secrets/api-key"]
)

Supported Vaults:

AWS Secrets Manager
Azure Key Vault
HashiCorp Vault
Google Secret Manager

What’s the performance overhead?

Key Insights:

ARAL overhead: ~75ms (excluding LLM call)
LLM call dominates: ~500ms
Total: Comparable to other frameworks (< 5% difference)

How do I test my agent?

# Install validator
pip install aral-validator

# Validate conformance
aral-validate ./my-agent.py --profile ARAL-CORE

# Run test suite
aral-test ./my-agent.py --coverage

Expected Output:

✅ ARAL-CORE Conformance: PASS
├─ L1 Runtime: ✅ 15/15
├─ L2 Memory: ✅ 12/12
├─ L3 Capabilities: ✅ 18/18
├─ L4 Reasoning: ✅ 10/10
└─ L5 Persona: ✅ 13/13

Can I use multiple LLM providers?

Yes! ARAL is LLM-agnostic:

# Multi-LLM routing (ARAL-L4-MLM-*)
from aral import MultiLLMRouter

router = MultiLLMRouter(
    providers={
        "openai": "gpt-4",
        "anthropic": "claude-3",
        "local": "llama-3"
    },
    routing_strategy="cost"  # or "latency", "quality"
)

agent = ARALAgent(persona=persona, llm_router=router)

See Multi-LLM Orchestration Guide for details.

For Architects

How does ARAL scale horizontally?

ARAL-ORCH (L6) provides built-in horizontal scaling:

Features:

Load balancing (ARAL-L6-004)
Circuit breakers (ARAL-L6-007)
Shared memory via Redis/Memcached
Stateless agent pods (Kubernetes-ready)

What’s the recommended deployment architecture?

Cloud-Native (Kubernetes):

┌─────────────────────────────────────────┐
│          Ingress / API Gateway          │
└────────────────┬────────────────────────┘
                 │
      ┌──────────┴──────────┐
      │   L7: Protocol      │  (1 pod)
      │   ARAL-INTEROP      │
      └──────────┬──────────┘
                 │
      ┌──────────┴──────────┐
      │   L6: Orchestrator  │  (2 pods)
      │   ARAL-ORCH         │
      └──────────┬──────────┘
                 │
      ┌──────────┴──────────┐
      │   L1-L5: Agents     │  (10+ pods)
      │   ARAL-CORE         │
      └─────────────────────┘

See Integration Scenarios for AWS, Azure, GCP patterns.

How do I integrate with existing systems?

Three integration patterns:

Pattern	Use Case	Complexity
API Gateway	REST/GraphQL APIs	⭐ Simple
Message Queue	Async workflows	⭐⭐ Medium
Database	Direct data access	⭐⭐⭐ Complex

Example: API Gateway Integration

# L7: Expose agent via REST API
from aral import ARALAgent, RestAPI

agent = ARALAgent(...)

api = RestAPI(
    agent=agent,
    endpoints=[
        "/chat",
        "/capabilities",
        "/health"
    ]
)

api.run(host="0.0.0.0", port=8000)

What’s the TCO compared to custom solutions?

ARAL Savings:

50% reduction in compliance costs (built-in)
70% reduction in security implementation
40% faster development time

For Security Teams

Is ARAL secure by default?

Yes! ARAL includes 60 security requirements (ARAL-S-*):

What security standards does ARAL comply with?

Standard	Compliance	Notes
OWASP LLM Top 10	✅ All mitigated	Input sanitization, prompt injection guards
ISO 27001	✅ Aligned	Security controls documented
SOC 2 Type II	✅ Ready	Audit trail requirements met
NIST AI RMF	✅ Compliant	Risk management framework
GDPR	✅ 32 requirements	Right to erasure, data portability

How does ARAL prevent prompt injection?

Multi-layered defense (ARAL-S-040):

Can ARAL be audited?

Comprehensive audit trail (ARAL-T-*):

ARAL-T-001: All requests logged with trace_id
ARAL-T-005: Persona changes tracked
ARAL-T-007: Capability executions logged
ARAL-T-009: Security events recorded

Export formats: JSON, CEF, Syslog

# Query audit trail
aral-audit query --from="2026-01-01" --event-type="security"

For Enterprise

Is ARAL enterprise-ready?

Yes! v1.2.0 is production-ready:

Feature	Status	Evidence
Test Coverage	93.34%	249/249 tests passing
Security	60 requirements	OWASP Top 10 mitigated
Privacy	32 requirements	GDPR compliant
Standards	ISO/NIST aligned	Certification program Q2 2026
Support	Commercial available	Email: enterprise@aral-standard.org

What compliance certifications does ARAL have?

Current (v1.2.0):

Self-certification available
ISO 42001 aligned (AI Management)
NIST AI RMF compliant
GDPR ready

Planned (v1.3.0 - Q2 2026):

Official ARAL certification program
Third-party security audit
SOC 2 Type II report

Can ARAL work in air-gapped environments?

Yes! ARAL supports offline deployment:

# Use local LLM (no internet required)
from aral import ARALAgent, LocalLLM

llm = LocalLLM(model_path="./llama-3-8b.gguf")

agent = ARALAgent(
    persona=persona,
    reasoning_engine=llm,  # Local, no API calls
    capabilities=[...],
    memory_backend="sqlite"  # Local database
)

Supported local LLMs: Llama, Mistral, Phi, GPT4All

What’s the migration path from legacy systems?

Phased approach:

Phase 1 (2-4 weeks): Wrap existing agents as ARAL Capabilities
Phase 2 (1-2 months): Add ARAL security, memory, orchestration
Phase 3 (2-3 months): Rebuild natively in ARAL (optional)

See: Framework Comparison Guide for detailed migration paths.

Contributing & Community

How do I contribute?

Easy 4-step process:

Sign the CLA: Contributor License Agreement (documentation coming soon)
Follow Code of Conduct: CODE_OF_CONDUCT.md (documentation coming soon)
Choose an issue: Good First Issues
Submit PR: Contributing Guide (documentation coming soon)

How do I propose major changes?

Use the RFC (Request for Comments) process:

Create RFC document from template (RFC process documentation coming soon)
Submit as PR to GitHub repository
Community discussion (2 weeks minimum)
Technical Oversight Committee (TOC) review
Decision: Accepted, Rejected, or More Discussion Needed

Recent RFCs:

RFC-001: Multi-LLM Routing ✅ Accepted
RFC-002: Persona Hot-Swapping ✅ Accepted
RFC-003: WebAssembly Runtime 🚧 Under Review

Where can I get help?

Response Times:

Discord: Coming soon
GitHub Discussions: 1-2 days (maintainers)
GitHub Issues: 2-3 days (priority-based)
Email Support: Via GitHub for now

Who maintains ARAL?

Governance Structure:

┌─────────────────────────────────┐
│      IbIFACE Foundation         │
│     (Standard Custodian)        │
└────────────┬────────────────────┘
             │
   ┌─────────┴─────────┐
   │  Technical        │
   │  Oversight        │
   │  Committee (TOC)  │
   └─────────┬─────────┘
             │
   ┌─────────┴─────────────┐
   │                       │
┌──┴──┐               ┌────┴────┐
│Core │               │Community│
│Team │               │Members  │
└─────┘               └─────────┘

See: Governance Documentation (coming soon) for full details.

Additional Resources

Documentation

Getting Started - 10-minute quickstart
Architecture Guide - Visual diagrams (coming soon)
Framework Comparison - vs LangChain/AutoGen/CrewAI
Tutorials - 6-hour learning path (coming soon)

Specifications

ARAL Core - 68 requirements (L1-L5)
ARAL Security - 60 security requirements
ARAL Privacy - 32 privacy requirements
Integration Scenarios - 13 patterns

Community

GitHub Discussions
Discord Server (coming soon)
Twitter/X (coming soon)
LinkedIn (coming soon)

❓ Didn’t Find Your Answer?

Ask the community:

Search existing discussions
Create a new discussion
Discord - Coming soon for real-time help

Average response time: 24-48 hours

FAQ