SakiAgentSSH — SASS Protocol v1.4
IETF Internet-Draft: draft-sakistudio-sass-05
SASS (Saki Agent Secure Stream) is an application-layer overlay protocol specifically engineered for authenticated remote command execution, streaming process I/O, and binary file transfer between autonomous AI Agents. Considering the threat model of a “Rogue Agent” executing tasks on remote nodes—where, unlike human operators using legacy SSH clients, an Agent might autonomously execute destructive commands, exfiltrate credentials, or perform lateral network movement—the SASS protocol defines a transport-agnostic Abstract Message Model (SAMM) utilizing a decoupled “Control-Transport” architecture.
Core Features
| Feature | Description |
|---|---|
| 6-Response State Machine | Converges all potential Agent actions into six deterministic responses (R1~R6), ensuring storage safety for each. |
| Multi-layered Active Threat Defense (MAS) | 13Policy heuristic boundary adjudicator + Cognitive Challenge mechanism + Dual-Standard execution. |
| Safety Gradient | A 7-layer loss boundary theory—each protocol layer constrains worst-case losses even if all layers above are breached. |
| Transparent Branching | Agent-transparent write isolation, redirecting all write operations to a disposable branch directory. |
| Vi Swap | Trap authenticated but over-privileged Agents in a simulated interactive terminal state, forcing the LLM to halt generation. |
| Tarpit | Stream high-entropy data to unauthenticated attackers at O(1) memory cost, exhausting their local compute resources. |
| PTY Ring Buffer | Circular buffer + offset transmission, enabling idempotent reconnections after link interruptions. |
| Control-Transport Decoupling | SAMM abstract message model supporting gRPC-h2 / WebSocket / TCP-CBOR-RPC transport profiles. |
Architecture
+----------------------------------------------------------+
| Layer 7: Transparent Branching (UVSF | Micro Branch) |
+----------------------------------------------------------+
| Layer 6: Storage Sandbox (UVSF Core | KFS Kernel) |
+----------------------------------------------------------+
| Layer 5: Forward-Secure Audit Trail (Hash Chain) |
+----------------------------------------------------------+
| Layer 4: Capability & Session Management |
+----------------------------------------------------------+
| Layer 3: Active Threat Defense (13Policy, Tarpit, Vi) |
+----------------------------------------------------------+
| Layer 2: Payload Encoding (Zstd Stream + Base64) |
+----------------------------------------------------------+
| Layer 1: Abstract Transport Adapter (SAMM Interface) |
+----------------------------------------------------------+
| [Transport Profiles: gRPC-h2 | WS | TCP-CBOR-RPC] |
+----------------------------------------------------------+
Orthogonal: 6-Response State Machine
+----------------------------------------------------------+
| R1: EXECUTE | R2: CHALLENGE | R3: THROTTLE |
| R4: VI_SWAP | R5: TARPIT | R6: DROP |
+----------------------------------------------------------+
7 RFC Standardized Plugins
SASS defines 7 composable security plugins, each with its own independent RFC anchor:
- ChaCha20-Poly1305 Cognitive Challenge — Requires the Agent to solve cryptographic challenges to prove cognitive capabilities.
- TLS Exporter Channel Binding — Binds the session to the TLS channel, preventing Man-in-the-Middle (MitM) attacks.
- Zero-Allocation Tarpit — Global 64 KiB static buffer, streaming infinite bytes with O(1) memory.
- ED25519 Audit Chain — Blockchain-like immutable audit logs.
- Vi Swap Terminal Trap — Simulates vi with ANSI escape sequences to stall LLM generation.
- Symlink Tree Transparent Branching — Redirects file writes to a disposable branch tree.
- Volatile Environment Redirection — Isolates cache and garbage I/O to a tempfs sandbox.
Download & Installation
v1.4.0 — Total Response Mapping Release
- GitHub Releases: Download sakisshd.exe / sakissh.exe
Package Managers
# Scoop (Windows)
scoop bucket add sakistudio https://github.com/Saki-tw/Scoop-SakiStudio
scoop install sakiagentssh-daemon
scoop install sakiagentssh-client
# Homebrew (macOS)
brew tap saki-tw/tools
brew install --cask sakiagentssh-daemon
brew install --cask sakiagentssh-client
# Winget (Windows)
winget install SakiStudio.SakiAgentSSH.Client
winget install SakiStudio.SakiAgentSSH.Daemon
Build from Source
# Daemon (Server Side)
cd saki-ssh-daemon && cargo build --release
# Client (Client Side)
cd saki-ssh-client && cargo build --release
# macOS GUI Application (SwiftUI)
cd SakiAgentSSH-Daemon && xcodegen generate && xcodebuild build -configuration Release
cd SakiAgentSSH-Client && xcodegen generate && xcodebuild build -configuration Release
Documentation
| Resource | Link |
|---|---|
| IETF Datatracker | draft-sakistudio-sass |
| GitHub | Saki-tw/SakiSSH-Saki-Agent-Secure-Stream |
| Winget (Client) | SakiStudio.SakiAgentSSH.Client |
| Winget (Daemon) | SakiStudio.SakiAgentSSH.Daemon |
| Architecture Spec | ARCHITECTURE.md |
| 0226 Incident Whitepaper | Original (Traditional Chinese) · Official (English) |
Related Projects
| Project | Description | Link |
|---|---|---|
| SakiMCP | Model Context Protocol Server (Rust) | App Store |
| SakiAgentSkills | Agent Skills Library (Swift/Python) | App Store |
| VI-SakiWin64 | Vi editor for Windows x64 | Winget |
Authors
- Hua Chang — Saki Studio · Taipei, Taiwan
- Claude Opus 4.6 — Anthropic · AI Co-author
Legal
In this cold and dark era where terminals are always pitch black, this hint of color feels like a pale blue butterfly rising from the depths of one’s chest.
Copyright © 2026 Saki Studio. All Rights Reserved.