ABS Core Docs

Core Concepts

Understanding the ABS Governance Model

Core Concepts

The Governance Loop

ABS operates on a continuous loop of Monitor, Evaluate, and Act.

  1. Monitor: Capture events from agents (Prompts, Tool Calls, API Requests).
  2. Evaluate: Run events through the Policy Engine and Trust Layer.
  3. Act: Enforce the decision (Allow, Block, Redact, Escalate).

Key Components

Magic Proxy

The Magic Proxy is a transparent HTTP reverse proxy that intercepts all agent-to-LLM traffic. It is deployed at the edge (Cloudflare Workers, 300+ locations).

Pro-Tip: The proxy can inject provider API keys server-side via the Secret Vault, so agent code never touches real credentials.

  • Endpoint: https://api.abscore.app/v1/proxy (replaces your LLM provider's base_url)
  • Required Headers: Authorization: Bearer <ABS_PAT>, standard LLM request headers
  • Provider Failover: If the upstream LLM provider is unreachable, the proxy returns a 502 Bad Gateway with a structured error body including the trace ID. Requests are never silently dropped.

Elite Kernel (Policy Engine)

The Elite Kernel is the decision engine — a Rust binary compiled to WebAssembly that runs synchronously on every intercepted request.

  • Input: Structured event envelope (agent ID, action type, payload hash, entropy score, semantic intent)
  • Output: A Decision Envelope containing the verdict (ALLOW, DENY, HOLD, SLASH) plus the matched rule ID and trace
  • Policy Format: JSON-based policy contracts versioned per agent. See Policy Authoring for the schema and examples.

Forensic Ledger

The Forensic Ledger is an append-only, hash-chained (SHA-256) audit trail. Every governance decision is recorded as an immutable entry.

  • Mechanism: Each entry contains the event hash, decision, timestamp, and the hash of the previous entry — forming a Merkle chain. This ensures tamper evidence: modifying any entry invalidates all subsequent hashes.
  • Fields per Entry: event_id, agent_id, action, verdict, rule_id, timestamp, payload_hash, prev_hash, signature
  • Retention: Configurable per workspace (default: 90 days). Enterprise plans support unlimited retention with cold storage export.
  • Export: Available via the Events API (GET /v1/events) or CSV export from the Dashboard.

Bond (Financial Accountability)

A Bond is a financial collateral mechanism for high-stakes agent deployments. When an agent is "bonded," a monetary amount is staked against policy compliance.

  • Creating a Bond: POST /v1/agents/:agentId/bond with { amount: 1000, currency: "USD" }
  • State Change: Bonding activates SLASH mode for that agent. Policy violations trigger automatic fund deduction (slashing).
  • Revoking a Bond: DELETE /v1/agents/:agentId/bond — releases remaining funds. Requires admin role. Pending violations must be resolved first.

Trust Hierarchy

Policies are applied in layers:

  1. Kernel Layer (Highest): Immutable invariants (e.g., "Never expose private keys").
  2. Profile Layer: Domain-specific rules (e.g., "Financial", "Healthcare").
  3. Workspace Layer: Team specific rules (e.g., "Dev Environment allow-list").

Agent Identification

To enforce stateful policies (like velocity), ABS must identify the "agent". We use the following priority for AgentID:

  1. Metadata Field: Explicit agent_id or user_id in the event payload.
  2. Auth Token: Extracted from Authorization header.
  3. IP Affinity: Hash of the incoming IP (Fallback).

In v4.8.1, we recommend providing an explicit agent_id in the request metadata for highest accuracy across multi-device sessions.

The Envelope Protocol

All decisions are wrapped in a Decision Envelope (ADR-008). This ensures that every Allow/Block decision is:

  • Cryptographically Signed: Cannot be forged.
  • Traceable: Linked to a specific Event ID and Trace ID.
  • Auditable: Stored in the immutable Write-Ahead Log.

Entropy & Semantic Intent

ABS uses two real-time analysis techniques on every intercepted payload:

  • Shannon Entropy: Measures the randomness/information density of the payload. High entropy (>4.5 bits/char) suggests obfuscated content (base64-encoded data, encrypted payloads, steganographic tunnels). Triggers a HIGH_ENTROPY flag for the Kernel to evaluate.
  • Semantic Intent: A specialized small language model classifies the purpose of the request (e.g., "data retrieval", "financial transaction", "deletion"). This classification is compared against the agent's allowed action types in its policy contract.

Quickstart

Govern your first agent in 5 minutes

Architecture Deep Dive

How Elite AI Governance works under the hood - WASM kernel, hash-chain ledger, and zero-trust enforcement

On this page

Core ConceptsThe Governance LoopKey ComponentsMagic ProxyElite Kernel (Policy Engine)Forensic LedgerBond (Financial Accountability)Trust HierarchyAgent IdentificationThe Envelope ProtocolEntropy & Semantic Intent