Analysis updated 2026-05-18
Gate every AI agent action against a pre-issued notarial receipt so the agent cannot authorize itself.
Audit an entire agent bundle offline to verify every permitted action has a valid, unmodified receipt.
Deploy an AI agent in an air-gapped environment using a read-only USB bundle for tamper-proof permissions.
Build a Rust AI agent that fails closed: any missing permission or invalid signature stops execution.
| timelayer-os/tl-agent | abyo-software/ferro-stash | ariasbruno/glyph | |
|---|---|---|---|
| Stars | 1 | 1 | 1 |
| Language | Rust | Rust | Rust |
| Setup difficulty | hard | moderate | easy |
| Complexity | 4/5 | 4/5 | 2/5 |
| Audience | ops devops | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires Rust 1.70+ to build, issuing new receipts requires connectivity to the TimeLayer network, but verification is fully offline.
TL-Agent is a Rust library and command-line tool for controlling what an AI agent is allowed to do, with the property that the agent cannot authorize its own actions. Every permitted action must be backed by a receipt issued by an external network of independent operators. If no valid receipt exists for an action, the agent stops. This holds even if someone edits the agent's code, because the receipts cannot be created by the agent itself. In practice, you define your agent's permitted actions and the allowed order between them (called topology), then build a bundle containing a notarial receipt for each action. The bundle is a folder with policy files, a topology graph, and signed certificate files. To run a gate check before executing any step, you call the tl-agent CLI or Rust library. If the receipt is valid and the action is allowed by the topology, the result is ALLOW. Any missing receipt, invalid signature, or topology violation results in STOP. The history of what the agent did is stored as receipts that neither the agent nor the operator can change after the fact. This makes the history verifiable offline by anyone with the public key, including an auditor or regulator. The bundle format is portable. It is just a folder, so it can run from a local disk, a network share, or a read-only USB drive in an air-gapped environment. The README includes a two-mode setup for high-security deployments where the permission bundle lives on a read-only device and results go to a separate append-only device. The project requires Rust 1.70 or later to build from source. A prebuilt binary is available in the releases. Issuing new receipts requires a moment of connectivity with the TimeLayer network, verifying existing ones is fully offline. No open-source license is specified in the README.
A Rust SDK and CLI that governs AI agent actions using external notarial receipts: no valid receipt means no action, and completed actions produce tamper-evident provenance records verifiable offline.
Mainly Rust. The stack also includes Rust, CLI.
Setup difficulty is rated hard, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.