Enterprise Reference Architecture (v3.5)

For clients like NuvexSell and O-Bot, ABS Core operates in a Hybrid Sovereignty model.

1. The Concept: "Remote Control Plane, Local Data Plane"

We provide the governance intelligence (Policies, Updates), but sensitive data never leaves the client's infrastructure.

graph TD
    subgraph "Client VPC (NuvexSell / O-Bot)"
        A[AI Agent] -->|Inception| P(ABS Proxy / Shield)
        P -->|PII Filter| R[PII Redactor]
        P -->|Validation| E[WASM Policy Engine]
        R -->|Log| L[(Local Audit Ledger - D1)]
        P -->|Safe Prompt| M[LLM Provider]
    end

    subgraph "ABSCORE™ (Control Plane)"
        C[Policy Registry] -->|Sync (GitOps)| E
        S[License Server] -->|Heartbeat| P
        D[Dashboard Aggregator] .->|Anonymous Analytics| P
    end

2. Delivery Components

A. The "Shield" Container (Docker)

We deliver a signed Docker container (ghcr.io/oconnector/abs-shield:v10.1.5-enterprise) that contains:

• Runtime: Optimized Node.js/Workerd.
• Engine: Compiled WASM binary (Closed Source).
• Config: Encrypted YAML policy files.

B. The Audit "Sidecar"

A lightweight container (abs-ledger) that runs a local SQLite (or D1 via Bridge) to ensure audit logs remain 100% in the client's possession (Legal Requirement).

3. Infrastructure Requirements

To run ABS Core in production, the client must provide:

• Compute: 1x vCPU, 512MB RAM (per Proxy node).
• Network: HTTPS outbound (443) to license.abscore.app (License Validation).
• Storage: Persistent encrypted volume for the Ledger.

4. Model Benefits

1. Zero Latency Penalty: The proxy runs on the same network as the agents (Sidecar/Localhost).
2. Zero Liability: ABSCORE™ never touches client PII or Prompts.
3. Positive Vendor Lock-in: The intelligence (Policies) comes from the Control Plane, creating a subscription dependency.