ABS Core v4.1.0
Architecture

The Octagon Architecture & Proof Chain

The 8-service Cloud Control Plane designed for the Sovereign Accountability Layer, and the Cryptographic Proof Chain.

The Octagon Architecture: NRaaS Control Plane

In ABS Core v4.1.0, the Cloud is strictly a Control Plane. Execution, identity keys, policy enforcement, and the forensic ledger always remain 100% on-premise (Data Plane).

To support the Non-Repudiation as a Service (NRaaS) model, the Octagon Architecture defines the 8 essential cloud services that provide resilience, verifiable timestamps, and global threat intelligence to your local nodes.

1. The 8 Cloud Services (Control Plane)

The ABS Core ecosystem relies on the following 8 managed services:

  1. License Validation Provides cryptographic license tokens for engine operation. Records FULL, GRACE_PERIOD, or AUDIT_ONLY statuses directly into the hash chain.
  2. Engine Updates Continuous delivery of WASM engine improvements and deterministic logic patches without requiring host restarts.
  3. TSA Relay (RFC 3161) Independent temporal proof. Acts as a relay to trusted Timestamp Authorities to seal hash blocks, making them admissible in judicial proceedings.
  4. Threat Intel Real-time distribution of zero-day MCP (Model Context Protocol) vulnerability signatures and malicious tool-call patterns.
  5. Policy Hub Centralized distribution for industry-standard compliance packs (NIST AI RMF, EU AI Act, HIPAA) to local instances.
  6. Backup Vault Optional, zero-knowledge encrypted backups for your SovereignAuditRecord ledgers. Only your Ed25519 keys can decrypt it.
  7. Benchmark & Telemetry Anonymous performance telemetrics processing, comparing your local latency (e.g., P99: 0.015ms) against global baselines to detect degradation.
  8. Priority Support Enterprise SLAs (down to 4-hour MTTR) for governance-blocking incidents and custom integration engineering.

2. The Local Core Modules (Data Plane)

While the Octagon provides cloud control, the physical evaluation of every AI agent action occurs locally across these core components:

  • OID: Sovereign Ed25519 Identity
  • ABS: WASM Policy Sandbox / Gateway
  • LEDGER: SHA-256 Hash Chain
  • And auxiliary anomaly detection systems (ARCHAEO, CHI, CORTEX).

The Proof Chain (NRaaS Lifecycle)

The core mechanism of Non-Repudiation is the Proof Chain. Every single tool call intercepted by the ABS Core Gateway goes through this precise cryptographic lifecycle:

graph TD
    subgraph Agent ["AI Agent"]
        INTENT["Intent / Tool Call"]
    end

    subgraph ABS_Core ["ABS Core (On-Premise)"]
        OID["1. OID Verify (Ed25519)"]
        PRE["2. Pre-hash"]
        WASM["3. Policy Evaluation (WASM)"]
        LEDGER["4. Ledger Commit (SHA-256)"]
    end

    subgraph Cloud ["Octagon Cloud"]
        TSA["5. TSA Seal (RFC 3161)"]
    end

    INTENT --> OID
    OID --> PRE
    PRE --> WASM
    WASM --> LEDGER
    LEDGER --> TSA
  1. OID Verify (Ed25519): The engine confirms the cryptographic identity of the agent attempting the action.
  2. Pre-hash: A snapshot of the context, prompt, and requested parameters is hashed before passing it to evaluation.
  3. Policy Evaluation (WASM): The deterministic sandbox executes the policy rules (Fail-Closed default).
  4. Ledger Commit (SHA-256): The evaluation result (ALLOW/DENY), execution time, and engine_fingerprint are cryptographically sealed into the local immutable ledger.
  5. TSA Seal (RFC 3161): Periodically or per-transaction, the block is sent to the TSA Relay for an independent timestamp.

WASM Behavioral Kernel

Deep dive into the ABS Core governance engine -- deterministic execution, memory isolation, and the Rust-to-WASM compilation strategy.

ABSClient SDK

Node.js/TypeScript Integration for ABS Core.

On this page

The Octagon Architecture: NRaaS Control Plane1. The 8 Cloud Services (Control Plane)2. The Local Core Modules (Data Plane)The Proof Chain (NRaaS Lifecycle)