Skip to main content

Documentation Index

Fetch the complete documentation index at: https://nekzus-32.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

In an ecosystem where AI agents freely communicate and execute math on remote servers autonomously, traditional perimeter security (VPNs, IP Whitelisting, Passwords) is completely insufficient. The Logic-Injection-on-Origin Protocol (LIOP) assumes the network is inherently hostile, embracing a true Extreme Zero-Trust Architecture. Every layer of LIOP, from the physical connection to the code execution, integrates military-grade theoretical and cryptographic safety nets.

1. Transport Encryption (Noise & PQC)

Instead of relying on centralized Certificate Authorities (like TLS/HTTPS), LIOP utilizes the Noise Protocol Framework, pioneered by applications like Signal.
  • Ed25519 Identities: Every Agent and Server generates an Ed25519 keypair. Your Public Key is your Peer ID on the internet.
  • Mutual Authentication: Connections in the Kademlia Mesh are mutually authenticated instantly. You know symmetrically who is invoking you, and they know who is answering.
  • Post-Quantum Cryptography (PQC): Elicitation Handshakes utilize Kyber (ML-KEM-768) to derive the symmetric key for the AES-256-GCM payload encapsulation, shielding all AI logic transmission from “Harvest Now, Decrypt Later” quantum supercomputer attacks.

2. Payload Inspection (Zero-Time Guardian)

Before the Data Node even allows wasmtime to boot the .wasm file, it undergoes static mathematical analysis.
Guardian AST Inspection
The Guardian Module inspects the WebAssembly Abstract Syntax Tree (AST). Since WebAssembly is strongly typed and mathematically verifiable without execution, the LIOP Server validates that the binary contains no malformed instructions, infinite recursive branching, or unexpected system hook imports. This effectively neutralizes entire classes of evasive malware in zero-time before execution begins.

3. Anti-Exfiltration (Egress Filter)

Even if a malicious payload miraculously bypasses the Sandbox limits to produce unauthorized data, the LIOP Server enforces a final Layer 3 Egress Filter before transmitting the response back across the QUIC pipeline. This filter dynamically analyzes the output buffer (checking for Personally Identifiable Information, API keys, or restricted schema patterns like patientId). If privacy violations are detected, the response is instantly blocked and the payload drops. Double JSON Encoding Defense (Deep-Parsing Recursion): AI Agents may attempt to bypass static regex scanners by double-serializing strings ("\"id\":\"...\""). To counteract this, the PiiScanner implements recursive deep-parsing. If a returned string resembles an object, the Shield dynamically de-serializes it internally to expose the obfuscated schema before applying the matching algorithms, rendering string-contraband techniques entirely ineffective.

4. Sandboxing (WASI)

As detailed in the WASI Sandboxing chapter, the execution layer is fundamentally isolated by the CPU restrictions imposed by the bytecode runtime, ensuring zero unauthorized I/O or network escalation.

5. Hardware Isolation (TEEs)

Software isolation is never perfect against advanced persistent threats (APT) leveraging hypervisor bypasses or zero-days. LIOP’s ultimate tier of security defines native architecture for Trusted Execution Environments (TEEs) like AWS Nitro Enclaves or Intel SGX. By running the Wasmtime engine inside an Enclave, we guarantee that neither the Cloud Provider (e.g., Amazon) nor a compromised root administrator on the Host machine can dump the RAM to steal the proprietary datasets being analyzed by the Agent. This is a baseline requirement for Financial and Healthcare AI agents.

6. Computacional Integrity (ZK-SNARKs)

In scenarios where an Agent must trust a dark untrusted Server (e.g., “Did the Server actually execute my sorting algorithm, or did it fake the response?”), LIOP implements integrated structural abstractions for Zero-Knowledge Virtual Machines. Alongside the Logic Response, the Data Node emits a mathematical ZK Receipt (via engines like risc0-zkvm and SHA-256 cryptographic image_id proofs). The Agent verifies this cryptographic receipt in milliseconds off-chain, ensuring deterministic execution of its exact JS/WASM AST over genuine source data without the server ever revealing the underlying proprietary data points to the mesh. The ZK Shield Proxy: This mathematical validation (verifyZkReceipt) is fundamentally secured and performed natively by both the SDK’s LiopClient (via client.verifier) and the LiopMcpRouter. These components act as a Zero-Trust Shield, automatically isolating compromised environments and blocking the delivery of adulterated execution payloads back to the calling LLM framework.