AARTS Protocol

AARTS (AI Agent Runtime Safety Standard) implements a Host/Adapter/Security Engine pattern for evaluating every request at runtime against safety policies.

Key Principle: Deny-by-Default

If the Security Engine fails for any reason — crash, timeout, exception — the request is denied. This is the opposite of traditional systems that fail-open.

Protocol Flow

Host (Gateway)
  → Adapter (translates to AARTS format)
    → Security Engine (evaluates policies)
      → Decision: ALLOW | DENY | MODIFY | QUARANTINE

Policies

AARTS policies can restrict by entity type, required/blocked skills, anomaly score thresholds, and resource patterns. They apply equally to humans and agents.

Usage

from trusthub import SecurityEngine, AARTSAdapter, AARTSPolicy
from trusthub.constants import EntityType

# Create engine with policies
engine = SecurityEngine(
    behavior_monitor=monitor,
    skill_registry=registry,
)
engine.add_policy(AARTSPolicy(
    name="block-unverified-skills",
    require_verified_skills=True,
    blocked_resources=["/admin/*"],
))

# Check a request
adapter = AARTSAdapter(engine)
response = adapter.check_request(
    identity_did="did:trusthub:acme:abc123",
    entity_type=EntityType.AGENT,
    resource="/api/payments",
    action="transfer",
    skill_ids=["abc123..."],
)
print(f"Decision: {response.decision}")  # ALLOW or DENY