ASHE: A Capability Mediation Protocol for the AI Agent Era, Establishing Structural Boundaries for Agent Behaviors

ASHE is an open-source protocol that constrains AI agent behaviors at the protocol layer via a 'capability leasing' mechanism, offering a structural alternative to self-censorship security paradigms like RLHF. Its core idea is to allow models to think freely, ensure controllable behavior outcomes through the protocol layer, without restricting the model's reasoning capabilities, while guaranteeing security and auditability.

As AI agents become more autonomous, traditional security methods (such as RLHF, constitutional training, and rejection layers) achieve security by limiting the model's reasoning capabilities, but stifle benign creativity. ASHE proposes a new approach: instead of censoring behaviors, it constrains outcomes via capability leasing at the protocol layer.

ASHE's core argument is that 'bounded outcomes do not equal censored behaviors'. Capability leasing means that when an agent performs an action, ASHE issues a time and scope-limited authorization, determining the action's authorized scope, visibility, and audit method. Analogy to TLS: it does not censor content, but ensures outcome controllability through the protocol.

Three-Tier Architecture: 1. Agent-side execution (SDK integration constraints); 2. Developer-side sealed workspace (isolation combined with sandbox technology); 3. Network-side handshake (negotiation via .well-known/ashe endpoint). Layered Execution Model: From cooperative SDK (voluntary) to hardware root of trust (mandatory), supporting gradual adoption by the ecosystem.

-Frictionless: Eliminate approval friction through resident capabilities, risk stratification automation, cached approvals, and intent inference; -Non-intrusive at Model Layer: No modification to model weights/architecture, no restriction on reasoning capabilities, only outcome constraints at the protocol layer; -Cross-vendor Neutrality: Open standards, multiple implementations, not tied to specific models/platforms, Apache 2.0 license.

ASHE represents an important shift in the AI security field: 1. From model layer to protocol layer; 2. From censorship to constraint; 3. From proprietary to open; 4. From static to dynamic. Its philosophy of 'letting models think freely, with protocol-constrained outcomes' may become an important paradigm for future AI security architectures.

Open Source Background: Developed by patrickkarle from the Phor team, released on GitHub (link: https://github.com/patrickkarle/ashe-spec), under the Apache 2.0 license. Documentation System: MANIFESTO.md (opening statement), CASE-FOR-NOW.md (urgency argument), VISION.md (technical vision), decisions/INDEX.md (architecture decision records).