# AgentMint
> Runtime enforcement and cryptographic notarization for AI agent tool calls.

## What it does
- Intercepts every AI agent tool call before execution
- Enforces scoped permissions, rate limits, injection scanning, human checkpoints
- Produces Ed25519-signed, SHA-256 hash-chained receipts
- Receipts verifiable with openssl alone — no vendor, no account, no network

## Technical details
- Python library: `pip install agentmint`
- 184 tests, 2 dependencies, MIT licensed, works offline
- Supports MCP (Model Context Protocol), CrewAI, raw API calls
- PII scanning: SSN, email, phone, credit card (23 patterns)
- Compliance: SOC 2 CC6/CC7/CC8, HIPAA §164.312, EU AI Act Art 12, NIST AI RMF

## Six Enforcement Layers
1. **Scan** — prompt injection detection, PII scanning, credential detection (23 regex patterns)
2. **Scope** — per-agent permissions with glob-pattern matching, delegation inheritance
3. **Rate limit** — circuit breaker for runaway agents
4. **Checkpoint** — human approval gate for sensitive action categories
5. **Sign** — Ed25519 signature + SHA-256 hash chain on every receipt
6. **Prove** — verify with `openssl` only, VERIFY.sh script included

## Receipt Fields
- id, plan_id, agent, action, in_policy, policy_reason
- signature (Ed25519), previous_receipt_hash (SHA-256 chain)
- evidence_hash (SHA-512), output_hash, reasoning_hash
- key_id, original_approver, policy_hash
- session_id, session_trajectory
- timestamp_rfc3161 (RFC 3161 third-party timestamp authority)

## Compliance Mappings
- SOC 2: CC6.1, CC7.2, CC8.1, PI1.1
- HIPAA: §164.312(a)(1), §164.312(b), §164.312(c)(1), §164.312(d), §164.312(e)(1)
- EU AI Act: Article 12.1–12.4
- NIST AI RMF: MAP 1.1, MEASURE 2.3, MANAGE 3.1, GOVERN 1.1

## Links
- Website: https://agentmint.run
- GitHub: https://github.com/aniketh-maddipati/agentmint-python
- One-pager: https://agentmint.run/onepager
- Compliance mapping: https://github.com/aniketh-maddipati/agentmint-python/blob/main/COMPLIANCE.md

## Author
Aniketh Maddipati — Ex-Capital One. Led API security controls + built the 1st risk inference layer to protect 100+ million customers from identity theft. Now building Agent trust. NYC.