top | item 46712203

(no title)

The problem with autonomous agents today isn't that they aren't "smart" enough; it’s that they are fundamentally stochastic, while our infrastructure (SQL, APIs, Shell) is deterministic. You are essentially giving a probabilistic model a direct line to your production environment and hoping "system prompts" act as security. As we found out in 2025, prompts are not a security layer. You cannot safely give a probabilistic model a "delete" key and hope the instructions hold.

We built Faramesh to bridge this gap. It is the first formalized Action Authorization Boundary (AAB) for the agentic web—an open-source, protocol-agnostic execution gate designed to sit between an agent’s reasoning engine and the target system.

In 2025, everyone focused on the "Brain" (the model). In 2026, the bottleneck is the "Nervous System" (execution control). The industry is shifting from Model-mania to Infrastructure-mania; we believe agents shouldn't be "trusted"—they should be governed.

How it works: Unlike existing guardrail libraries that use more LLMs to "check" the first LLM (adding more stochasticity), Faramesh introduces a hard, cryptographic gate. It intercepts agent intent, canonicalizes it into a deterministic byte-stream, and validates it against a strict, logic-based policy engine before any code is executed.

Key Technical Details:

- Deterministic Canonicalization: We found that slight variations in JSON or float representation break audit trails. Faramesh handles lexicographical sorting and float normalization (e.g., ensuring 1.0 and 1.00 produce identical bytes) so that identical intent produces identical hashes.

- The AAB Protocol: This defines what an agent is allowed to do across any medium. Whether targeting REST APIs, gRPC, or raw Shell, the control logic remains the same.

- Zero Trust Execution: The agent never touches the target system directly. It sends a "Proposed Action" to the gate. If the engine is confused or a policy is missing, it fails closed and the action is blocked.

- Cryptographic Hashing: Every authorized action is hashed, creating an immutable, replay-protected audit trail of agent intent.

- SDK-First Integration: We’ve released SDKs for Python and Node.js to make this a drop-in layer for existing LangChain/AutoGen stacks.

We’ve open-sourced the core engine and the SDKs. We’re particularly interested in feedback on our canonicalization logic and the policy engine’s performance overhead.

Paper: https://zenodo.org/records/18296731 GitHub: https://github.com/faramesh/faramesh-core PyPI: pip install faramesh NPM: npm install @faramesh/sdk

discuss

No comments yet.