Your agents make tool calls you can't see, can't control, and can't prove. Two lines of Python fixes that.
23 patterns catch injection, PII, credentials, encoding evasion.
Per-agent, per-action permissions with delegation and narrowing.
Circuit breaker kills runaway agents before they do damage.
Sensitive actions block until a human approves.
Ed25519 + SHA-256 hash chain on every allow and deny.
Export evidence, verify with openssl alone, no vendor.
No platform. No sidecar. No policy language. Two dependencies, works offline, lives in your code.
Compliance mapping: SOC 2 · HIPAA · EU AI Act · AIUC-1 — details in COMPLIANCE.md
2026-02-15 03:42:17 INFO Tool called: delete_user
2026-02-15 03:42:17 INFO Args: {"user_id": "usr_8291"}
2026-02-15 03:42:18 INFO Result: success
// No proof of what happened
// No verification possible
// "The logs say it worked"
{
"receipt_id": "7d92b1a4",
"agent": "sre-bot",
"action": "delete_database",
"args": {"target": "production"},
"decision": "BLOCKED",
"reason": "destructive action not in scope: ops-readonly",
"checks": {
"classification": "DANGER",
"scope": "FAIL",
"injection": "pass"
},
"signature": "Ed25519:a3f9...",
"timestamp_rfc3161": "2026-02-15T03:42:17Z",
"prev_hash": "a1f3c8e2..."
}
$ bash VERIFY.sh receipt.json
Ed25519 signature: ✓ verified
RFC 3161 timestamp: ✓ verified
Hash chain: ✓ intact
VERIFIED — OpenSSL only, no vendor required
I'll run AgentMint against your agents this week. You get a working enforcement layer and compliance evidence your auditor can verify independently. You keep everything — the code is MIT, the receipts never expire. If it's useful, we talk about production. If not, we part ways.
Production integration: 2-3 weeks. You own everything when I leave.
Aniketh Maddipati
Engineering Manager at Capital One. Built the ML fraud inference layer protecting 100M+ customers at 10k+ TPS. Led API security for third-party integrations across the enterprise. Now building runtime enforcement for AI agents.
NYC, down to grab coffee.