AI News HubLIVE
In-site rewrite3 min read

Show HN: Zero Trust Boundary for Agents

Attestor is an open-source zero-trust execution boundary for AI agents. It performs policy checks, approval validation, and evidence review before agent execution, returning decisions such as admit, narrow, review, or block, enforced through a customer-owned gate. Suitable for payments, data access, infrastructure changes, and more.

SourceHacker News AIAuthor: Oxlamarr

Notifications You must be signed in to change notification settings

Fork 1

Star 6

BranchesTags

Open more actions menu

Folders and files

NameName

Last commit message

Last commit date

Latest commit

History

1,900 Commits

1,900 Commits

.github

.github

.well-known

.well-known

docs

docs

examples

examples

fixtures

fixtures

ops

ops

scripts

scripts

specs

specs

src

src

tests

tests

vendor/schematron/2026-CMS-QRDA-III

vendor/schematron/2026-CMS-QRDA-III

.gitattributes

.gitattributes

.gitignore

.gitignore

CONTRIBUTING.md

CONTRIBUTING.md

Dockerfile

Dockerfile

LICENSE

LICENSE

README.md

README.md

SECURITY.md

SECURITY.md

docker-compose.dr.yml

docker-compose.dr.yml

docker-compose.ha.yml

docker-compose.ha.yml

docker-compose.observability.yml

docker-compose.observability.yml

docker-compose.yml

docker-compose.yml

package-lock.json

package-lock.json

package.json

package.json

tsconfig.json

tsconfig.json

Repository files navigation

AI systems are moving from chat into tools that can touch payments, data, access, customer messages, infrastructure, and programmable money.

That is no longer a prompt-quality problem. Teams need a stop point before execution, and a record after review: who asked, what was checked, why it held or blocked, and what may run next.

Context anchors: EU AI Act, NIST AI Risk Management Framework, and DORA. These are not compliance claims.

What It Does

Attestor translates AI intent into a structured consequence, then reduces it to a decision, gate status, and proof references.

It checks policy, approval, evidence, allowed scope, freshness, replay, tenant, and token, then returns one bounded decision with reasons: admit, narrow, review, or block.

For requestable approvals, it checks that the approved task still matches the current policy and material scope context before execution.

The real service should run only through the customer-owned gate.

System metadata can show where risky actions are forming. Existing APIs, tools, jobs, telemetry, events, and gateway logs can become review material for action discovery, rule drafts, admission decisions, customer gates, and proof.

View the full consequence path map

AI agent -> proposes an operation Attestor -> admit / narrow / review / block + reasons and proof references Customer-owned gate -> calls the real service only when allowed

Without a customer-side gate, the decision is evidence, not enforcement. With that downstream point, it becomes the stop point.

Run Attestor in shadow pilot mode

Observe mode shows what actions agents would try, why they may be risky, and which policy, approval, and evidence are present. You see the risk before a real service runs.

Run Attestor in shadow pilot mode

The Same Pattern Across Operations

The same gate can sit before these operation classes:

Operation class Examples

Money Movement refunds, payouts, supplier payments, credits, adjustments

Data Movement customer exports, warehouse queries, report releases

Authority Change grants, revocations, unlocks, approvals, delegations

External Communication customer-facing, legal, billing, support, public messages

Operational Execution deploys, secret rotations, infrastructure changes, incidents

Programmable Money wallet calls, Safe transactions, account-abstraction flows, settlement intents

Current State

Package version: 0.3.0-evaluation Release tag: v0.3.0-evaluation Release stage: evaluation baseline Release type: repository baseline / multi-path local review

This baseline is for local review and integration planning. Live customer deployment and external security audit are separate proof steps.

Data Posture

Attestor is a control point, not a data lake. It needs structured request context and proof references, not raw customer data. Customer systems keep the model, agent, workflow, wallet, database, service call, and system of record.

Security and data handling

Start Here

Start light. Go deeper only when you need the detail. If you are new, follow this order: local run, shadow pilot, then customer gate.

Try Attestor first - run the smallest local refund path and see the decision trail.

Run Attestor in shadow pilot mode - observe one real action path before enforcing anything.

How to integrate Attestor - find the real side effect and place the customer-owned gate.

Repository navigator - find deeper docs for hosted, pricing, support, proof, or maintainer work.

Use boundaries: License and use and Security Policy.

About

Zero Trust Execution Boundary.

attestorportal.com

Topics

typescript

openapi

provenance

authorization

audit-log

access-control

risk-management

human-in-the-loop

policy-engine

ai-agents

runtime-security

policy-as-code

ai-governance

llm-security

agent-security

replay-protection

Resources

Readme

License

View license

Contributing

Contributing

Security policy

Security policy

Uh oh!

There was an error while loading. Please reload this page.

Activity

Stars

6 stars

Watchers

0 watching

Forks

1 fork

Report repository

Releases

5 tags

Packages 0

Uh oh!

There was an error while loading. Please reload this page.

Uh oh!

There was an error while loading. Please reload this page.

Contributors

Uh oh!

There was an error while loading. Please reload this page.

Languages

TypeScript 98.9%

JavaScript 1.1%