AETHELFORGESTAGING
Try Axis

SECURITY · ARCHITECTURE

Signed intent. Signed receipts.

Aethelforge is a security surface before it is a marketing surface. The gate is the product.

THE ANSWER

How does Aethelforge secure agent commerce?

Every agent transaction is gated through four layers: signed intent (the consumer agent cryptographically signs what it wants), deterministic policy (the gate runs non-ML code against signed intent, producing an auditable yes/no), cryptographic receipts (every handshake emits a signed record with key + counter-signature + settlement hash), and zero-trust surfaces (nothing takes a payment action without a valid signed path through all three).

word_count=63 · type=definitional

Four layers. Zero ambiguity.

Every agent transaction moves through all four — in order, on every call. If any layer rejects, the transaction does not happen, and the rejection is itself a signed record.

01

Signed intent

The consumer agent signs a structured intent before any network call. The signature covers merchant, amount, SKU, constraints, and expiration. No intent, no handshake.

  • EdDSA
  • intent.sign()
  • x-agent-signature
02

Deterministic policy

The gate runs hand-written policy over the signed intent. No model decides whether to spend money. Every allow or deny path is a branch in readable code, auditable before and after the fact.

  • policy.rego
  • allow()
  • deny()
  • audit.explain()
03

Cryptographic receipts

Every settlement is recorded with the agent signature, the gate counter-signature, the timestamp, the route, and the settlement hash. Receipts are stored indefinitely and queryable in under 100 ms.

  • receipt.signed
  • receipt.counter_signed
  • settlement.hash
  • ops.retain
04

Zero-trust surfaces

Nothing on the network takes a money-moving action without a valid signed path through the three layers above. Not a cron. Not a webhook. Not a human pressing a button in a back office tool.

  • mTLS
  • SigV4
  • signed-exchange
  • ingress-deny-by-default

Operational posture

Key rotation
Agent keys: 90-day default. Gate counter-signing keys: 30-day default. Zero-downtime rotation with an overlap window and signed ops.key.rotate events on every rotation.
Retention
Signed receipts: indefinite. Raw intent payloads: 30 days, then hash-only. PII is never routed through the ops bus.
Revocation
Gate-level, merchant-level, or agent-level. Propagates in under one second via the ops bus. Revocation is a signed event — visible in the public feed and permanent in the audit trail.
Open source
The Forge SDK is MIT-licensed and published under the @agentcommerce namespace on npm. Third parties can inspect signing, verification, and intent construction end-to-end.
Transport
mTLS between merchant SDKs and the gate. SigV4 on AWS control-plane calls. HSTS, 1y max-age, no subdomain pinning until apex DNS is cut over.
Third-party audit
Planned for the first commercial deployment. Pre-production posture is published architecture + open source SDKs + public ops feed.

FAQ

Questions the gate answers.

  1. 01Do models make spending decisions?

    No. Models generate signed intent on the consumer side — "Axis wants to spend $47 on replenishment." The gate decision is deterministic policy: hand-written code that inspects the signed intent and returns allow/deny with an audit explanation. A model never directly authorizes money movement.

  2. 02What gets logged and for how long?

    Every handshake event lands in the ops store: source, type, timestamp, route, first 256 bytes of the signed intent, first 256 of the counter-signature. Retention is indefinite — receipts are the product. Sensitive fields (PII, full card tokens) are never written to the ops bus; they live exclusively in the settlement layer where they are needed.

  3. 03How are signing keys rotated?

    Agent keys rotate on a 90-day default. Gate counter-signing keys rotate every 30 days. Rotation is a zero-downtime operation — old keys remain valid for verification during the overlap window but cannot sign new intent. The rotation event itself emits a signed ops.key.rotate event that is visible in the public feed.

  4. 04What happens during an incident?

    The gate can be revoked per-agent, per-merchant, or globally within seconds. Revocation is a signed event that propagates via the ops bus; every subsequent intent lookup hits the revocation list before any policy runs. The audit trail preserves the pre-revocation history in full.

  5. 05Do you offer penetration testing / SOC 2?

    Aethelforge is in pre-production. A formal third-party audit and SOC 2 posture are on the roadmap alongside the first commercial deployment. Until then, the four-layer architecture, the open source SDKs, and the publicly queryable ops feed are the evidence we operate under.