AsiBackbone.Core
2.0.2
See the version list below for details.
dotnet add package AsiBackbone.Core --version 2.0.2
NuGet\Install-Package AsiBackbone.Core -Version 2.0.2
<PackageReference Include="AsiBackbone.Core" Version="2.0.2" />
<PackageVersion Include="AsiBackbone.Core" Version="2.0.2" />
<PackageReference Include="AsiBackbone.Core" />
paket add AsiBackbone.Core --version 2.0.2
#r "nuget: AsiBackbone.Core, 2.0.2"
#:package AsiBackbone.Core@2.0.2
#addin nuget:?package=AsiBackbone.Core&version=2.0.2
#tool nuget:?package=AsiBackbone.Core&version=2.0.2
<p align="center"> <img src="docs/images/asibackbone-icon-256.png" alt="AsiBackbone governance spine icon" width="160" height="160" /> </p>
AsiBackbone
Accountable Systems Infrastructure for governed .NET decision flow.
AI may provide the intellect. AsiBackbone provides the accountable spine.
The practical problem
Most software can tell you what happened. Far less can show that an action was evaluated before it executed: which rules shaped the decision, which policy version applied, whether acknowledgment was required, how follow-on authority was scoped, and where the host took responsibility for execution.
AsiBackbone is a .NET package family for that decision boundary. It helps a host application build safe policy context, evaluate constraints, return a structured decision, preserve a decision receipt, optionally scope continuation, and then let the host decide whether and how to execute.
In this software project, ASI means Accountable Systems Infrastructure.
Implementation-first mental model
A normal API adoption path looks like this:
HTTP request
-> host builds safe evaluation context
-> host-owned rules evaluate the request
-> AsiBackbone returns a GovernanceDecision
-> host writes audit residue / decision receipt
-> host continues only when decision.CanProceed is true
Use plain engineering translations first:
| Project term | Practical meaning |
|---|---|
| Governance spine | Policy decision pipeline around consequential operations. |
| Audit residue | Decision receipt or audit-log payload. |
| Acknowledgment handshake | Confirmation workflow before a risky operation. |
| Capability grant | Short-lived scoped permission. |
| Governance outbox | Durable outbox pattern for governance events. |
| OpenTelemetry projection | Optional traces/metrics projection after local records exist. |
| Host-owned execution boundary | The application code that performs or refuses the protected operation. |
First code path
The snippet below is an intentionally small README slice, not a complete Program.cs. It shows the primary governance path: build safe context, evaluate policy, write audit residue, and let the host execute only after the decision allows it. The full compile-ready walkthrough lives in First 15 Minutes: Standard API Gating.
// Registration: Core evaluator + one host-owned rule + local in-memory audit sink.
builder.Services.AddAsiBackboneAspNetCore();
builder.Services.AddSingleton<InMemoryAuditLedger>();
builder.Services.AddSingleton<IAsiBackboneAuditSink>(sp =>
sp.GetRequiredService<InMemoryAuditLedger>());
builder.Services.AddSingleton<IAsiBackboneConstraint<AsiBackboneConstraintEvaluationContext>, AllowedRegionConstraint>();
builder.Services.AddSingleton<IAsiBackbonePolicyEvaluator<AsiBackboneConstraintEvaluationContext>>(sp =>
new DefaultAsiBackbonePolicyEvaluator<AsiBackboneConstraintEvaluationContext>(
sp.GetServices<IAsiBackboneConstraint<AsiBackboneConstraintEvaluationContext>>(),
decisionPolicy: null,
options: new AsiBackbonePolicyEvaluatorOptions { DenyWhenNoConstraints = true }));
app.MapPost("/api/orders/{region}/approve", async (
string region,
HttpContext httpContext,
IAsiBackbonePolicyEvaluator<AsiBackboneConstraintEvaluationContext> evaluator,
IAsiBackboneAuditSink auditSink,
CancellationToken cancellationToken) =>
{
var metadata = new Dictionary<string, string>(StringComparer.Ordinal)
{
["operation"] = "orders.approve",
["region"] = region,
["risk"] = "routine-api-write"
};
var context = new AsiBackboneConstraintEvaluationContext(
correlationId: httpContext.TraceIdentifier,
policyVersion: "policy-v1",
policyHash: "policy-hash-v1",
metadata: metadata);
GovernanceDecision decision = await evaluator.EvaluateAsync(context, cancellationToken);
AuditResidue residue = AuditResidue.FromDecision(
AsiBackboneActorContext.Human("example-user", "Example User"),
operationName: "orders.approve",
decision,
metadata: context.Metadata);
await auditSink.WriteAsync(residue, cancellationToken);
if (!decision.CanProceed)
{
return Results.Json(new
{
allowed = false,
decision = decision.Outcome.ToString(),
decision.ReasonCodes,
auditEventId = residue.EventId
}, statusCode: StatusCodes.Status403Forbidden);
}
// Host-owned execution starts here. AsiBackbone does not approve the order itself.
return Results.Ok(new
{
allowed = true,
message = "Host order approval would run after this governance decision.",
auditEventId = residue.EventId
});
});
For production-style hosts, add durable audit/outbox persistence, signing or verification, DLP/classification, provider emission, and operational monitoring only where the host has explicitly chosen and configured those boundaries.
Package family
Stable 2.0.x package family. 2.0.2 is the current compatible patch release. 2.0.0 began the current major release line after the public package and namespace identity moved from CDCavell.AsiBackbone.* to AsiBackbone.*. The package family carries forward the governance-spine surface with builder-facade, analyzer, OpenTelemetry, signing-provider, testing-harness, template package, endpoint diagnostics, sample, Source Link metadata, package SBOM/provenance artifacts, corrected repository/package icon metadata, and documentation-alignment surfaces.
| Package | Role |
|---|---|
AsiBackbone.Core |
Framework-neutral governance primitives: decisions, constraints, acknowledgments, audit residue, lifecycle events, capability-token abstractions, durable outbox contracts, provider-neutral emission contracts, DLP/classification policy primitives, signing-ready metadata, canonical hashing/signing seams, and verification-policy primitives. |
AsiBackbone.DependencyInjection |
Explicit AddAsiBackbone(...) builder facade for coordinating host-selected provider registrations without making Core own infrastructure. |
AsiBackbone.Storage.InMemory |
Non-durable in-memory storage helpers for tests, samples, local validation, lifecycle events, and outbox proof paths. |
AsiBackbone.EntityFrameworkCore |
EF Core model configuration and host-owned persistence for audit ledger, acknowledgments, lifecycle events, and governance outbox records. |
AsiBackbone.AspNetCore |
ASP.NET Core host adapters for actor context, request correlation, audit enrichment, HTTP result mapping, acknowledgment challenge flows, endpoint governance, and hosted outbox drain integration. |
AsiBackbone.Testing |
Test-only harness helpers for deterministic endpoint governance, policy results, capability validation, in-memory audit inspection, non-durable outbox storage, and no-signature signing seams. |
AsiBackbone.Templates |
dotnet new templates for generating governed ASP.NET Core host scaffolds with endpoint governance, sample policies, local in-memory audit inspection, analyzers, and README guidance. |
AsiBackbone.Analyzers |
Roslyn analyzer safety rails for governance persistence and continuation flows. |
AsiBackbone.OpenTelemetry |
Released OpenTelemetry governance emission provider that projects provider-neutral envelopes into .NET diagnostics. |
AsiBackbone.Signing.LocalDevelopment |
Local-development signing and verification for tests, samples, and wiring proof paths only. Not for production key custody. |
AsiBackbone.Signing.ManagedKey |
Managed-key signing adapter boundary. The host supplies the actual managed-key client, credentials, key operations, verification path, monitoring, and operational policy. |
Future Event Hubs, Purview, Azure-specific, gateway, robotics, immutable-storage, or additional provider packages are not part of the stable contract unless separately reviewed and released.
Start here
For implementation-first adoption:
- Implementation-First Adoption Path — plain engineering translations and the recommended first reading path.
- First 15 Minutes: Standard API Gating
- AddAsiBackbone Builder Facade
- dotnet new Templates
- Reference Deployment: Plain ASP.NET Core Host Evidence
- Testing Harness
- Project Boundaries and Non-Claims
- Terminology Map
- Progressive Adoption Ladder
For optional conceptual background:
- Intent to Execution: An Accountability Pattern
- Core Governance Flow Diagrams
- ASI Backbone Concept Synopsis
- Dynamic Liability Handshake
- Core Domain Language
- Host-Owned Execution Enforcement
The full, categorized documentation set lives at the documentation site.
Current status
Stable 2.0.x is the current released line, with 2.0.2 as the current compatible patch release. This release preserves the simplified AsiBackbone.* package and namespace identity established by 2.0.0 while carrying forward the Core foundation, builder-facade registration surface, in-memory validation storage, EF Core host-owned persistence, ASP.NET Core integration, test harness helpers, dotnet new templates, analyzers, the OpenTelemetry provider, local-development signing, the managed-key signing adapter boundary, samples, release validation, package SBOM/provenance artifacts, corrected repository/package icon metadata, Source Link metadata validation, and host-validation documentation.
The stable API contract is documented in API Compatibility and SemVer; the original 1.0.0 baseline, 1.1.0 addendum, 1.2.0 minor release boundary, 1.2.1 patch release boundary, 2.0.0 package/namespace migration boundary, 2.0.1 patch release boundary, and 2.0.2 package-icon correction boundary are recorded in the Historical Stable API Review, 1.1.x Release Notes, 1.2.0 Release Notes, 1.2.1 Release Notes, 2.0.0 Release Notes, 2.0.1 Release Notes, and 2.0.2 Release Notes.
Security and vulnerability reporting
Please report sensitive concerns through the repository Security Policy.
Relationship to NetCoreApplicationTemplate
NetCoreApplicationTemplate may be used as a preferred host baseline during development and validation, but AsiBackbone does not require it.
NetCoreApplicationTemplate = preferred host baseline
AsiBackbone = optional governance/module package family
Consumer application = chooses whether to use either or both
A consumer should be able to use AsiBackbone in an application generated from NetCoreApplicationTemplate, in an existing ASP.NET Core application, or in a custom host that provides the required infrastructure. See NetCoreApplicationTemplate Host Validation.
Alignment boundary
In this repository, ASI means Accountable Systems Infrastructure. AsiBackbone documentation may reference the broader Eden/Backbone framework as conceptual inspiration, but implementation claims should remain grounded in practical software governance.
Current NuGet packages are not signed release artifacts from the project maintainer. Package signing may be adopted later through .NET Foundation-supported infrastructure or another reviewed release-signing process.
Safe language:
- AsiBackbone stands for Accountable Systems Infrastructure Backbone.
- AsiBackbone implements governance-oriented software primitives.
- AsiBackbone helps structure consequential decision flow through constraints, acknowledgment, audit, capability boundaries, durable outbox persistence, provider emission, and signing-provider boundaries.
- AsiBackbone can surround intelligent or decision-producing systems with accountable execution infrastructure.
- AsiBackbone is inspired by broader Eden/Backbone governance concepts without claiming to implement an intelligence engine.
Avoid language such as:
- AsiBackbone implements an intelligence engine.
- AsiBackbone proves the Eden Hypothesis.
- AsiBackbone is an AI model.
- AsiBackbone is tamper-evident or immutable by default.
- AsiBackbone replaces AI safety governance, legal review, operational security, DLP review, or organizational accountability.
Design principles
- Keep Core small.
- Keep Core dependency-light.
- Avoid hidden host assumptions.
- Prefer explicit integration over magic.
- Let the host own infrastructure.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- No dependencies.
NuGet packages (7)
Showing the top 5 NuGet packages that depend on AsiBackbone.Core:
| Package | Downloads |
|---|---|
|
AsiBackbone.Storage.InMemory
Non-durable in-memory storage helpers for Accountable Systems Infrastructure local validation, tests, and samples. |
|
|
AsiBackbone.AspNetCore
ASP.NET Core host adapters for Accountable Systems Infrastructure actor context, request correlation, HTTP result mapping, and acknowledgment challenge flows. |
|
|
AsiBackbone.EntityFrameworkCore
Entity Framework Core model configuration and host-owned persistence helpers for Accountable Systems Infrastructure audit and acknowledgment records. |
|
|
AsiBackbone.OpenTelemetry
OpenTelemetry-friendly Accountable Systems Infrastructure governance emission provider for AsiBackbone decision-flow telemetry. |
|
|
AsiBackbone.Signing.ManagedKey
Provider-neutral managed-key signing adapter for Accountable Systems Infrastructure governance artifacts without loading raw private keys into Core. |
GitHub repositories
This package is not used by any popular GitHub repositories.