Architecture Decision Records¶
Key architectural decisions and their rationale. Each ADR follows the standard format: Context, Decision, Consequences.
ADR process
New ADRs use the template. Status values: accepted (implemented), proposed (under review), deprecated, superseded.
Accepted¶
| ADR | Decision | Area |
|---|---|---|
| ADR-0001 | Use Ed25519 for agent identity signatures | Identity |
| ADR-0002 | Four execution rings for runtime privilege separation | Runtime |
| ADR-0003 | Keep IATP handshake under 200ms | Mesh |
| ADR-0004 | Keep policy evaluation deterministic | Policy |
| ADR-0009 | RFC 9334 (RATS) architecture alignment | Standards |
| ADR-0012 | Cost governance via observability policies | SRE |
| ADR-0013 | Fail closed on policy evaluation errors | Policy |
| ADR-0014 | Parent deny rules are immutable in policy merge | Policy |
| ADR-0015 | Pluggable external policy backends via protocol interface | Policy |
| ADR-0016 | Trust ceiling propagation for delegated agents | Trust |
Proposed¶
| ADR | Decision | Area |
|---|---|---|
| ADR-0005 | Add liveness attestation to TrustHandshake | Mesh |
| ADR-0006 | Constitutional constraint layer as community extension | Policy |
| ADR-0007 | External JWKS federation for cross-org identity | Identity |
| ADR-0008 | Cross-org policy federation above identity | Policy |
| ADR-0010 | TEE keystore with SEV-SNP attestation | Security |
| ADR-0011 | Additive policy check contract | Policy |