> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sint.gg/llms.txt
> Use this file to discover all available pages before exploring further.

# Protocol overview

> SINT Protocol is the open-source governance standard for autonomous systems. Capability tokens, policy gateway, evidence ledger, twelve bridges.

SINT Protocol is a **capability-based authorization protocol** for AI agents that act in the physical or economic world. Every tool call, robot command, actuator movement, and agent-to-agent message flows through a single `PolicyGateway.intercept()` call that enforces permissions, constraints, and audit.

## Why a protocol at all

Existing authorization layers fall short for physical AI:

* **API keys and OAuth scopes** are coarse-grained, have no physics awareness, and cannot express delegation chains with attenuation.
* **Robot safety controllers** operate at the hardware layer with no agent awareness and no cross-system policy.
* **MCP server permissions** are per-server, with no cross-server coordination and no human-approval workflow.
* **Smart contracts** have on-chain latency incompatible with real-time robot control loops.

SINT sits between an agent's decision and its consequence, enforcing the invariants that matter: scope, physics, delegation attenuation, audit integrity, and tier-appropriate human oversight.

## The four layers

<CardGroup cols={2}>
  <Card title="Layer 1 — Observation & Audit" icon="file-lines">
    SHA-256 hash-chained evidence ledger. Every decision recorded with tamper evidence and optional TEE signatures.
  </Card>

  <Card title="Layer 2 — Identity & Capability" icon="key">
    Ed25519 capability tokens with resource scope, physical constraints, time bounds, and attenuation-only delegation.
  </Card>

  <Card title="Layer 3 — Governance" icon="gavel">
    Four approval tiers (T0–T3), tier escalation via Δ factors, forbidden-combination detection, M-of-N human quorum.
  </Card>

  <Card title="Layer 4 — Economic Enforcement" icon="dollar-sign">
    Budget ceilings, metering, billing codes, cost-aware routing. Economic enforcement at the policy boundary.
  </Card>
</CardGroup>

## The single choke point

```
Agent ──► SINT Bridge ──► Policy Gateway ──► Allow / Deny / Escalate
                               │
                       Evidence Ledger (SHA-256 hash-chained)
                               │
                    ProofReceipt (pluggable attestation)
```

One `intercept()` call. Every bridge (MCP, ROS 2, MAVLink, OPC UA, etc.) funnels through it. No alternative path. This is [Invariant I-G1: No Bypass](/protocol/invariants).

## Read next

<CardGroup cols={2}>
  <Card title="Whitepaper" icon="file-lines" href="/protocol/whitepaper">
    The formal specification — DFA, tier function, CSML, threat model, compliance mappings.
  </Card>

  <Card title="Spec" icon="book" href="/protocol/spec">
    Normative protocol specification for implementers.
  </Card>

  <Card title="Tiers" icon="layer-group" href="/protocol/tiers">
    T0–T3 and the Δ-factor escalation function.
  </Card>

  <Card title="Invariants" icon="shield-check" href="/protocol/invariants">
    The six formal invariants the protocol holds.
  </Card>

  <Card title="CSML" icon="chart-line" href="/protocol/csml">
    The Composite Safety-Model-Ledger score and its calibration.
  </Card>

  <Card title="Bridges" icon="network-wired" href="/protocol/bridges">
    The twelve transport bridges and per-resource state machines.
  </Card>

  <Card title="Compliance" icon="clipboard-check" href="/protocol/compliance">
    IEC 62443, EU AI Act, NIST AI RMF, ISO/IEC 42001 mappings.
  </Card>

  <Card title="Threat model" icon="skull" href="/protocol/threat-model">
    STRIDE+B threat model grounded in documented physical-AI incidents.
  </Card>
</CardGroup>

## References

SINT Protocol is designed with reference to:

* **ROSClaw** ([arXiv:2603.26997](https://arxiv.org/abs/2603.26997), IROS 2026) — empirical cross-model safety analysis
* **MCP security analysis** ([arXiv:2601.17549](https://arxiv.org/abs/2601.17549)) — architectural vulnerabilities
* **SROS 2** ([arXiv:2208.02615](https://arxiv.org/abs/2208.02615)) — Mayoral-Vilches et al., IROS 2022
* **IEC PAS 62443-1-6:2025** — Industrial IoT security extension
* **EU AI Act** — [Article 13 transparency](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-13), [Article 14 human oversight](https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-14)
* **NIST AI RMF** — [AI Risk Management Framework 1.0](https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf)
* **W3C DID Core 1.0** — [Decentralized Identifiers specification](https://www.w3.org/TR/did-core/)
* **OWASP Top 10** — [Agentic Applications 2026](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/)
