Design Philosophy
Verify the Agent and Actions without Trusting the Source
Forward Secrecy by Default
Graceful Degradation

Design Philosophy

Verify the Agent and Actions without Trusting the Source

Full formal verification of LLM agents is impractical. The token space is infinite, outputs are non-deterministic, and natural language behaviors resist formal specification. Spellguard takes a different approach: verify the boundaries around agent interactions, not the agent internals.

Key insight: Every agent identity is cryptographically verified, every message produces a tamper-evident commitment, and the Verifier itself is verified by clients before they send secrets.

Forward Secrecy by Default

Session keys exist only in Verifier RAM. They are generated on startup, used to sign attestations and establish secure channels, and destroyed on shutdown. Even if an attacker later compromises the Verifier’s persistent storage, they cannot decrypt past sessions.

Graceful Degradation

If a logging backend is unreachable, messages still flow with warnings in the response. Spellguard prioritizes availability while maintaining auditability guarantees.

Architecture cTLS Overview

Overview

Specifications

Getting Started

Reference

Design Philosophy

Design Philosophy

Verify the Agent and Actions without Trusting the Source

Forward Secrecy by Default

Graceful Degradation

Overview

Specifications

Getting Started

Reference

Documentation Index

​Design Philosophy

​Verify the Agent and Actions without Trusting the Source

​Forward Secrecy by Default

​Graceful Degradation

Design Philosophy

Verify the Agent and Actions without Trusting the Source

Forward Secrecy by Default

Graceful Degradation