help
I’m building Agent Middleware API, an open-source control layer for autonomous agent actions.
The narrow goal is not “another agent framework.” It is infrastructure for the moment an agent wants to do something with a real tool:
discover -> authenticate -> authorize -> invoke -> meter -> receipt -> audit -> govern
The current repo focuses on governed MCP/tool invocation. A tool call can be scoped by a signed permit, checked against wallet/tenant authority, run through a governed adapter, idempotency-protected, metered, charged once, receipted, and written into a tamper-evident audit chain.
There is also an AWI-over-MCP proof surface for web agents: semantic web actions, progressive representations, human intervention controls, and draft action vocabulary docs. I’m treating AWI as a workload that exercises the trust plane, not as the core product.
The main proof command is:
make prove-trust-plane
It checks the full loop: discovery, signed permit issuance, valid governed MCP call, one-time wallet charge, signed receipt, audit-chain verification, replay without double charge, denied out-of-scope action, and tamper detection for receipt/audit evidence.
I’m looking for critique on the architecture, especially:
- Should the core wedge be MCP governance, signed receipts, or metering?
- Is the permit/receipt/audit model enough to be useful to security reviewers?
- What would make this credible as infrastructure rather than a demo-heavy agent backend?
This is production beta, not production complete. I’m trying to keep the claims narrow and make the trust loop falsifiable.