ABS Core v4.3.1

Octagon Engine Internals

Implementation evidence and mechanics of the Rust-based governance kernel.

Octagon Engine Internals (WASM Core)

Skepticism about AI governance overhead is usually based on "black-box" wrappers. ABS Core solves this by executing a deterministic Rust Kernel compiled to WASM.

1. Enforcement Mechanics (Rust Proof)

The core evaluation logic is implemented in Rust to guarantee memory safety and nanosecond-level performance. This prevents the governance layer from becoming the bottleneck in high-frequency agentic tool calls.

// core/engine-wasm/src/policy_eval.rs
pub fn evaluate_policy_internal(request_json: &str, policy_json: &str, shadow_mode: bool) -> PolicyResult {
    let request: AgentRequest = match serde_json::from_str(request_json) {
        Ok(r) => r,
        Err(_) => return PolicyResult { allowed: false, reason: "Invalid JSON", shadow_mode }
    };

    // Hot Path Check: Intent Hash validation (Sub-millisecond)
    if let Some(expected) = &policy.expected_intent_hash {
        let actual = compute_intent_hash_internal(&request);
        if &actual != expected {
            return PolicyResult { allowed: shadow_mode, reason: "Intent mismatch" };
        }
    }

    // Deterministic validation of Tool Names, Action Verbs, and Token Budgets
    // ... logic continues ...
}

2. Dual-Engine Architecture

LayerTechnologyResponsibility
EnforcementRust / WASMDeterministic, high-speed, blocking decisions.
IntelligenceTypeScript / EdgeAsync semantic analysis (CHI), API routing, Telemetry.

3. Engineering Veracity

The WASM binary is compiled directly from the /core/engine-wasm source in this repository.

  • Binary size: ~180KB (Optimized)
  • Startup time: < 10μs
  • Audit Signature: Ed25519 (OID Integrated)

4. Forensic Isolation Layer (v1.0.0)

To achieve institutional-grade security, the WASM kernel is wrapped in a Forensic Isolation Layer:

  • Worker Thread Sandbox: Each policy evaluation runs in a dedicated Worker thread. This isolates the WASM memory space from the main Hub process.
  • HMAC-SHA256 Signed IPC: Communication between the Hub and Worker is cryptographically secured. Every message includes:
    • timestamp: To prevent stale message processing.
    • nonce: To prevent replay attacks.
    • signature: HMAC-SHA256 hash of the payload using a per-worker shared secret.
sequenceDiagram
    participant Hub as Main Hub Process
    participant Worker as Isolated Worker
    participant WASM as Rust Kernel

    Hub->>Worker: Sign(eval_request, secret, nonce)
    Worker->>Worker: Verify HMAC & Nonce
    Worker->>WASM: Execute(request)
    WASM-->>Worker: PolicyResult
    Worker->>Hub: Sign(result, secret, nonce)
    Hub->>Hub: Verify & Commit to Ledger

This ensures that even if a local process is compromised, the governance engine's integrity remains intact.

Octagon Architecture - Design Principles

Previous Page

ABSClient SDK

Node.js/TypeScript Integration for ABS Core.

On this page

Octagon Engine Internals (WASM Core)1. Enforcement Mechanics (Rust Proof)2. Dual-Engine Architecture3. Engineering Veracity4. Forensic Isolation Layer (v1.0.0)