{"slug": "a-typescript-prototype-admission-layer-for-agents", "title": "A TypeScript prototype admission layer for agents", "summary": "Attestor, a TypeScript prototype admission layer for AI agents, provides a customer-owned gate that checks policy, authority, scope, freshness, replay, and evidence before allowing high-risk operations such as payments, data movement, or authority changes. The system returns admit, narrow, review, or block decisions with proof references, aiming to enforce safety and compliance in AI-driven operations.", "body_md": "Badges point to repository evidence.\n\n**How Attestor connects to existing systems**\n\n**Control infrastructure for high-risk AI-driven operations.**\n\nAttestor sits between an AI-prepared operation and the system that would execute it. Prompts can guide behavior, but they cannot enforce it or stop an unsafe, unauthorized, or out-of-scope service call.\n\nUnsafe requests can come from hallucination, stale context, poisoned tool output,\nreplay, missing approval, or hostile content. Before anything runs, Attestor checks\npolicy, authority, scope, freshness, replay, and evidence, then returns `admit`\n\n,\n`narrow`\n\n, `review`\n\n, or `block`\n\n.\n\nThe customer-owned gate decides before execution. The trail records what was proposed, what was checked, and why it was held or allowed.\n\nAI systems are moving from chat into tools that can touch payments, data, access, customer messages, infrastructure, and programmable money.\n\nThat is no longer a prompt-quality problem. Teams need a stop point before execution, and a record after review: who asked, what was checked, why it held or blocked, and what may run next.\n\nContext anchors: [EU AI Act](https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai), [NIST AI Risk Management Framework](https://www.nist.gov/itl/ai-risk-management-framework), and [DORA](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554). These are not compliance claims.\n\nAttestor translates AI intent into a structured consequence, then reduces it to a decision, gate status, and proof references.\n\nIt checks policy, approval, evidence, allowed scope, freshness, replay, tenant,\nand token, then returns one bounded decision with reasons: `admit`\n\n, `narrow`\n\n,\n`review`\n\n, or `block`\n\n.\n\nFor requestable approvals, it checks that the approved task still matches the current policy and material scope context before execution.\n\nThe real service should run only through the customer-owned gate.\n\nSystem metadata can show where risky actions are forming. Existing APIs, tools, jobs, telemetry, events, and gateway logs can become review material for action discovery, rule drafts, admission decisions, customer gates, and proof.\n\n[View the full consequence path map](/AI-gateway-systems/attestor/blob/master/docs/02-architecture/attestor-internal-machine-map.md)\n\n``` php\nAI agent\n  -> proposes an operation\nAttestor\n  -> admit / narrow / review / block + reasons and proof references\nCustomer-owned gate\n  -> calls the real service only when allowed\n```\n\nWithout a customer-side gate, the decision is evidence, not enforcement. With\nthat [downstream point](/AI-gateway-systems/attestor/blob/master/docs/02-architecture/downstream-enforcement-contract.md),\nit becomes the stop point.\n\nObserve mode shows what actions agents would try, why they may be risky, and which policy, approval, and evidence are present. You see the risk before a real service runs.\n\n[Run Attestor in shadow pilot mode](/AI-gateway-systems/attestor/blob/master/docs/01-overview/shadow-event-payload-examples.md)\n\nThe same gate can sit before these operation classes:\n\n| Operation class | Examples |\n|---|---|\n| Money Movement | refunds, payouts, supplier payments, credits, adjustments |\n| Data Movement | customer exports, warehouse queries, report releases |\n| Authority Change | grants, revocations, unlocks, approvals, delegations |\n| External Communication | customer-facing, legal, billing, support, public messages |\n| Operational Execution | deploys, secret rotations, infrastructure changes, incidents |\n| Programmable Money | wallet calls, Safe transactions, account-abstraction flows, settlement intents |\n\n```\nPackage version: 0.3.0-evaluation\nRelease tag:     v0.3.0-evaluation\nRelease stage:   evaluation baseline\nRelease type:    repository baseline / multi-path local review\n```\n\nThis baseline is for local review and integration planning. Live customer deployment and external security audit are separate proof steps.\n\nAttestor is a control point, not a data lake. It needs structured request context and proof references, not raw customer data. Customer systems keep the model, agent, workflow, wallet, database, service call, and system of record.\n\nStart light. Go deeper only when you need the detail.\nIf you are new, follow this order: [local run](/AI-gateway-systems/attestor/blob/master/docs/01-overview/try-attestor-first.md), [shadow pilot](/AI-gateway-systems/attestor/blob/master/docs/01-overview/shadow-event-payload-examples.md), then [customer gate](/AI-gateway-systems/attestor/blob/master/docs/01-overview/customer-admission-gate.md).\n\n[Try Attestor first](/AI-gateway-systems/attestor/blob/master/docs/01-overview/try-attestor-first.md)- run the smallest local refund path and see the decision trail.[Run Attestor in shadow pilot mode](/AI-gateway-systems/attestor/blob/master/docs/01-overview/shadow-event-payload-examples.md)- observe one real action path before enforcing anything.[How to integrate Attestor](/AI-gateway-systems/attestor/blob/master/docs/01-overview/how-to-integrate-attestor.md)- find the real side effect and place the customer-owned gate.[Repository navigator](/AI-gateway-systems/attestor/blob/master/docs/01-overview/repository-navigator.md)- find deeper docs for hosted, pricing, support, proof, or maintainer work.\n\nUse boundaries: [License and use](/AI-gateway-systems/attestor/blob/master/docs/01-overview/license-and-use.md) and [Security Policy](/AI-gateway-systems/attestor/blob/master/SECURITY.md).", "url": "https://wpnews.pro/news/a-typescript-prototype-admission-layer-for-agents", "canonical_source": "https://github.com/AI-gateway-systems/attestor", "published_at": "2026-06-21 04:06:08+00:00", "updated_at": "2026-06-21 04:37:15.002591+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "ai-policy", "ai-infrastructure"], "entities": ["Attestor", "EU AI Act", "NIST AI Risk Management Framework", "DORA"], "alternates": {"html": "https://wpnews.pro/news/a-typescript-prototype-admission-layer-for-agents", "markdown": "https://wpnews.pro/news/a-typescript-prototype-admission-layer-for-agents.md", "text": "https://wpnews.pro/news/a-typescript-prototype-admission-layer-for-agents.txt", "jsonld": "https://wpnews.pro/news/a-typescript-prototype-admission-layer-for-agents.jsonld"}}