SHEPHERD

pcas.io / Architecture v1.4 / Phase 1: Live

Self-extending AI agents with WASM sandbox. Extensions are generated, scanned, compiled, and executed at runtime — all within a security perimeter enforced by gRPC contracts, capability tokens, and an HMAC-chained audit log.

How it works

  1. 01User sends natural-language message via Telegram
  2. 02Claude classifies intent, generates Go source code
  3. 03SAST scans code (Go AST) — blocks dangerous patterns
  4. 04Compile to WebAssembly (wasip1 target)
  5. 05Execute in wazero sandbox with capability token
  6. 06Return structured result, audit every event
  7. 07Cache extension for instant reuse (~3s vs ~15s)

Three-layer security

Layer 1: SAST

Go AST blocks forbidden imports, calls, env access, hardcoded secrets.

Layer 2: WASM

Zero syscalls, zero sockets, isolated linear memory. Escape-proof by design.

Layer 3: Policy

Domain allowlist (compiled), HMAC tokens, rate limiting, HMAC-chained audit.

Built and verified (Phase 1)

SAST Scanner
11 tests, Go AST
Capability Tokens
HMAC-SHA256, TTL 1h
Audit Log
SQLite + HMAC chain
WASM Runtime
wazero, 30s timeout
gRPC Contract
Protobuf, buf CI
Rate Limiting
Token bucket per IP

Roadmap

Phase 1 — Live

  • WASM Sandbox
  • SAST + Tokens
  • Audit + gRPC

Phase 3 — Q3 2026

  • Multi-User
  • OPA Policies
  • NIS2 Mapping

Phase 4 — Q4 2026

  • Web UI
  • 1000+ Scale
  • Multi-Tenant

Why it matters

Risk Reduction

Every agent action is sandboxed, scanned, and audit-logged before it touches production.

Compliance Path

HMAC-chained audit trail and capability tokens create a verifiable trust chain.

Proven Tech

71 tests, Phase 1 live, real Telegram traffic — not a prototype.

Low Overhead

Single Go binary, Docker Compose up, no Kubernetes required.