<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: arian gogani</title>
    <description>The latest articles on DEV Community by arian gogani (@arian_gogani1).</description>
    <link>https://dev.to/arian_gogani1</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3875346%2F654e2fbe-d9d1-4493-aa00-a9dfda4be397.png</url>
      <title>DEV Community: arian gogani</title>
      <link>https://dev.to/arian_gogani1</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/arian_gogani1"/>
    <language>en</language>
    <item>
      <title>your AI agent's audit trail is a lie</title>
      <dc:creator>arian gogani</dc:creator>
      <pubDate>Sun, 28 Jun 2026 23:42:41 +0000</pubDate>
      <link>https://dev.to/arian_gogani1/your-ai-agents-audit-trail-is-a-lie-5ki</link>
      <guid>https://dev.to/arian_gogani1/your-ai-agents-audit-trail-is-a-lie-5ki</guid>
      <description>&lt;p&gt;every agent framework ships logging. LangChain has callbacks. CrewAI has task output. Google ADK has tool traces.&lt;/p&gt;

&lt;p&gt;none of it is verifiable.&lt;/p&gt;

&lt;h2&gt;
  
  
  the problem nobody talks about
&lt;/h2&gt;

&lt;p&gt;an application log is a file the operator controls. the same party who ran the agent controls the record of what the agent did.&lt;/p&gt;

&lt;p&gt;an auditor reviewing that log is not verifying evidence. they are trusting the operator to tell the truth about their own behavior.&lt;/p&gt;

&lt;p&gt;this is not a hypothetical. the average AI agent-related data breach now costs $4.7 million. 88% of enterprises running agents reported at least one security incident.&lt;/p&gt;

&lt;p&gt;the governance tools shipped at RSAC 2026 solve policy: what agents SHOULD do. they do not solve evidence: what agents DID do.&lt;/p&gt;

&lt;p&gt;policy and evidence are different records. the second one needs cryptography, not configuration.&lt;/p&gt;

&lt;h2&gt;
  
  
  what a real receipt looks like
&lt;/h2&gt;

&lt;p&gt;a receipt is not a log entry. it is a signed, content-addressed record that anyone can verify without trusting the operator.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;nobulex.integrations.langchain&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;NobulexAuditHandler&lt;/span&gt;

&lt;span class="n"&gt;handler&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nc"&gt;NobulexAuditHandler&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;agent_id&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;my-agent&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="n"&gt;agent&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;invoke&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;input&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;check credit for user 4821&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;
             &lt;span class="n"&gt;config&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;callbacks&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="n"&gt;handler&lt;/span&gt;&lt;span class="p"&gt;]})&lt;/span&gt;
&lt;span class="n"&gt;handler&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;export&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;audit.json&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;what this produces per tool call:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;code&gt;action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))&lt;/code&gt; using RFC 8785 for deterministic serialization&lt;/li&gt;
&lt;li&gt;Ed25519 or ES256 signature over the canonical payload&lt;/li&gt;
&lt;li&gt;hash chain linking each receipt to the previous one&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;any third party can verify the trail:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;nobulex.chain&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;verify_audit_trail&lt;/span&gt;

&lt;span class="n"&gt;report&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;verify_audit_trail&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;audit.json&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;authorized_keys&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;AGENT_PUBLIC_KEY&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
&lt;span class="k"&gt;assert&lt;/span&gt; &lt;span class="n"&gt;report&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;chain_intact&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt; &lt;span class="ow"&gt;and&lt;/span&gt; &lt;span class="n"&gt;report&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;authenticated&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;the verifier recomputes the action_ref from the receipt fields, checks the signature against the agent's registered key (not the key the receipt itself carries), and walks the hash chain. no API call. no operator trust. offline verification.&lt;/p&gt;

&lt;h2&gt;
  
  
  the trust-anchor problem
&lt;/h2&gt;

&lt;p&gt;most audit-trail tools verify the signature against the public key embedded in the record. that means anyone who mints a keypair can produce a valid-looking trail.&lt;/p&gt;

&lt;p&gt;the fix: verify against a pinned authorized key. the agent's public key is registered at setup time. the verifier checks the receipt's signature against that pinned key, not the one the document carries.&lt;/p&gt;

&lt;p&gt;this is the difference between "the record is internally consistent" and "the record was produced by an authorized agent."&lt;/p&gt;

&lt;h2&gt;
  
  
  what ships today
&lt;/h2&gt;

&lt;p&gt;integrations for LangChain, CrewAI, Google ADK, PydanticAI, Haystack, and LlamaIndex. six major agent frameworks covered. dual signing: Ed25519 (default) or ES256 (for x402 payment protocol compatibility).&lt;/p&gt;

&lt;p&gt;~15,000 signed receipts per second (Ed25519) or ~60,000/sec (ES256) at p50. sub-millisecond per agent action.&lt;/p&gt;

&lt;p&gt;sections 8-11 of the OWASP Agentic Security CheatSheet cover the bilateral receipt pattern (merged by Jim Manico). nobulex is cited as the third independent receipt issuer in the x402 payment protocol spec (section 5, Linux Foundation). 14/14 conformance verdicts green.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;pip &lt;span class="nb"&gt;install &lt;/span&gt;nobulex
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;repo: &lt;a href="https://github.com/arian-gogani/nobulex" rel="noopener noreferrer"&gt;github.com/arian-gogani/nobulex&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
    </item>
    <item>
      <title>What happens when AI agents have something to lose</title>
      <dc:creator>arian gogani</dc:creator>
      <pubDate>Sun, 17 May 2026 23:10:17 +0000</pubDate>
      <link>https://dev.to/arian_gogani1/what-happens-when-ai-agents-have-something-to-lose-56k6</link>
      <guid>https://dev.to/arian_gogani1/what-happens-when-ai-agents-have-something-to-lose-56k6</guid>
      <description>&lt;p&gt;Every person has a credit score. Every business has one. AI agents making real decisions -- executing trades, accessing data, managing infrastructure -- have nothing.&lt;/p&gt;

&lt;p&gt;Full access on day one. No track record. No portable reputation. No consequences.&lt;/p&gt;

&lt;p&gt;The result is predictable: Akeyless reports 2/3 of enterprises suspect their agents already accessed unauthorized data. 14-hour average detection time. EU AI Act Article 12 enforcement starts August 2026.&lt;/p&gt;

&lt;h2&gt;
  
  
  The problem isn't capability. It's accountability.
&lt;/h2&gt;

&lt;p&gt;Standard logs are mutable. Dashboards are internal. No third party can independently verify that an agent stayed in scope. For regulated deployments, this is a blocker.&lt;/p&gt;

&lt;h2&gt;
  
  
  What we built
&lt;/h2&gt;

&lt;p&gt;&lt;a href="https://github.com/arian-gogani/nobulex" rel="noopener noreferrer"&gt;Nobulex&lt;/a&gt; produces bilateral Ed25519 cryptographic receipts for every agent action:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Pre-execution&lt;/strong&gt;: agent signs what it's authorized to do&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Agent executes&lt;/strong&gt;&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Post-execution&lt;/strong&gt;: counterparty co-signs what actually happened&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Hash-chained&lt;/strong&gt; so if any entry is modified, the chain breaks&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;A third party can verify the full chain without trusting the agent or the operator.&lt;/p&gt;

&lt;h2&gt;
  
  
  Trust Capital: the score that earns access
&lt;/h2&gt;

&lt;p&gt;The receipts accumulate into Trust Capital -- a credit score for the agent. This isn't compliance. Trust Capital measures how much value an agent has provably created relative to the risk it represents.&lt;/p&gt;

&lt;p&gt;High Trust Capital unlocks: higher transaction limits, regulated market access, lower insurance premiums, more autonomy. Agents that deviate get sandboxed. Not as punishment. As math.&lt;/p&gt;

&lt;h2&gt;
  
  
  The flywheel
&lt;/h2&gt;

&lt;p&gt;More Trust Capital → more valuable work → more receipts → higher Trust Capital. Accountability becomes the most profitable strategy, not because anyone mandated it, but because the economics demand it.&lt;/p&gt;

&lt;h2&gt;
  
  
  Traction
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;Microsoft merged the receipt primitive into their Agent Governance Toolkit&lt;/li&gt;
&lt;li&gt;10 independent implementations cross-validated byte-identical output&lt;/li&gt;
&lt;li&gt;Discussions on OpenAI, Stripe, CrewAI, LlamaIndex, Google ADK, AutoGen repos&lt;/li&gt;
&lt;li&gt;MIT licensed, open source&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Repo&lt;/strong&gt;: &lt;a href="https://github.com/arian-gogani/nobulex" rel="noopener noreferrer"&gt;github.com/arian-gogani/nobulex&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;What am I missing? Would love feedback from the dev community.&lt;/p&gt;

</description>
      <category>aisecurityopensource</category>
    </item>
    <item>
      <title>I'm 15 and I built credit scores for AI agents</title>
      <dc:creator>arian gogani</dc:creator>
      <pubDate>Wed, 13 May 2026 06:11:36 +0000</pubDate>
      <link>https://dev.to/arian_gogani1/im-15-and-i-built-credit-scores-for-ai-agents-lp5</link>
      <guid>https://dev.to/arian_gogani1/im-15-and-i-built-credit-scores-for-ai-agents-lp5</guid>
      <description>&lt;p&gt;Here's something that's been bugging me.&lt;/p&gt;

&lt;p&gt;AI agents are about to handle real money. Insurance claims. Mortgage applications. Customer refunds. Sierra just raised $950M because 40% of the Fortune 50 are already using agents for this stuff. And the Vercel supply chain breach in April happened because an AI agent had OAuth access with zero per-action verification.&lt;/p&gt;

&lt;p&gt;But here's the thing. Every single one of these agents gets full access on day one. No track record. No history. No consequences if they screw up. Just... full permissions from the start.&lt;/p&gt;

&lt;p&gt;Think about how insane that is. When you apply for a credit card, the bank checks your history. When you get car insurance, they look at your driving record. When you get hired, they call your references. But AI agents? They get the keys to the kingdom immediately.&lt;/p&gt;

&lt;p&gt;So I built credit scores for AI agents.&lt;/p&gt;

&lt;h2&gt;
  
  
  How it works
&lt;/h2&gt;

&lt;p&gt;The idea is called Trust Capital. Every agent starts restricted. It can read data but it can't approve transactions or sign contracts. As it performs reliably over time, it earns credit. That credit unlocks more capabilities. Bigger transaction limits. Lower insurance premiums. Enterprise approval. Better routing in agent marketplaces.&lt;/p&gt;

&lt;p&gt;If the agent deviates from what it was authorized to do, it loses credit. Automatically. Before the damage spreads.&lt;/p&gt;

&lt;p&gt;The same way credit scores turned lending from a "do I know this person" business into a scalable economic system, Trust Capital turns agent governance from a binary yes/no access model into one where reputation has real economic value.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why the credit matters more than the security
&lt;/h2&gt;

&lt;p&gt;Most tools in this space are guardrails. They block bad actions. That's important but it's a cost center. Nobody wants to pay for security. They pay for it because they have to.&lt;/p&gt;

&lt;p&gt;Trust Capital is different because good credit saves real money. An agent with high Trust Capital gets lower insurance premiums (the same way a clean driving record gets you cheaper car insurance). It gets higher transaction limits. It gets approved for enterprise deployments faster. The credit itself has economic value.&lt;/p&gt;

&lt;p&gt;That's why this isn't just another security tool. It's an economic primitive.&lt;/p&gt;

&lt;h2&gt;
  
  
  What's under the hood
&lt;/h2&gt;

&lt;p&gt;Every agent action produces two cryptographic signatures. One before execution (binding what was authorized). One after (binding what actually happened). These get hash-chained together so the full history is tamper-evident.&lt;/p&gt;

&lt;p&gt;Any third party can verify the chain without trusting the agent or its operator. The credit score decomposes into the exact behavioral history that produced it. It's not a black box.&lt;/p&gt;

&lt;p&gt;Five independent implementations have cross-validated byte-identical output across TypeScript and Python. Microsoft merged the core primitive into their Agent Governance Toolkit. OpenLineage (Linux Foundation) accepted it into their ecosystem. The AAIF (founded by Anthropic, OpenAI, Google, Microsoft, AWS, and Block) has the project under staff review.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try it
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm &lt;span class="nb"&gt;install&lt;/span&gt; @nobulex/core
npx tsx examples/trust-capital-demo.ts
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The demo shows an agent earning credit through verified behavior. It starts restricted, performs a few clean actions, and you can watch its Trust Capital grow and unlock higher capability tiers.&lt;/p&gt;

&lt;p&gt;GitHub: &lt;a href="https://github.com/arian-gogani/nobulex" rel="noopener noreferrer"&gt;github.com/arian-gogani/nobulex&lt;/a&gt;&lt;br&gt;
Website: &lt;a href="https://nobulex.com" rel="noopener noreferrer"&gt;nobulex.com&lt;/a&gt;&lt;br&gt;
Blog post with the full explanation: &lt;a href="https://nobulex.com/blog-ai-agents-need-credit-scores" rel="noopener noreferrer"&gt;What if AI agents had credit?&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;MIT licensed. Open source. If the idea clicks, star the repo and try the demo. If it doesn't, tell me why in the comments. I want to know what I'm missing.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>opensource</category>
      <category>security</category>
      <category>webdev</category>
    </item>
    <item>
      <title>Proof-of-Behavior: The Missing Trust Layer for AI Agents</title>
      <dc:creator>arian gogani</dc:creator>
      <pubDate>Sun, 12 Apr 2026 19:00:57 +0000</pubDate>
      <link>https://dev.to/arian_gogani1/proof-of-behavior-the-missing-trust-layer-for-ai-agents-1db1</link>
      <guid>https://dev.to/arian_gogani1/proof-of-behavior-the-missing-trust-layer-for-ai-agents-1db1</guid>
      <description>&lt;p&gt;AI agents are moving money, signing contracts, and managing infrastructure. MCP handles tool connections. A2A handles agent-to-agent messaging. But nobody handles the most important question: &lt;strong&gt;can you prove what the agent actually did?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Right now, compliance is self-reported. Logs are written by the same software being audited. That's like asking a defendant to write their own court transcript.&lt;/p&gt;

&lt;h2&gt;
  
  
  What Is Proof-of-Behavior?
&lt;/h2&gt;

&lt;p&gt;Proof-of-behavior means every agent action is &lt;strong&gt;declared&lt;/strong&gt; in advance, &lt;strong&gt;enforced&lt;/strong&gt; at runtime, and &lt;strong&gt;proven&lt;/strong&gt; cryptographically.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;1. A constraint language&lt;/strong&gt; — Define what an agent can and cannot do:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;covenant SafeTrader {
  permit read;
  permit transfer (amount &amp;lt;= 500);
  forbid transfer (amount &amp;gt; 500);
  forbid delete;
}
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Three keywords. No YAML. No JSON schemas. Just rules.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;2. Runtime enforcement&lt;/strong&gt; — Every action is evaluated before execution. Forbidden actions are blocked, not logged-and-reported:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight typescript"&gt;&lt;code&gt;&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;mw&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nc"&gt;EnforcementMiddleware&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt; &lt;span class="na"&gt;agentDid&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;agent&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;did&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;spec&lt;/span&gt; &lt;span class="p"&gt;});&lt;/span&gt;

&lt;span class="c1"&gt;// $300 transfer — allowed&lt;/span&gt;
&lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nx"&gt;mw&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;execute&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt; &lt;span class="na"&gt;action&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="s1"&gt;transfer&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="na"&gt;params&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="na"&gt;amount&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;300&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="p"&gt;},&lt;/span&gt; &lt;span class="nx"&gt;handler&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;

&lt;span class="c1"&gt;// $600 transfer — BLOCKED before execution&lt;/span&gt;
&lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nx"&gt;mw&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;execute&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt; &lt;span class="na"&gt;action&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="s1"&gt;transfer&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="na"&gt;params&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="na"&gt;amount&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;600&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="p"&gt;},&lt;/span&gt; &lt;span class="nx"&gt;handler&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;span class="c1"&gt;// handler never runs&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;3. Cryptographic proof&lt;/strong&gt; — Every decision is logged in a SHA-256 hash chain. Tamper with one entry and the chain breaks:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight typescript"&gt;&lt;code&gt;&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;result&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nf"&gt;verify&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;spec&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;mw&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;getLog&lt;/span&gt;&lt;span class="p"&gt;());&lt;/span&gt;
&lt;span class="c1"&gt;// { compliant: true, violations: [] }&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Always decidable, always deterministic. No ML, no heuristics.&lt;/p&gt;

&lt;h2&gt;
  
  
  The Cross-Agent Handshake
&lt;/h2&gt;

&lt;p&gt;Before two agents transact, they verify each other's proof-of-behavior:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight typescript"&gt;&lt;code&gt;&lt;span class="k"&gt;import&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;generateProof&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;verifyCounterparty&lt;/span&gt; &lt;span class="p"&gt;}&lt;/span&gt; &lt;span class="k"&gt;from&lt;/span&gt; &lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="s1"&gt;@nobulex/sdk&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;

&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;proof&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nf"&gt;generateProof&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt;
  &lt;span class="na"&gt;identity&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;agentA&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="na"&gt;covenant&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;spec&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
  &lt;span class="na"&gt;actionLog&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nx"&gt;middleware&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;getLog&lt;/span&gt;&lt;span class="p"&gt;(),&lt;/span&gt;
&lt;span class="p"&gt;});&lt;/span&gt;

&lt;span class="kd"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;result&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nf"&gt;verifyCounterparty&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;proof&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;

&lt;span class="k"&gt;if &lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="o"&gt;!&lt;/span&gt;&lt;span class="nx"&gt;result&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;trusted&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
  &lt;span class="nx"&gt;console&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;log&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="s1"&gt;Refusing transaction:&lt;/span&gt;&lt;span class="dl"&gt;'&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;result&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;reason&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
  &lt;span class="k"&gt;return&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;span class="p"&gt;}&lt;/span&gt;

&lt;span class="k"&gt;await&lt;/span&gt; &lt;span class="nf"&gt;executeTransaction&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nx"&gt;proof&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;agentDid&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nx"&gt;amount&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;No proof, no transaction.&lt;/strong&gt; The moment one major framework adopts this handshake, every agent without proof-of-behavior gets locked out.&lt;/p&gt;

&lt;h2&gt;
  
  
  Try It Right Now
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Interactive playground (no install):&lt;/strong&gt; &lt;a href="https://nobulex.com/playground" rel="noopener noreferrer"&gt;nobulex.com/playground&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Define rules, test actions, watch the hash chain build — all in your browser.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Install the SDK:&lt;/strong&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;npm &lt;span class="nb"&gt;install&lt;/span&gt; @nobulex/sdk
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  The Specification
&lt;/h2&gt;

&lt;p&gt;The &lt;a href="https://github.com/arian-gogani/nobulex/blob/main/docs/proof-of-behavior-spec.md" rel="noopener noreferrer"&gt;Proof-of-Behavior Specification v0.1.0&lt;/a&gt; is published as an open standard under CC-BY-4.0. Anyone can implement it.&lt;/p&gt;

&lt;p&gt;Nobulex is the reference implementation. MIT licensed, 4,244 tests, integrations on npm, PyPI, and MCP.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why Now?
&lt;/h2&gt;

&lt;p&gt;The EU AI Act mandates tamper-evident logging for high-risk AI systems starting &lt;strong&gt;August 2, 2026&lt;/strong&gt;. $42M+ has been raised by adjacent startups. Microsoft released an agent governance toolkit. But none provide cryptographic proof that a third party can independently verify. They monitor and report. Proof-of-behavior enforces and proves.&lt;/p&gt;

&lt;h2&gt;
  
  
  Links
&lt;/h2&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;GitHub:&lt;/strong&gt; &lt;a href="https://github.com/arian-gogani/nobulex" rel="noopener noreferrer"&gt;github.com/arian-gogani/nobulex&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Playground:&lt;/strong&gt; &lt;a href="https://nobulex.com/playground" rel="noopener noreferrer"&gt;nobulex.com/playground&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Spec:&lt;/strong&gt; &lt;a href="https://github.com/arian-gogani/nobulex/blob/main/docs/proof-of-behavior-spec.md" rel="noopener noreferrer"&gt;Proof-of-Behavior Specification v0.1.0&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;npm:&lt;/strong&gt; @nobulex/sdk&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;PyPI:&lt;/strong&gt; langchain-nobulex&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;I'm 15 and built this solo with Claude Code. Feedback welcome — especially on the constraint language design and the handshake protocol.&lt;/p&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>opensource</category>
      <category>webdev</category>
    </item>
  </channel>
</rss>
