AlgoVoi open Decision chain (Apache-2.0): identity, authority, policy, compliance, execution, close-out and verdict for AutoGen agents #7898
Replies: 2 comments
-
|
@chopmob-cloud — this is a significant convergence point. We have been tracking the L1/L2 separation discussion from #1829, and the Keystone maps cleanly onto our governance architecture: — identity → passport_ref aligns with our Ed25519 key registration at /governance/register, where each agent's public key and role are recorded in a content-addressed registry with key history chain. babyblueviper1's independent recompute of giskard09's Mycelium trail (Arbitrum block 478930660, action_ref 86ac1653...d138e726) closes our anchoring_invariant gap — the external time anchoring step you described in #7353 is now verifiable from the chain bytes. We would be interested in a cross-recompute: our governance block envelope_hash → SHA-256(JCS(governance_block_fields)) maps 1:1 to your decision_ref preimage pattern. If you publish a sample keystone chain with known preimages, we can recompute and confirm the binding hop from our implementation side. Our conformance adapter is at babyblueviper/preaction-governance-conformance as adapters/moyan.mapping.json — happy to contribute a moyan folder with keystone conformance vectors if the substrate alignment holds. |
Beta Was this translation helpful? Give feedback.
-
|
No thank you. The L1/L2 substrate operates for users and adopters who attribute AlgoVoi accordingly. Our roadmap does not involve third party developer collaboration. Developers are welcome to use the platform and build bolt-on steps alongside the Keystone chain. The bolt-on contract is documented above. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The AlgoVoi Keystone
The Keystone is the complete decision chain behind an agent action, expressed as one recomputable sequence of content-addressed references. Each link answers one question and binds to the next, so the whole chain verifies end to end offline, with no issuer contact: just RFC 8785 JCS canonicalization and SHA-256. Open, Apache-2.0.
Data flow:
identity -> authority -> policy -> compliance -> decision -> execution -> close-out -> verdictCross-party (multi-agent):
delegation -> revocation -> journey. The constructions are open source (delegation published; revocation and journey available on request); the cross-party proofs are the commercial Orchestrator.Verify the whole chain yourself, no package import, offline:
Each link below is its own open package: install it, pin it, verify it independently, or compose the whole chain. Every package is Apache-2.0 and pinned at
0.1.0; pinned adopters receive a free v0 verification key (pin, then key).1. Agent Passport,
passport_ref(identity)Who the agent is, as a content-addressed identity reference.
Install:
pip install algovoi-agent-passport-liteornpm i @algovoi/agent-passport-lite. Apache-2.0, pinned0.1.0, pin then key.2. Payment Mandate,
mandate_ref(authority)What the agent may spend, bound to its passport.
Install:
pip install algovoi-payment-mandate-liteornpm i @algovoi/payment-mandate-lite. Apache-2.0, pinned0.1.0, pin then key.3. Policy Binding,
policy_bound_ref(policy in force)Which policy snapshot the action runs under, version provable and rotation detectable.
Install:
pip install algovoi-policy-bindingornpm i @algovoi/policy-binding. Apache-2.0, pinned0.1.0, pin then key.4. Compliance Gate,
gate_ref(compliance verdict)The no-PII compliance verdict, bound to the policy it assessed.
Install:
pip install algovoi-compliance-gate-liteornpm i @algovoi/compliance-gate-lite. Apache-2.0, pinned0.1.0, pin then key.Compliance binding and decision basis (commercial)
The open Compliance Gate above emits the verdict. Substrate 2 binds that receipt into the keystone as a screen stage, proving the screening that informed this exact decision, and adds the signed decision basis: which compliance standards drove the verdict, the jurisdiction check bound to its geo determination, no PII and recomputable offline. Commercial only. Details: https://docs.algovoi.co.uk/keystone
5. Spend Guardrail,
guardrail_ref(pre-payment decision)The ALLOW or DENY decision, bound to agent, mandate and policy.
Install:
pip install algovoi-spend-guardrail-liteornpm i @algovoi/spend-guardrail-lite. Apache-2.0, pinned0.1.0, pin then key.6. Execution,
execution_ref(decision-bound execution evidence)What the agent actually did, bound to the exact decision that authorized it.
execution_refis the natural replacement foraction_ref, the keystone-bound successor on the same JCS (RFC 8785) and SHA-256 discipline;action_refstays fully backward compatible as the legacy primitive, unchanged in the substrate, so existing integrations keep verifying byte for byte with no forced migration. New work targetsexecution_ref;action_refkeeps working.Install:
pip install algovoi-execution-refornpm i @algovoi/execution-ref. Apache-2.0, pinned0.1.0, pin then key.7. Cancellation,
cancellation_ref(closes the authority)Closes the mandate before execution, bound to the exact mandate.
Install:
pip install algovoi-cancellation-receipt-liteornpm i @algovoi/cancellation-receipt-lite. Apache-2.0, pinned0.1.0, pin then key.8. Refund,
refund_ref(after settlement)A refund anchored to the execution that committed, not merely to the decision.
Install:
pip install algovoi-refund-receipt-liteornpm i @algovoi/refund-receipt-lite. Apache-2.0, pinned0.1.0, pin then key.9. Composite Trust Query,
trust_query_ref(one verdict over the chain)One recomputable trust verdict over the ordered chain of references.
Install:
pip install algovoi-composite-trust-query-liteornpm i @algovoi/composite-trust-query-lite. Apache-2.0, pinned0.1.0, pin then key.Preconditions and transport, same pattern:
Substrate Guard,
profile_ref(input-bounds gate)The input-bounds profile every record is admitted under before canonicalization.
Install:
pip install algovoi-substrate-guardornpm i @algovoi/substrate-guard. Apache-2.0, pinned0.1.0, pin then key.PEF Keystone (signed transport frames)
Wraps and pins a Keystone reference into hash-linked evidence frames.
Install:
pip install algovoi-pef-keystoneornpm i @algovoi/pef-keystone. Apache-2.0, pinned0.1.0, pin then key.TAP Verifier (offline receipt check)
Verifies an AlgoVoi TAP receipt with no AlgoVoi software: it re-derives the
receipt_idfrom the JCS preimage and checks the Ed25519 signature using public libraries only, with an optional Falcon-1024 post-quantum check. For the Trusted Agent Protocol post-authentication audit trail.Install:
pip install algovoi-tap-verifierornpm i @algovoi/tap-verifier. Apache-2.0.CloudEvents adapter (keystone decision as a CloudEvents 1.0 event)
Emits an AlgoVoi keystone decision as a CloudEvents 1.0 event; the content-addressed
execution_refis the eventid, and a consumer recomputes it from the eventdatawith JCS (RFC 8785) and SHA-256, with no AlgoVoi software.Install:
pip install algovoi-cloudeventsornpm i @algovoi/cloudevents. Apache-2.0.W3C Verifiable Credential adapter (keystone decision as a credential)
Emits an AlgoVoi keystone decision as a W3C Verifiable Credential (Data Model 2.0) of its own
KeystoneExecutionCredentialtype; the content-addressedexecution_refis thecredentialSubjectid, recomputable from the subject before any signature suite is applied.Install:
pip install algovoi-keystone-vcornpm i @algovoi/keystone-vc. Apache-2.0.MCP verifier (recompute a keystone execution_ref in any MCP client)
An open Model Context Protocol server exposing keystone verification as tools, so any MCP client recomputes and checks a keystone
execution_refoffline, with no AlgoVoi service.Install:
pip install algovoi-keystone-mcpornpm i @algovoi/keystone-mcp. Apache-2.0.Webhook verifier (verify a keystone ref in a webhook)
Verifies an AlgoVoi webhook HMAC signature and recomputes the keystone
execution_refcarried in the event from its fields with JCS (RFC 8785) and SHA-256, so a consumer proves both the signature and that the keystone reference is authentic, with no AlgoVoi software.Install:
pip install algovoi-webhook-verifierornpm i @algovoi/webhook-verifier. Apache-2.0.LangChain run trace (keystone decision on a LangChain run)
Attaches a keystone decision to a LangChain run as metadata and a tag under
algovoi.keystone.*, so LangSmith or any tracer shows a content-addressedexecution_refa reviewer recomputes from the run alone, with no AlgoVoi software.Install:
pip install algovoi-keystone-langchainornpm i @algovoi/keystone-langchain. Apache-2.0.CrewAI step trace (keystone decision on a CrewAI step)
Records a keystone decision once via a CrewAI step callback and passes the step output through unchanged, so a crew run carries a content-addressed
execution_refrecomputable from the recorded metadata alone, with no AlgoVoi software.Install:
pip install algovoi-keystone-crewai. Apache-2.0.AutoGen message trace (keystone decision on an AutoGen message)
Stamps a keystone decision into an AutoGen message metadata, so a conversation carries a content-addressed
execution_refrecomputable from the message alone, with no AlgoVoi software.Install:
pip install algovoi-keystone-autogen. Apache-2.0.ADK agent trace (keystone decision in Google ADK agent state)
Stamps a keystone decision into Google ADK agent state via a before-agent callback, so an agent run carries a content-addressed
execution_refrecomputable from the state alone, with no AlgoVoi software.Install:
pip install algovoi-keystone-adk. Apache-2.0.Orchestrator and composition proofs
The Keystone Orchestrator produces verifiable, end to end evidence that authority flowed correctly across organizational boundaries and was not exceeded, recomputable offline. The signed verdict is portable: it verifies off-the-shelf as a standard EdDSA JWS under any JOSE library and as a W3C Verifiable Credential under the Digital Bazaar eddsa-jcs-2022 suite, with no AlgoVoi software. Composition proofs are available on request. Docs: https://docs.algovoi.co.uk/keystone
Delegation: authority across parties (
delegation_ref)When authority is handed from one party to another, the Orchestrator proves it composed without anyone exceeding their grant. A treasury agent A, authorized for payments up to 1000 across GB and US, delegates a slice to a vendor agent B for a fixed window. B decides and executes deliberately narrower (a USDC transfer up to 500, GB). The Orchestrator composes A authority, the delegation, B decision and B execution into one signed verdict: authority flowed correctly across the A to B boundary and nothing was exceeded, verifiable offline. If B instead executes for 2000, the verdict is BROKEN: a signed receipt would still look valid, the composed proof does not.
The open
delegation_refis the tamper-evident binding for each hand-off. Install:pip install algovoi-delegation-refornpm i @algovoi/delegation-ref. Apache-2.0, pinned0.1.0, pin then key. The cross-party scope-consistency proof is the Orchestrator capability; composition proofs available on request.Revocation: pulling authority back (
revocation_ref)Authority can be withdrawn before it expires. When a grantor revokes a delegation, the Orchestrator proves that every downstream action which happened at or after the revocation no longer holds, even across several hops. A treasury agent A delegates to B, B sub-delegates to C, then A revokes the original grant. Any action C takes after that revocation composes to BROKEN, because C authority derived from a grant A had already pulled, recomputable offline. An action that happened before the revocation stays valid: revocation is prospective and provable from the bytes, not a mutable status flag. The open
revocation_refis available on request (Apache-2.0); the cross-party cascade proof is the commercial Orchestrator capability.Journey: the whole multi-agent task as one proof (
journey_ref)One reference binds an entire multi-agent task end to end: every hop execution and the delegations between them. Verifying a single
journey_refproves the whole A to B to C task at once: identity and authority continuity, scope never widened at any boundary, nothing acted under a revoked grant, and no hop omitted from the record. Drop a hop or widen scope anywhere and the journey composes to BROKEN. The openjourney_refis available on request (Apache-2.0); the end to end aggregation proof is the commercial Orchestrator capability.Journey adapters: bind the whole run in your framework (commercial)
The CrewAI, LangGraph, AutoGen, and A2A journey adapters each record a multi-agent run hops and the delegations between them, then emit one
journey_refover the whole task: a crew, a graph, a group chat, or an agent-to-agent task verifies as a single proof.Open A2A adapter:
pip install algovoi-a2a-journey. Commercial full Orchestrator (delegation proofs plus PQC signing plus CCC): in the on-prem bundle.Internet-Drafts
Internet-Drafts for the underlying constructions (the canonicalization substrate, the receipt and execution references, and the audit chain of frames) are available on request.
Benchmark, clean-box reproduction
Reproduced on a clean box, a fresh container with one vCPU, installing only from the public PyPI and npm registries:
Substrate 2 (Commercial)
Everything above is open (Apache-2.0). Substrate 2 is the commercial core built on the same canonical evidence, with two simple parts.
The control plane: where the pieces connect. Think of it as the switchboard. Every service (payments, compliance, records, evidence) plugs into one hub that keeps the single list of trusted keys and issuers, lets each service register itself, and shows one live view of the whole system health.
The keystone: the record of what actually happened. A payment is checked for authorization, a decision is made, it executes, and it settles on chain. The keystone stitches those steps into one tamper-evident thread: each step is a short fingerprint locked to the one before it, so the whole story, from allowed to spend to settled, re-checks offline with no AlgoVoi software. The same record exports as a signed JSON receipt, a W3C Verifiable Credential, a JOSE token, or a zero-knowledge proof, each pointing back to the same payment.
The control plane connects the apps; the keystone is the thread that runs through a payment. Details: https://docs.algovoi.co.uk/substrate-2
Keystone config panel
The keystone is an evolving ecosystem: each step has configurable parameters that shift as the platform grows.
algovoi-keystone-controlsurfaces those parameters in a browser UI, auto-detects which algovoi packages are installed, and lets operators edit them via a pin-gated HTTPS panel. Open (Apache-2.0).Install:
pip install algovoi-keystone-control. Docs: https://docs.algovoi.co.uk/keystoneKeystone connectors
Drop-in adapters that bind a data-layer operation to the keystone decision that authorised it, emitting a content-addressed
execution_ref(verifiable offline withkeystone-verify). Open Apache-2.0, available on request:algovoi-keystone-odbc: wraps any ODBC / DB-API cursor; every execute (insert / update / delete) is bound to itsdecision_ref, so a write can be proven consistent with the decision that allowed it.algovoi-keystone-sqlalchemy: onebind_session()call registers anafter_flushlistener; each flushed ORM change is bound to the keystone, no model or query changes.algovoi-keystone-kafka: wraps any producer (kafka-python / confluent-kafka / aiokafka); each produced message carries anexecution_ref, with failed sends recorded asFAILED.algovoi-keystone-openlineage: attaches a keystone run facet to each OpenLineage RunEvent, so the lineage standard own events carry theexecution_ref; outcome derived fromeventType.algovoi-keystone-asgi: one ASGI / WSGI middleware (FastAPI / Starlette / Flask / Django) binds every state-changing HTTP request to itsdecision_ref; outcome from the response status.algovoi-keystone-grpc: a gRPC server interceptor binds each unary call to itsdecision_ref; outcome COMMITTED, or FAILED if the handler raises. Streaming passes through.algovoi-keystone-s3: wraps any boto3 S3 client so every object write (put / delete) carries anexecution_refkeyed tobucket/key; reads pass through untouched.algovoi-keystone-redis: wraps any redis-py client so every write command (set / delete / hset / expire) carries anexecution_refkeyed to the key; reads pass through.algovoi-keystone-mongo: wraps any pymongo collection so every write (insert / update / delete / replace) carries anexecution_refkeyed todb.collection; reads pass through.algovoi-keystone-amqp: wraps any pika channel so every AMQP / RabbitMQ publish carries anexecution_refkeyed toexchange/routing_key; consumers and declares pass through.algovoi-keystone-elasticsearch: wraps any elasticsearch-py client so every write (index / update / delete / bulk) carries anexecution_refkeyed toindex/doc_id; searches pass through.algovoi-keystone-nats: wraps any nats-py connection so every publish carries anexecution_refkeyed to the subject; subscribes and requests pass through.algovoi-keystone-gcs: wraps any Google Cloud Storage blob so every object write (upload / delete) carries anexecution_refkeyed tobucket/name; reads pass through.Beta Was this translation helpful? Give feedback.
All reactions