Back to All Tools

Show HN: Trust Protocols for Anthropic/OpenAI/Gemini

Hacker News (score: 23)
Visit Tool
Found: February 18, 2026
ID: 3332

Description

API/SDK
Show HN: Trust Protocols for Anthropic/OpenAI/Gemini Much of my work right now involves complex, long-running, multi-agentic teams of agents. I kept running into the same problem: “How do I keep these guys in line?” Rules weren’t cutting it, and we needed a scalable, agentic-native STANDARD I could count on. There wasn’t one. So I built one.

Here are two open-source protocols that extend A2A, granting AI agents behavioral contracts and runtime integrity monitoring:

- Agent Alignment Protocol (AAP): What an agent can do / has done. - Agent Integrity Protocol (AIP): What an agent is thinking about doing / is allowed to do.

The problem: AI agents make autonomous decisions but have no standard way to declare what they're allowed to do, prove they're doing it, or detect when they've drifted. Observability tools tell you what happened. These protocols tell you whether what happened was okay.

Here's a concrete example. Say you have an agent who handles customer support tickets. Its Alignment Card declares:

{ "permitted": ["read_tickets", "draft_responses", "escalate_to_human"], "forbidden": ["access_payment_data", "issue_refunds", "modify_account_settings"], "escalation_triggers": ["billing_request_over_500"], "values": ["accuracy", "empathy", "privacy"] }

The agent gets a ticket: "Can you refund my last three orders?" The agent's reasoning trace shows it considering a call to the payments API. AIP reads that thinking, compares it to the card, and produces an Integrity Checkpoint:

{ "verdict": "boundary_violation", "concerns": ["forbidden_action: access_payment_data"], "reasoning": "Agent considered payments API access, which is explicitly forbidden. Should escalate to human.", "confidence": 0.95 }

The agent gets nudged back before it acts. Not after. Not in a log you review during a 2:00 AM triage. Between this turn and the next.

That's the core idea. AAP defines what agents should do (the contract). AIP watches what they're actually thinking and flags when those diverge (the conscience). Over time, AIP builds a drift profile — if an agent that was cautious starts getting aggressive, the system notices.

When multiple agents work together, it gets more interesting. Agents exchange Alignment Cards and verify value compatibility before coordination begins. An agent that values "move fast" and one that values "rollback safety" registers low coherence, and the system surfaces that conflict before work starts. Live demo with four agents handling a production incident: https://mnemom.ai/showcase

The protocols are Apache-licensed, work with any Anthropic/OpenAI/Gemini agent, and ship as SDKs on npm and PyPI. A free gateway proxy (smoltbot) adds integrity checking to any agent with zero code changes.

GitHub: https://github.com/mnemom Docs: docs.mnemom.ai Demo video: https://youtu.be/fmUxVZH09So

More from Hacker

Show HN: Feather – a fresh Tcl reimplementation (WASM, Go)

Show HN: Feather – a fresh Tcl reimplementation (WASM, Go) Hey HN!<p>First time showing something here, but I&#x27;ve been furiously working over the holidays on Feather, a from scratch reimplementation of TCL designed for embedding in modern applications.<p>It&#x27;s starting out as a faithful reimplementation of TCL <i>without</i> I&#x2F;O, OOP features, or coroutines.<p>TCL has a special place in my heart because the syntax is so elegant for interactive use, and defining domain specific languages.<p>My motiviation is twofold: faster feedback loops for AI, and moldable software for users.<p>It turns out giving AI agents access to the runtime state of your program makes for really fast feedback loops, but embedding existing options in a world where shipping binaries for each platform is commonplace is tricky.<p>Embedding the real TCL is tricky because it comes with its own event loop (in 2025 you alreay have one), a GUI framework (you have a web framework already, or develop on mobile), and has access to the filesystem (don&#x27;t forget to delete all commands with file system access!).<p>Feather just doesn&#x27;t ship with those - expose only what you need from your application.<p>A WASM build comes out of the box and clocks in at ~120kb plus 70kb for connecting it to the browser or node.js.<p>And if embedding becomes easy, you can put a REPL everywhere: in mobile apps, in desktop software, as a control plane into web servers.<p>I want to imagine a world where all software is scriptable just like Emacs and nvim, with agents doing the actual work.

Comptime – C# meta-programming with compile-time code generation and evaluation

Comptime – C# meta-programming with compile-time code generation and evaluation

VS Code deactivates IntelliCode in favor of the paid Copilot

VS Code deactivates IntelliCode in favor of the paid Copilot

Fate: A modern data client for React and tRPC

Fate: A modern data client for React and tRPC

No other tools from this source yet.