ABS Core Docs

Compliance Attestation Token (CAT)

Mathematical proof of governance evaluation for multi-agent workflows.

Compliance Attestation Token (CAT)

The CAT protocol provides a mathematical guarantee that a specific action was evaluated and approved by the ABS Core engine.

Why it matters

In complex multi-agent systems, "Agent A" might need to prove to "Agent B" (or a human auditor) that its output was checked for security violations. Instead of trusting a simple boolean, CAT provides a signed attestation.

How it works

  1. An agent submits a payload to the ABS Kernel.
  2. The Kernel evaluates the policies.
  3. If ALLOW, the Kernel returns a proofHash.
  4. The Agent issues a CAT (Compliance Attestation Token) containing its own identity and the proofHash, signed with its own private key.

Verification

Any system can verify the CAT using the agent's public key and the ABS Core root certificate:

import { verifyCAT } from '@abscore/sdk';

const isValid = await verifyCAT(token, {
  publicKey: agentPubKey,
  rootCA: absRootCert
});

Policy-as-a-Token (PAAT)

Governance rules embedded in cryptographically signed tokens for air-gapped environments.

MCP Governance Bridge

Native integration for governing Model Context Protocol tool calls.

On this page

Compliance Attestation Token (CAT)Why it mattersHow it worksVerification