Hi HN — I've been experimenting with ways to make AI agent actions auditable and enforceable at runtime.
This project has two parts.
1. LICITRA-MMR — An append-only audit log using a Merkle Mountain Range instead of a simple hash chain. With a hash chain, verifying one event requires replaying the entire log. With an MMR, verification uses a logarithmic proof (~14 SHA-256 operations for ~10k events).
2. LICITRA-SENTRY — A small control layer between agents and tools.
Flow: agent → authorization service → signed execution ticket → proxy → tool
After approval, the system issues a signed ticket containing agent identity, tool name, hash of the exact request payload, and expiration. The proxy verifies the signature and recomputes the request hash before allowing execution.
This blocks: payload mutation after approval, replay of approvals across agents, and direct tool access without authorization.
Limitations I want to be upfront about: single-operator trust model, simple pattern-based content inspection, no distributed verification, not integrated with frameworks yet.
Readit News
This project has two parts.
1. LICITRA-MMR — An append-only audit log using a Merkle Mountain Range instead of a simple hash chain. With a hash chain, verifying one event requires replaying the entire log. With an MMR, verification uses a logarithmic proof (~14 SHA-256 operations for ~10k events).
2. LICITRA-SENTRY — A small control layer between agents and tools.
Flow: agent → authorization service → signed execution ticket → proxy → tool
After approval, the system issues a signed ticket containing agent identity, tool name, hash of the exact request payload, and expiration. The proxy verifies the signature and recomputes the request hash before allowing execution.
This blocks: payload mutation after approval, replay of approvals across agents, and direct tool access without authorization.
Limitations I want to be upfront about: single-operator trust model, simple pattern-based content inspection, no distributed verification, not integrated with frameworks yet.
SENTRY repo: https://github.com/narendrakumarnutalapati/licitra-sentry
Happy to answer questions about design tradeoffs or where this breaks.