Skip to main content
SINT Protocol is a capability-based authorization protocol for AI agents that act in the physical or economic world. Every tool call, robot command, actuator movement, and agent-to-agent message flows through a single PolicyGateway.intercept() call that enforces permissions, constraints, and audit.

Why a protocol at all

Existing authorization layers fall short for physical AI:
  • API keys and OAuth scopes are coarse-grained, have no physics awareness, and cannot express delegation chains with attenuation.
  • Robot safety controllers operate at the hardware layer with no agent awareness and no cross-system policy.
  • MCP server permissions are per-server, with no cross-server coordination and no human-approval workflow.
  • Smart contracts have on-chain latency incompatible with real-time robot control loops.
SINT sits between an agent’s decision and its consequence, enforcing the invariants that matter: scope, physics, delegation attenuation, audit integrity, and tier-appropriate human oversight.

The four layers

Layer 1 — Observation & Audit

SHA-256 hash-chained evidence ledger. Every decision recorded with tamper evidence and optional TEE signatures.

Layer 2 — Identity & Capability

Ed25519 capability tokens with resource scope, physical constraints, time bounds, and attenuation-only delegation.

Layer 3 — Governance

Four approval tiers (T0–T3), tier escalation via Δ factors, forbidden-combination detection, M-of-N human quorum.

Layer 4 — Economic Enforcement

Budget ceilings, metering, billing codes, cost-aware routing. Economic enforcement at the policy boundary.

The single choke point

One intercept() call. Every bridge (MCP, ROS 2, MAVLink, OPC UA, etc.) funnels through it. No alternative path. This is Invariant I-G1: No Bypass.

Whitepaper

The formal specification — DFA, tier function, CSML, threat model, compliance mappings.

Spec

Normative protocol specification for implementers.

Tiers

T0–T3 and the Δ-factor escalation function.

Invariants

The six formal invariants the protocol holds.

CSML

The Composite Safety-Model-Ledger score and its calibration.

Bridges

The twelve transport bridges and per-resource state machines.

Compliance

IEC 62443, EU AI Act, NIST AI RMF, ISO/IEC 42001 mappings.

Threat model

STRIDE+B threat model grounded in documented physical-AI incidents.

References

SINT Protocol is designed with reference to: