ABS Core v4.3.3

Changelog

Product evolution notes for the ABS Core runtime governance project.

Changelog

This changelog distinguishes between:

  • implemented runtime changes,
  • deployment-specific capabilities,
  • early-access items,
  • and product direction.

It should not be read as proof that every item below is production-ready across all deployment models.

v4.3.3 — Industrial Suite Hardening (Current Stable)

This release focuses on Structural Static Analysis and Zero-Fallback Isolation, elevating the ABS Core to an industrial suite standard for high-stakes governance.

  • AST-Based Skill Audit: Replaced regex-based scanning with a structural scanner in `skill-audit.ts`. It normalizes code (strips comments, de-escapes unicode/hex, bracket-to-dot notation) before auditing, defeating polymorphic obfuscation.
  • Strict Air-Gapped Sandbox: Implemented `ABS_SANDBOX_STRICT_MODE` in `state-04-sandbox.ts`. In high-stakes environments, the system now blocks execution if microVM (Firecracker) or Docker isolation is unavailable, preventing unsafe subprocess fallbacks.
  • Octagon Unification: Completed the transition of all 8 pillars (OID, AICCP, QUORUM, CHI, LEDGER, ARCHAEO, CORTEX, OCS) into a unified workspace root at `/PROJETO`, interlinked via pnpm workspaces.
  • Cross-Pilar Hardening: Integrated CHI's vaccination logic (PII redaction) directly into CORTEX's long-term memory flow.
  • MCP Unified Pipeline: Refactored the MCP Security Gateway (`mcp-gateway`) to use the full 11-stage NRaaS pipeline for every tool call.

v4.3.3 — Institutional Readiness Release

This release focuses on Institutional-Ready Hardening and Forensic Integrity, finalizing the transition to a production-grade sovereign engine.

  • HMAC IPC (GAP-15): Integrated WorkerMessageAuth (HMAC-SHA256) for authenticated IPC between Hub and Workers, preventing injection attacks.
  • Worker Isolation: Enforced strictly isolated Worker Threads for the WASM kernel, preventing memory leakage between tasks.
  • HSM Soberania (GAP-16): Full integration of hsmSignFn for cryptographic operations, ensuring keys never touch the host memory.
  • Persistence Layer: Preliminary support for SQLite-backed persistent nonces for replay protection.
  • Global Branding: Unified versioning (v4.3.3) across Landing Page, Documentation, and Audit reports.

v4.3.3 — Sovereign Hardening Release

v4.3.3 — The Octagon Release (March 2026)

This major release consolidates the Octagon Architecture as the industrial standard for autonomous agent governance, transitioning from the 7-pillar Heptagon to a complete 8-pillar resilient framework.

  • Octagon Architecture (8 Pillars): Integration of ARCHAEO (Forensic Archaeology) as the 8th central pillar for historical lineage and retroactive intelligence.
  • Production-Ready: Moved from "Beta" to "Production Stable" across all enforcement modules.
  • Unified Global Identity: Consensus on v4.3.3 across all components (Landing, Docs, CLI).
  • Runtime Hardening: Enhanced deterministic integrity for enterprise deployments and WASM-native execution.
  • Sovereign Memory: Implementation of Persistent Context Pack (INV-004) for resilient long-term memory.
  • Emoji Purge: Replaced status emojis with professional [OK]/[WIP] technical markers.
  • LexarAPFS Persistence: Optimized data durability mapping for resilient hardware volumes.

v3.0.0 — Heptagon Protocol (Feb 2026)

This release established the 7-pillar enforcement model (Heptagon) as the basis for agent governance.

  • Protocol Unification: High-availability enterprise engine pilot.
  • WASM Transition: Initial deployment of the Rust-based evaluation kernel for Sidecar nodes.
  • Latency Tiering: Formal distinction between Kernel Logic and Network propagation (1.2ms median evaluation).
  • Forensic Ledger: Stabilization of the SHA-256 hash-chaining mechanism for audit logs.

v2.0.0 — Edge Core (Nov 2025)

  • Edge Deployment: Transitioned the governance gateway to geo-distributed Cloudflare Workers.
  • Event Persistence: Global persistence strategy for governed execution paths using D1.
  • Early Prototype: Introduction of basic policy enforcement and telemetry.

Reading guide

When reviewing older change entries, use the following interpretation:

  • A named capability may indicate implementation work, partial availability, or product direction.
  • Deployment-sensitive features should not be assumed to exist identically in every customer topology.
  • Security, compliance, and sovereignty claims always depend on the actual runtime path, integration depth, and environment configuration.

LEDGER: Forensic Ledger

Forensic decision trail for governed execution, focused on evidence preservation and tamper-evident sequencing.

On this page

Changelogv4.3.3 — Industrial Suite Hardening (Current Stable)v4.3.3 — Institutional Readiness Releasev4.3.3 — Sovereign Hardening Releasev4.3.3 — The Octagon Release (March 2026)v3.0.0 — Heptagon Protocol (Feb 2026)v2.0.0 — Edge Core (Nov 2025)Reading guide