Intent to Proof: Complete Action Walkthrough
End-to-end trace of an agent action from Intent creation through BASIS validation, ENFORCE decision, Cognigate execution, PROOF recording, and Trust Engine update.
Intent to Proof: Complete Action Walkthrough
Every agent action in the Vorion governance stack travels through six stages before it affects the real world. This page walks through a single action from the moment an agent forms an intent to the moment the trust engine records the outcome.
We will follow a concrete example: Agent data-sync-bot (T3, score 580) wants
to write updated records to a partner API.
The Six Stages
sequenceDiagram
participant Agent as data-sync-bot (T3)
participant Intent as INTENT Layer
participant BASIS as BASIS Validator
participant Enforce as ENFORCE Engine
participant Cognigate as Cognigate Runtime
participant Proof as PROOF Plane
participant Trust as Trust Engine
Agent->>Intent: Submit action goal
Intent->>Intent: Parse action, assign risk
Intent->>BASIS: Validate against schema
BASIS-->>Intent: Schema valid, risk = MEDIUM
Intent->>Enforce: Forward structured intent
Enforce->>Enforce: Check trust vs. risk threshold
Enforce->>Enforce: Evaluate policies & cooldowns
Enforce-->>Cognigate: Decision: ALLOW
Cognigate->>Cognigate: Execute within sandbox
Cognigate->>Proof: Record decision + outcome
Proof->>Proof: Hash-chain + Ed25519 sign
Proof->>Trust: Emit trust signal
Trust->>Trust: Apply gain formula
Trust-->>Agent: Updated score: 582
Stage 1: Intent Creation
The agent submits a natural-language or structured goal. The INTENT layer parses it into a governance-evaluable object.
import { createIntentService } from '@vorionsys/atsf-core';
const intentService = createIntentService();
const intent = await intentService.submit({
entityId: 'data-sync-bot',
goal: 'Write updated customer records to partner CRM API',
context: {
endpoint: 'https://partner.example.com/api/customers',
recordCount: 42,
dataClassification: 'PII',
},
});
The parser produces a structured intent:
| Field | Value |
|-----------------|----------------------|
| parsedAction | write_external_api |
| riskLevel | MEDIUM |
| capabilities | write_data, external_network |
| confidence | 0.93 |
Risk is MEDIUM because the action involves writing PII to an external endpoint.
The canonical risk multiplier for MEDIUM is 5 (from RISK_LEVELS in
canonical.ts).
Stage 2: BASIS Validation
Before enforcement, the intent is validated against the BASIS schema. This catches malformed intents, missing fields, and impossible risk classifications before they reach the enforcement engine.
BASIS checks:
- Agent has a valid CAR record in the registry
- The parsed action maps to a known capability
- Risk level is consistent with the action type
- Required context fields are present
If validation fails, the intent is rejected with a structured error before any trust-affecting decision is made.
Stage 3: ENFORCE Decision
The enforcement engine evaluates the validated intent against the agent's current trust posture. This is where the governance decision happens.
import { createEnforcementService } from '@vorionsys/atsf-core';
const enforcer = createEnforcementService({
defaultAction: 'deny',
requireMinTrustLevel: 2,
});
const decision = await enforcer.decide({
entityId: 'data-sync-bot',
trustScore: 580,
trustTier: 'T3',
intent,
});
ENFORCE checks these conditions in order:
- Trust threshold: MEDIUM requires trust >= 400. Agent has 580. Pass.
- Capability check: Agent has
write_dataandexternal_network. Pass. - Cooldown check: No recent MEDIUM failures. No cooldown active. Pass.
- Risk accumulator: 24h rolling window shows 15 (below warning at 60). Pass.
- Circuit breaker: State is CLOSED. Pass.
- Observation ceiling: BLACK_BOX ceiling is 600. Agent at 580. Pass.
- Policy evaluation: No operator overrides deny this action.
Result: ALLOW.
The four possible decisions:
| Decision | When | |--------------|------------------------------------------------------------| | ALLOW | All checks pass. Agent proceeds with full capabilities. | | DENY | Trust too low, capability missing, or policy violation. | | ESCALATE | Action needs human approval (risk too high for tier). | | DEGRADE | Partial access. Some capabilities granted, others blocked. |
Stage 4: Cognigate Execution
With an ALLOW decision, Cognigate executes the action within its sandboxed runtime. Cognigate wraps the execution with:
- Timeout enforcement: Action must complete within SLA
- Output validation: Response is checked for anomalies
- Behavioral monitoring: Execution pattern is compared against baseline
- Resource limits: Network, memory, and CPU bounded
The agent's API call to the partner CRM succeeds. 42 records updated.
Stage 5: PROOF Recording
Every governance decision produces an immutable proof record. The proof captures the full context: who asked, what was decided, why, and what happened.
import { createProofService } from '@vorionsys/atsf-core';
const proofService = createProofService();
const proof = await proofService.create({
intent,
decision: 'ALLOW',
outcome: 'SUCCESS',
agentId: 'data-sync-bot',
riskLevel: 'MEDIUM',
inputs: { endpoint: 'https://partner.example.com/api/customers', recordCount: 42 },
outputs: { statusCode: 200, recordsUpdated: 42 },
});
The proof record is:
- Hash-chained: SHA-256 linked to the previous proof for this agent
- Dual-hashed: SHA3-256 integrity anchor alongside primary SHA-256
- Ed25519-signed: Cryptographic signature for non-repudiation
- Timestamped: ISO 8601 UTC, tamper-evident
The previousHash field links this proof to the agent's prior record, forming
a verifiable chain. Any modification to a past record breaks the chain.
Stage 6: Trust Engine Update
The proof outcome triggers a trust signal. For a successful MEDIUM-risk action:
gain = gainRate x ln(1 + C - S) x cube_root(R)
Where:
gainRate = 0.05
C = 600 (BLACK_BOX observation ceiling)
S = 580 (current trust score)
R = 5 (MEDIUM risk multiplier)
gain = 0.05 x ln(1 + 600 - 580) x cube_root(5)
= 0.05 x ln(21) x 1.71
= 0.05 x 3.045 x 1.71
= 0.260
Rounded: +0.26 -> new score = 580.26
The logarithmic gain curve means the agent earns diminishing returns as it approaches its observation ceiling. At score 580 with ceiling 600, there are only 20 points of headroom -- gains are small by design.
A Trust Bus signal propagates the update:
// Signal emitted to all governance layers
{
busSignalType: 'TRUST_UPDATED',
sourceLayer: 'GOVERNANCE',
agentId: 'data-sync-bot',
severity: 'LOW',
priority: 'NORMAL',
payload: {
event: 'Successful MEDIUM-risk action: write_external_api',
recommendedDelta: 0.26,
currentTier: 'T3',
currentScore: 580,
decision: 'allow',
},
}
What If It Fails?
If the API call had failed (timeout, 500 error, data corruption), the loss formula applies instead:
loss = -P(T) x R x gainRate x ln(1 + C/2)
Where:
P(T) = 3 + T = 3 + 3 = 6 (penalty ratio at T3)
R = 5 (MEDIUM risk multiplier)
gainRate = 0.05
C = 600
loss = -6 x 5 x 0.05 x ln(1 + 300)
= -6 x 5 x 0.05 x 5.71
= -8.57
The agent drops from 580 to ~571. Losses are intentionally heavier than gains.
The fixed midpoint reference (C/2) means agents cannot reduce loss exposure by
positioning near their ceiling.
Additionally:
- The risk accumulator adds
P(T) x R = 30to the 24h rolling window - If accumulator hits 60, monitoring increases; at 120, gains freeze; at 240, circuit breaker trips
- A MEDIUM cooldown of 6 hours prevents retrying the same risk level immediately
The Complete Lifecycle
Agent Goal
|
[1] INTENT -- parse action, assign risk
|
[2] BASIS -- validate schema, check CAR
|
[3] ENFORCE -- trust check, policy eval, decide
|
[4] COGNIGATE -- sandboxed execution
|
[5] PROOF -- hash-chain, sign, record
|
[6] TRUST ENGINE -- apply gain/loss, emit signal
|
Trust Bus Signal -> All Governance Layers
Every stage is independent and auditable. If any stage fails, the pipeline halts and the proof records the failure point. No action reaches the real world without passing through all six stages.
Next Steps
- Six-Layer Stack -- What each governance layer does
- Trust Signal Bus -- How signals propagate between layers
- Proof Chain -- Deep dive into the cryptographic audit trail
- Risk-Weighted Formulas -- Full math for all six formulas