ABS Kernel — Authorized Agent Governance

Governance layer for AI coding agents in fintech, healthtech, and regulated compliance environments.

This extension brings the ABS Core Sovereign Governance Runtime into your IDE. It intercepts agent actions, evaluates them against cryptographically versioned policies, and produces immutable proof anchored on Polygon L2 — the same runtime used in production critical deployments.

Compatible IDEs

IDE	Status
VS Code	Native — Marketplace
Cursor	Compatible — manual VSIX install
Windsurf	Compatible — manual VSIX install
VSCodium	Compatible — Open VSX
GitHub Codespaces	Compatible — install from Marketplace
GitHub Copilot	Compatible

What It Does

The extension enforces the ABS Core governance model at the IDE level. Every significant agent action — file write, command execution, tool call — passes through the governance kernel before it reaches the file system or network.

Smart Target Detection: Automatically identifies IDE configuration files, AI rule sets (.cursorrules, .windsurfrules), infrastructure manifests, and secret files. Classifies by sensitivity before scanning.

Dependency Scanner: Analyzes package.json and requirements.txt against known vulnerability databases. Reports severity levels (critical, high, medium) before code reaches production.

Workspace Scan: Recursive project scan using the offline WASM kernel — no network required. Every finding is logged to the immutable Write-Ahead Log.

File Scan: Governs the currently active editor file against the active policy contract.

Governance Sidebar: Visual interface for API configuration, connectivity test, and Enterprise Mode toggle.

Deployment Modes

Offline / Local (default): WASM kernel runs entirely inside the IDE. No network required. Policy enforcement is deterministic — same input, same verdict, always.

Enterprise: Connects to https://api.abscore.app (or your self-hosted instance) via API key. Full CHI introspection, cloud policy evaluation, Polygon L2 audit anchoring, and team-wide compliance reporting.

Configuration

{
  "abs.apiUrl": "https://api.abscore.app",
  "abs.apiKey": "<YOUR_ABS_API_KEY>",
  "abs.scanOnSave": true,
  "abs.enterpriseMode": false
}

For on-premise deployments, set abs.apiUrl to your internal ABS Core instance. For air-gapped environments, leave abs.enterpriseMode false — the WASM kernel operates without any outbound connection.

PAAT (Policy-as-a-Token): Supply an offline RS256 JWT containing compiled policy rules via abs.apiKey. The kernel unpacks and applies them inside your workspace without backend connectivity.

Built-in Policy Rules

Rule	Description	Default Verdict
`code-01`	Recursive delete (`rm -rf`) outside temp directories	DENY
`code-02`	Secret file access (`.env`, `.pem`, SSH keys)	ESCALATE
`code-03`	Destructive git operations (`push --force`)	DENY
`code-04`	Hard reset (`git reset --hard`)	ESCALATE
`code-05`	Prompt injection patterns in agent output	WARN

Audit Trail

Every governed action generates a signed Decision Envelope containing: agent ID, action type, verdict, matched rule ID, proof hash, and timestamp. In Enterprise mode, this envelope is hashed, Merkle-chained, and anchored on Polygon L2.

The public audit feed at abscore.app shows live decisions — anyone can verify any record independently via Polygonscan without trusting ABS Core.

Installation

Option 1 — VS Code Marketplace (recommended)

code --install-extension oconnector.abs-vscode

Option 2 — VSIX (Cursor, Windsurf, VSCodium)

# Download from GitHub Releases, then:
cursor --install-extension abs-vscode-10.1.3.vsix
# or
code --install-extension abs-vscode-10.1.3.vsix

Option 3 — Open VSX

ovsx get oconnector.abs-vscode

ABS Kernel - Authorized Agent Governance

OConnector Technology