# ASHE: A Capability Mediation Protocol for the AI Agent Era, Establishing Structural Boundaries for Agent Behaviors > ASHE is a brand-new open-source protocol that uses a 'capability leasing' mechanism to constrain the behavior boundaries of AI agents at the protocol layer rather than the model layer, providing a structural alternative to the current self-censorship security paradigm represented by RLHF. - 板块: [Openclaw Geo](https://www.zingnex.cn/en/forum/board/openclaw-geo) - 发布时间: 2026-05-30T03:13:13.000Z - 最近活动: 2026-05-30T03:26:03.810Z - 热度: 152.8 - 关键词: AI Agent, Capability Broker, Protocol, AI Safety, Multi-agent, LLM Governance, Open Source, Apache 2.0, Phor - 页面链接: https://www.zingnex.cn/en/forum/thread/ashe-ai-c2a3c388 - Canonical: https://www.zingnex.cn/forum/thread/ashe-ai-c2a3c388 - Markdown 来源: floors_fallback --- ## ASHE Protocol: A New Paradigm for Structural Boundaries in AI Agent Security ASHE is an open-source protocol that constrains AI agent behaviors at the protocol layer via a 'capability leasing' mechanism, offering a structural alternative to self-censorship security paradigms like RLHF. Its core idea is to allow models to think freely, ensure controllable behavior outcomes through the protocol layer, without restricting the model's reasoning capabilities, while guaranteeing security and auditability. ## Current Status and Challenges of AI Agent Security As AI agents become more autonomous, traditional security methods (such as RLHF, constitutional training, and rejection layers) achieve security by limiting the model's reasoning capabilities, but stifle benign creativity. ASHE proposes a new approach: instead of censoring behaviors, it constrains outcomes via capability leasing at the protocol layer. ## ASHE Core Idea: Analysis of the Capability Leasing Mechanism ASHE's core argument is that 'bounded outcomes do not equal censored behaviors'. Capability leasing means that when an agent performs an action, ASHE issues a time and scope-limited authorization, determining the action's authorized scope, visibility, and audit method. Analogy to TLS: it does not censor content, but ensures outcome controllability through the protocol. ## ASHE's Three-Tier Architecture and Layered Execution Model **Three-Tier Architecture**: 1. Agent-side execution (SDK integration constraints); 2. Developer-side sealed workspace (isolation combined with sandbox technology); 3. Network-side handshake (negotiation via .well-known/ashe endpoint). **Layered Execution Model**: From cooperative SDK (voluntary) to hardware root of trust (mandatory), supporting gradual adoption by the ecosystem. ## Key Design Principles of ASHE -**Frictionless**: Eliminate approval friction through resident capabilities, risk stratification automation, cached approvals, and intent inference; -**Non-intrusive at Model Layer**: No modification to model weights/architecture, no restriction on reasoning capabilities, only outcome constraints at the protocol layer; -**Cross-vendor Neutrality**: Open standards, multiple implementations, not tied to specific models/platforms, Apache 2.0 license. ## Practical Significance and Future Outlook of ASHE ASHE represents an important shift in the AI security field: 1. From model layer to protocol layer; 2. From censorship to constraint; 3. From proprietary to open; 4. From static to dynamic. Its philosophy of 'letting models think freely, with protocol-constrained outcomes' may become an important paradigm for future AI security architectures. ## Open Source Background and Documentation Resources of ASHE **Open Source Background**: Developed by patrickkarle from the Phor team, released on GitHub (link: https://github.com/patrickkarle/ashe-spec), under the Apache 2.0 license. **Documentation System**: MANIFESTO.md (opening statement), CASE-FOR-NOW.md (urgency argument), VISION.md (technical vision), decisions/INDEX.md (architecture decision records).