Skip to main content
SINT Protocol is a capability-based authorization protocol for AI agents that act in the physical or economic world. Every tool call, robot command, actuator movement, and agent-to-agent message flows through a single PolicyGateway.intercept() call that enforces permissions, constraints, and audit.

Why a protocol at all

Existing authorization layers fall short for physical AI:
  • API keys and OAuth scopes are coarse-grained, have no physics awareness, and cannot express delegation chains with attenuation.
  • Robot safety controllers operate at the hardware layer with no agent awareness and no cross-system policy.
  • MCP server permissions are per-server, with no cross-server coordination and no human-approval workflow.
  • Smart contracts have on-chain latency incompatible with real-time robot control loops.
SINT sits between an agent’s decision and its consequence, enforcing the invariants that matter: scope, physics, delegation attenuation, audit integrity, and tier-appropriate human oversight.

The four layers

Layer 1 — Observation & Audit

SHA-256 hash-chained evidence ledger. Every decision recorded with tamper evidence and optional TEE signatures.

Layer 2 — Identity & Capability

Ed25519 capability tokens with resource scope, physical constraints, time bounds, and attenuation-only delegation.

Layer 3 — Governance

Four approval tiers (T0–T3), tier escalation via Δ factors, forbidden-combination detection, M-of-N human quorum.

Layer 4 — Economic Enforcement

Budget ceilings, metering, billing codes, cost-aware routing. Economic enforcement at the policy boundary.

The single choke point

Agent ──► SINT Bridge ──► Policy Gateway ──► Allow / Deny / Escalate

                       Evidence Ledger (SHA-256 hash-chained)

                    ProofReceipt (pluggable attestation)
One intercept() call. Every bridge (MCP, ROS 2, MAVLink, OPC UA, etc.) funnels through it. No alternative path. This is Invariant I-G1: No Bypass.

Whitepaper

The formal specification — DFA, tier function, CSML, threat model, compliance mappings.

Spec

Normative protocol specification for implementers.

Tiers

T0–T3 and the Δ-factor escalation function.

Invariants

The six formal invariants the protocol holds.

CSML

The Composite Safety-Model-Ledger score and its calibration.

Bridges

The twelve transport bridges and per-resource state machines.

Compliance

IEC 62443, EU AI Act, NIST AI RMF, ISO/IEC 42001 mappings.

Threat model

STRIDE+B threat model grounded in documented physical-AI incidents.

References

SINT Protocol is designed with reference to: