Architecture

How Atested fits in

Atested is an HTTP proxy. It sits between your AI agent and the model provider. The agent sends API requests through Atested. Atested forwards them upstream, gets the model's response, and inspects it before passing it back.

The interception point

When an AI application or agent sends a request to the model, the model responds with text. This text often has actions for the agent to perform. These include file writes, command executions, and network requests. Actions have direct consequences.

Atested intercepts the model's response at the API level and classifies each one. Atested examines each message for actions. Each action is evaluated by its parameters. Actions that pass are forwarded to the AI app or agent. Text and non-action content passes through without modification. Denied actions are replaced with a denial message.

Since this happens at the API transport layer neither the AI app/agent or the model notice anything different. If an action is allowed, the agent receives it normally and executes it. If an action is denied, the agent receives a denial message in place of the action.

Atested never modifies text or allowed actions — only denied actions are replaced with a denial message.

Performance

Text streams through in real-time. Atested passes text chunks as they arrive from the model. Actions are buffered for classification, adding sub-millisecond overhead per action.

What the agent experiences

When an action is denied, the model receives the denial with reasons and adapts — it tries an alternative approach or asks for guidance. No special API, no library, no agent changes.

Multi-machine model

Every machine governs locally. The proxy on a remote machine makes ALLOW and DENY decisions without waiting for the primary or the network. The remote writes its own signed chain with its own machine ID and key.

The primary is the only machine that talks to Atested servers. Remotes sync signed chain segments to the primary over HTTP with application-level Ed25519 signatures. The primary verifies the remote material, stores it as a sidecar, and appends an import envelope to the primary chain.

The dashboard's unified view is a query layer. It merges primary-local records with verified imported remote records for display, reports, and evidence export. It does not rewrite remote records or make the primary chain pretend it created remote decisions.