Autonomous agent systems increasingly trigger real-world side effects: deploying infrastructure, modifying databases, moving money, and executing workflows. Yet most agent stacks provide no mandatory execution checkpoint where organizations can deterministically permit, deny, or defer an action before it changes reality. This paper introduces Faramesh, a protocol-agnostic execution control plane that enforces execution-time authorization for agent-driven actions via a non-bypassable Action Authorization Boundary (AAB). Faramesh canonicalizes agent intent into a Canonical Action Representation (CAR), evaluates actions deterministically against policy and state, and issues a decision artifact (PERMIT/DEFER/DENY) that executors must validate prior to execution. The system is designed to be framework- and model-agnostic, supports multi-agent and multi-tenant deployments, and remains independent of transport protocols (e.g., MCP). Faramesh further provides decision-centric, append-only provenance logging keyed by canonical action hashes, enabling auditability, verification, and deterministic replay without re-running agent reasoning. We show how these primitives yield enforceable, predictable governance for autonomous execution while avoiding hidden coupling to orchestration layers or observability-only approaches.
翻译:自治智能体系统日益频繁地触发现实世界的副作用:部署基础设施、修改数据库、转移资金以及执行工作流。然而,大多数智能体技术栈并未提供强制性的执行检查点,使得组织无法在行动改变现实之前确定性地允许、拒绝或延迟该行动。本文提出Faramesh,一个协议无关的执行控制平面,通过不可绕过的行动授权边界(AAB)对智能体驱动的行动强制执行运行时授权。Faramesh将智能体意图规范化为规范行动表示(CAR),依据策略和状态对行动进行确定性评估,并生成执行器必须在执行前验证的决策结果(允许/延迟/拒绝)。该系统设计为框架无关和模型无关,支持多智能体与多租户部署,并保持与传输协议(如MCP)的独立性。Faramesh进一步提供以决策为中心、仅追加的溯源日志记录,以规范行动哈希为索引,从而实现可审计性、可验证性以及无需重新运行智能体推理的确定性重放。我们展示了这些基础机制如何为自治执行提供可强制实施、可预测的治理能力,同时避免与编排层的隐性耦合或仅限于可观测性的方案。