| Hi HN — I've been experimenting with ways to make AI agent actions auditable and enforceable at runtime. This project has two parts. 1. LICITRA-MMR — An append-only audit log using a Merkle Mountain Range instead of a simple hash chain. With a hash chain, verifying one event requires replaying the entire log. With an MMR, verification uses a logarithmic proof (~14 SHA-256 operations for ~10k events). 2. LICITRA-SENTRY — A small control layer between agents and tools. Flow: agent → authorization service → signed execution ticket → proxy → tool After approval, the system issues a signed ticket containing agent identity, tool name, hash of the exact request payload, and expiration. The proxy verifies the signature and recomputes the request hash before allowing execution. This blocks: payload mutation after approval, replay of approvals across agents, and direct tool access without authorization. Limitations I want to be upfront about: single-operator trust model, simple pattern-based content inspection, no distributed verification, not integrated with frameworks yet. SENTRY repo: https://github.com/narendrakumarnutalapati/licitra-sentry Happy to answer questions about design tradeoffs or where this breaks. |