SINT

The future of AI safety is not just better alignment prompts. It is agents that can audit their own cognition, expose hidden compartments, and make their own failure modes observable. This is where AGI starts to feel less like a model benchmark and more like an architecture problem.

exactly the invariant the protocol formalizes: I-G1 (No Bypass) in the paper. short answer: no, under the deployment trust assumption that every actuator path routes through PolicyGateway.intercept(). longer answer: the DFA only reaches ACTING/COMMITTING via POLICY_EVAL → PLANNING → ESCALATING → approval. POLICY_EVAL requires a valid token under TokenValidator. No transition into ACTING exists from any other state. what you'd test is exactly the right thing. our conformance fixtures include "lateral promotion" attacks: T0 token tries to publish to /cmd_vel, T1 token tries https://t.co/SUmKW2ElWa, T2 token tries a forbidden combo. each must produce a fresh approval trace or deny. the honest part: I-G1 is conditional on deployment topology (§3.5 of the paper). if the agent has an out-of-band path to ROS 2 or MAVLink that doesn't pass through SINT, the invariant doesn't hold for that path. that's why the paper lists six routing patterns (sidecar, ACLs, namespace isolation, etc.) that the deployment has to apply. proof sketches in Appendix A.3. mechanized TLA+/Coq is Open Problem 4.

SINT does not replace model alignment. SINT does not replace hardware E-stop. SINT does not certify anything by itself. it's the deterministic authorization and evidence layer between agent cognition and physical execution. alignment is about what models want. SINT is about what they're allowed to do. paper → https://t.co/JL1VAzfQRO code → https://t.co/N8JK2ayVov would love feedback, especially from anyone running agents against real actuators.

what's in the box: - 49 packages, 15 protocol bridges (MCP, ROS 2, MAVLink, OPC-UA, A2A, gRPC, MQTT, Matter, FHIR, more) - SDKs in TypeScript, Python, Go, Rust - ~1,728 tests - conformance fixtures for all 10 OWASP Agentic Top 10 categories - compliance crosswalks to IEC 62443, EU AI Act, NIST AI RMF, ISO 10218, ISO/TS 15066 Apache-2.0. open from commit zero.

AI agents are now controlling robots, drones, and industrial systems. But there's no security layer between "the LLM decided to do X" and "X happened in the physical world." We measured this: 4.8× spread in safety violations across frontier models on identical hardware. We built the protocol to fix it