ABS Core Docs

Policy-as-a-Token (PAAT)

Governance rules embedded in cryptographically signed tokens for air-gapped environments.

Policy-as-a-Token (PAAT)

PAAT is a cutting-edge protocol designed for high-security environments where network latency is unacceptable or the infrastructure is entirely disconnected (Air-Gapped).

The concept

Standard governance usually requires a round-trip to the absolute core API. PAAT reverses this flow by embedding the policy rules directly inside a cryptographically signed JWT (RS256).

When an agent receives a PAAT, it can execute validations locally using the WASM Sovereign Kernel without any external dependencies.

Key Benefits

  • Zero Latency: Decisions are made in milliseconds within the same process.
  • Offline First: Agents can operate in air-gapped data centers without internet access.
  • Immutable Rules: The policy logic is bound to the token and cannot be modified without breaking the signature.

Usage

1. Generate PAAT via CLI

npx @oconnector/devshield token create --policy ./my-policy.wasm

2. Configure Agent

Provide the token to your agent via environment variable:

export ABS_PAAT="eyJhbGci...signed_token"

The SDK/Proxy will automatically detect the token and switch to Sovereign Mode.

Hallucination Shield

Multi-layer logic analysis to prevent agents from executing actions on false premises.

Compliance Attestation Token (CAT)

Mathematical proof of governance evaluation for multi-agent workflows.

On this page

Policy-as-a-Token (PAAT)The conceptKey BenefitsUsage1. Generate PAAT via CLI2. Configure Agent