What the Control Plane exposes.
This page is for architects and engineering leaders evaluating AlphaBitCore. It covers what the platform exposes conceptually, how it integrates with an enterprise stack, and how technical teams get access during evaluation. Public API reference lives behind evaluation, not on the marketing site.
Six planes. Separated by design.
The Prime Execution Model (PEM) structurally separates who plans, who authorizes, who mutates, and who records. Without that separation the planner silently becomes the executor and the trace self-attests — a classical capability-security failure, instantiated here for trajectory-level verification.
Governance
Maintains policy rules and architectural invariants. Declares what is permitted in principle. The authorship layer — separate from the code path that evaluates policy at runtime.
Planning
Plan construction, task decomposition, candidate-action proposal under contract C. Untrusted with respect to authorization — the planner cannot authorize its own execution. This is the capability-security primitive that makes planner compromise survivable.
Enforcement
The authoritative choke point. Evaluates every candidate action against the contract, produces the canonical allow/deny record, signs it. Path compliance and deny semantics derive from this single architectural rule — the paper's Golden Rule.
Effect
The sole component permitted to produce durable state mutation or external effect, and only within the scope Enforcement authorized. Exclusive-credential discipline is what makes trace completeness enforceable in the real deployment.
Record
Tamper-evident archival. Implements the append-only Merkle seal over the causal event stream (ECES). Houses the Contract Registry (id(C) → C, content-addressed), the Revocation Log (point-in-time freshness), and the Key Registry (EAC key rotation). Recorder-assigned time and commit sequence are monotone and authoritative.
Observation
Non-authoritative. Cannot retroactively authorize or rewrite. Audit, anomaly detection, engineering forensics, and proof-driven scheduling all read from here — they do not write back.
All effectful execution must pass through exactly one authoritative Gateway evaluation.
Rhodes & Kang, Proof of Execution(2026), §6.
Designed to coexist, not replace.
AlphaBitCore is built to sit next to the identity, observability, and orchestration infrastructure enterprises already run — and to unify the governance surface across all of it.
Identity and auth
The Gateway federates with enterprise IdP and service-mesh identity. Specifics — OIDC, SPIFFE / SVID, workload identity federation, token exchange — are covered per deployment in architecture review.
Agent frameworks and orchestrators
AlphaBitCore sits under agent frameworks and orchestrators as the governed invocation substrate. Integration patterns for common frameworks, MCP tool servers, and major model providers are walked through during evaluation.
Observability and SIEM
The event stream is consumable by enterprise SIEM, observability, and FinOps tooling. Export formats and correlation patterns are specified per deployment.
What a CAPABILITY_RESULT envelope binds, by capability type.
A capability-result event names what was invoked and captures the replay-critical inputs that go into the envelope hash. The exact set of fields depends on what was called. Tool invocations and hosted-model inference have distinct schemas; both are sealed the same way.
capability_type: “mcp_tool”
External tool invocations. The one in the paper’s worked example: a web_fetch against a price series.
{
"capability_type": "mcp_tool",
"capability_name": "web.fetch.market_price",
"call_id": "call_89b8f0611e28...",
"input_hash": "...",
"tool_schema_hash": "...",
"response_body_hash": "...",
"node_ref": "eb.node_2",
"status": "completed"
}Replay depends on the captured response body being attached to R. Without it, I_ 5a fails.
capability_type: “llm_infer”
Hosted-model inference. Every replay-critical sampling knob is bound into the envelope; nothing about the model call is implicit.
{
"capability_type": "llm_infer",
"capability_name": "anthropic/claude-sonnet-4-5",
"model_id": "claude-sonnet-4-5",
"model_version": "2026-04-08",
"endpoint_digest": "sha256:3f2a...",
"temperature": 0.2,
"top_p": 1.0,
"top_k": null,
"seed": 4201,
"tokenizer_hash": "sha256:c4d1...",
"rag_corpus_digest": "sha256:7a3f...",
"prompt_hash": "sha256:e2d7...",
"output_hash": "sha256:8d3f...",
"node_ref": "eb.node_2",
"status": "completed"
}Minimizes εdep for the LLM case: every non-deterministic input to model inference is declared, hashed, and bound into envelope_hash. Model deprecation is detectable via endpoint_digest mismatch on replay.
rag_retrieve, human_approval, and agent_subcall) are walked through in the architecture review under NDA.What the paper flags as future work — and how we plan to ship it.
Quorum-signed Gateway decisions.
Theorem 2 is stated for a single-logical-Gateway deployment. Threshold-Gateway (BFT-quorum) support extends the formal scope to replicated deployments. Target for prototype: Q4 2026; formal extension and proof as a companion paper.
Forward compatibility, explicitly committed.
EACs issued under single-logical-Gateway remain valid under threshold-Gateway — no re-attestation required — provided the issuing key is carried into the Key Registry. Years of accumulated EACs do not get invalidated by a deployment upgrade.
Multi-contract resource serialization.
Multiple simultaneously active contracts sharing a resource require cross-contract serialization semantics beyond the current paper. Covered during architecture review when the customer workload requires it.
For deterministic-scorer agents.
A reference implementation pairing PoE with a zkVM (Jolt, RISC Zero, SP1) for internal functional correctness inside the governance boundary. Medium-term capability flag; not committed to a v1 date.
Surfaces that become available under NDA.
- SDK and HTTP contract for the Gateway, with language bindings for the major enterprise runtimes.
- Sample Determinism Envelope payloads from real executions against reference workloads.
- Policy-as-code examples and a walkthrough of how Gateway policy composes with existing enterprise policy estates.
- Reference architecture diagrams for common deployment topologies.
- Integration notes for the agent framework and orchestrator you already run.
No code samples or API reference on the marketing site. All code, schemas, and developer materials are shared during evaluation.
Architecture review is a working session.
45 to 60 minutes with an AlphaBitCore engineer. Your model inventory, current policy surface, IdP and observability stack, and the specific governance questions your risk and security teams need answered.
Serious runtime. Serious evaluation motion.
We do not publish API reference or SDK code on the marketing site because the product is not in public-access stage. Technical depth during evaluation is extensive — we would rather show the actual surface to the people who are going to run it than ship a half-baked developer portal.