Documentation | Agent Execution Guard

Technical Guide

Security at Scale

Agent Execution Guard (AXG) provides a deterministic control plane for AI agents. While LLMs are excellent at understanding intent, they lack the reliability required for production writes in financial or critical systems.

AXG bridges this gap by acting as a Zero-Trust Gateway between intelligence and execution.

The AXG Passport

Every authorized action in the ecosystem is wrapped in an AXG Passport. This is a cryptographically signed RS256 JWT that carries the proof of authorization.

Header

{"alg": "RS256", "typ": "JWT"}

Payload (The Proof)

{"iss": "axg", "decision": "ALLOW", ...}

Signature (The Seal)

RS256_CRYPTOGRAPHIC_SIGNATURE_DATA...

{
  "iss": "axg-guard",
  "decision": "ALLOW",
  "payload_hash": "sha256:7a4f...2b1",
  "action": "fin.transaction.create",
  "context": {
    "agent_id": "muai-concierge-v1",
    "risk_score": 0.02
  }
}

Consumers (like FinNorte) verify the signature using AXG's public key before persisting any change to their databases.

Deterministic Core

The fundamental problem AXG solves is Probabilistic Drift. In a standard AI setup, an agent might decide to execute a sensitive action based on a 0.7 confidence score—this is unacceptable for critical infrastructure.

PROBABILISTIC INTENT

"Transfer $100?"

AXG

DETERMINISTIC ACTION

SIGNED PASSPORT

The Guard converts fuzzy AI logic into immutable binary authorization.

AXG enforces a binary execution state:

Policy Validation: Every intent is checked against hard-coded, deterministic rules.
Contextual Guarding: Decisions are audited against user history and risk thresholds.
Tamper-Proof Proof: Once a decision is made, it is signed. If the underlying data changes, the signature breaks.

MUAI Integration

MUAI acts as the Intelligence Layer. It parses user natural language (via WhatsApp, Web, or API) and generates a Proposed Intent.

Intent

Natural Language

Guard

AXG Validation

Signed

Passport Issued

Exec

Secure Write

This intent is sent to AXG, which evaluates it against real-world policies, limits, and risk thresholds. Only after AXG signs the intent does the system proceed with execution.

Official SDKs

Integration is simplified through our official SDKs for Node.js and Python, which handle Passport verification and key management out of the box.

Quick Start (One-Line Integration)

Verify any execution passport with a single call:

// Node.js
const payload = await verifyPassport(token, publicKey);

# Python
payload = verify_passport(token, public_key)

Node.js

npm install axg-node-sdk

Python

pip install axg-python-sdk