Core Concepts
Key concepts and boundaries for understanding ABS Core.
Core Concepts
This page defines ABS Core in precise terms so the system is not confused with a general agent framework, generic observability product, or broad compliance solution.
Core Concepts
This page defines ABS Core in precise terms, distinguishing it from general agent frameworks or broad compliance products.
The Governance Loop
The system operates on a four-stage deterministic loop:
- Intercept: Catch a governed action (API call or tool use) before it reaches the target.
- Evaluate: Check policy inputs, risk signals, and identity context.
- Enforce: Block (
403), Allow, or Hold for approval. - Record: Log the outcome and evidence asynchronously in the Ledger.
Core Pillars
Interception Path
Governance only exists where an execution boundary is monitored. ABS Core achieves this via Gateways (Proxy), Sidecars, or SDKs.
Policy Engine (WASM)
The deterministic core of the system. It evaluates rules written in DSL/Rego using a high-speed Rust-powered WASM runtime, ensuring < 5ms execution.
Identity & Origin (OID)
Cryptographic attribution that ensures every action is tied to a specific, verified agent identity.
Unified Ledger
A tamper-evident audit trail that provides a "single source of truth" for all governed interactions, supporting regulatory reporting and forensic analysis.
Deployment Models
- Managed Gateway: Zero-setup interception by overriding the LLM base URL.
- Enterprise Sidecar: Local enforcement for air-gapped or high-performance on-prem environments.
- VPC Deployment: Full control over data boundaries and private keys.
Practical Interpretation
ABS Core is not a framework for building agentsâit is the runtime control layer that ensures those agents remain safe, compliant, and within budget.