This directory contains the executable logic of the Ghost Router system.
Where /specs defines the standards, ghostrouter-core implements them.
The core module acts as the brain and control layer of the entire Ghost Router architecture. Core Philosophy
Zero-Trust by default Identity > User
Telemetry decides trust, not claims Token = contract of what an agent is allowed to do
AI-native security (not human-centric)
Quarantine-first handling of unknown inputs Defense modes: shadow/honeypot/riot
🧠 What Is Inside ghostrouter-core? ghostrouter-core/ ├─ orchestrator.py ← The main identity & decision engine ├─ route_selector.py ← Route selection logic for all agent operations ├─ token_validation.py ← Signature, binding & schema validation (coming) ├─ trust_engine_v4.py ← Telemetry-driven trust scoring logic (coming) ├─ init.py
💡 Responsibilities of the Core Module
The core performs all the real-time security and identity decisions for the entire multi-agent environment:
- Personatoken Validation
signature verification (HMAC/Ed25519)
schema validation
expiry and binding matching
replay detection
- Trust Engine (v4)
evaluate telemetry (entropy, latency, anomalies)
apply penalties (fork/quarantine)
apply boosts (shadow honeypot deception)
assign final trust_score and risk_level
- Identity Orchestration
The orchestrator checks:
token type (full, light, delegated, shadow, fork, riot)
risk level
permissions & constraints
network/datascope restrictions
…and outputs the final decision:
{ allow: true|false, route: "local_inference_cluster", mode: "normal|sandbox|quarantine|shadow|riot", sandbox: true|false, anonymize: true|false, reason: "text" }
- Route Selection
Route selection logic determines the exact execution target:
local inference cluster
cloud LLM backend
quarantine sandbox
honeypot system
fallback safe-path
- Safe Defaults
If anything is invalid, unclear, mismatched or dangerous:
allow = false route = None mode = denied
Ghost Router always fails safe.
📦 Core Philosophy
Zero-Trust by default
Identity > User
Telemetry decides trust, not claims
Token = contract of what an agent is allowed to do
AI-native security (not human-centric)
Quarantine-first handling of unknown inputs
Defense modes: shadow/honeypot/riot
🚀 Development Status
orchestrator.py – alpha
route_selector.py – alpha
token_validation.py – coming
trust_engine_v4.py – coming
tests/ — planned
routes.json & risk_policies.json — planned
🧪 Run Local Dry-Tests python3 orchestrator.py
This tests:
default request
placeholder token
flow from: validation → trust → routing → decision
🛠 Next Steps
add signatures (ed25519)
add session/device binding checks
move route rules to routes.json
integrate trust_engine_v4
wire core into Ghostrouter services (W&B, telemetry, LLMinfra)
💜 Maintainers
Gary & Juulia — Ghost Router Lab (2025) Building the world’s first AI-native Zero Trust identity system.