Your agent should live where your trust lives, not where your screen lives.
Concept by Mahesh Lambe.
AgentHalo is a developer-grade reference implementation of a Personal Trust Field for AI agents.
Agent actions need user-owned authority, policy, consent, minimization, delegation, and auditability across systems.
Not an app-first chatbot UX. Not a generic runtime. Not a super app.
Your agent should live where your trust lives, not where your screen lives.
HaloSurface -> AgentHalo Gateway -> HaloRuntime -> HaloVault, HaloID, HaloPolicy, HaloConsent, HaloDelegation, HaloRegistry, HaloResolver, HaloConnect, HaloAudit.
- HaloVault
- HaloID
- HaloConsent
- HaloPolicy
- HaloDelegation
- HaloRegistry
- HaloResolver
- HaloConnect
- HaloAudit
- Public Event Health Help
- Travel Rebooking
- Financial Check
Implements /health and /api/v1/* trust-field endpoints for vault, policy, consent, delegation, registry, resolution, connect, audit, and agent request.
- Full vault never leaves AgentHalo.
- Unverified services blocked.
- Revoked/expired grants fail verification.
Only scoped fields approved by consent are shared.
Consent receipts plus short-lived DelegationGrants with purpose, audience, scope, constraints, and expiry.
Service discovery and verification is based on local ServiceCards.
Append-only HaloAudit trail for intents, policy, consent, delegation, calls, and outcomes.
npm installnpm testnpm start
Includes unit and flow tests for policy, consent, delegation, registry, resolver, audit, and end-to-end trust behavior.
- Real passkeys / WebAuthn
- OIDC integration
- Verifiable credentials
- Local-first encrypted vault
- Signed ServiceCards
- Policy engine migration to OPA/Rego or Cedar
- MCP adapter
- A2A adapter
- OpenAPI adapter
- Browser automation adapter
- Edge deployment mode
- Personal cloud sync
- Multi-user support
- Portable AgentHalo account
- Revocation registry
- Trust scoring
- Governance templates for high-trust domains
Your agent should live where your trust lives, not where your screen lives.
HaloProof is AgentHalo’s signed proof system for consent, delegation, revocation, and auditability. It allows a user, developer, or service to inspect why an agent was allowed to act, what it was allowed to share, which service it called, and whether that authority is still valid.
"AgentHalo does not ask users to blindly trust agent actions. It gives every meaningful action a receipt."
This MVP uses pluggable signing interfaces and currently defaults to HMAC-SHA256 for demonstration, with Ed25519 planned.
AgentHalo is not the agent’s hands. AgentHalo is not the agent’s brain. AgentHalo is the agent’s authority layer.