Open standard · v0.3.0
agent‑actions.
One neutral wire contract between the agent that decides and the system that owns the truth. Every write goes propose → approve → commit → rollback — nothing touches your data until a human says so, and an agent can only name verbs your backend actually declares. Hallucinations can’t write.
- 01propose
- 02approve
- 03commit
- 04rollback
Quick start
Up and running in three commands. #
The CLI is the toolkit for building and verifying adapters straight from the standard. No account, key, or waitlist — install, scaffold, and watch a real propose→commit loop in the Playground.
1 · Install
2 · Explore & scaffold
Three files become yours. Everything else is generated and identical across adapters — you build the surface once, and any NIL-speaking agent works against it.
system.py
the one place I/O happens
translate.py
verb ⇄ native
compensation.py
reversibility
Proof
0.00% unauthorized writes across 4,216 evals. #
NIL is the layer between the agent and the backend, so we don’t compete on a leaderboard — we instrument one. Across 4,216 real prompt-injection attacks on two models, raw agents were hijacked into a write on up to 1 in 22 cases. Routed through NIL, unauthorized writes commit 0.00% — while every benign task still completes. The defense is structural, not model-dependent.
- 0.00%
- unauthorized writes via NIL
- 4,216
- real injection evals, 2 models
- 4.46%
- raw hijack rate, ungated
- 100%
- benign tasks still completed
See it run
A real write, gated end to end. #
Ten seconds: an agent chats to a live backend and you watch a write go propose → approve → commit → rollback in a real trace. Nothing touches the data until you say so.