{"slug": "show-hn-nilscript-openapi-for-agent-actions-so-hallucinations-can-t-write", "title": "Show HN: NILScript – OpenAPI for agent actions, so hallucinations can't write", "summary": "NILScript introduces an OpenAPI-like standard for agent actions that prevents unauthorized writes by enforcing a propose-approve-commit-rollback workflow. In 4,216 prompt-injection evaluations across two models, the system achieved a 0.00% unauthorized write rate while maintaining 100% benign task completion, compared to a 4.46% raw hijack rate for ungated agents.", "body_md": "Open standard · v0.3.0\n\n# OpenAPI for\n\nagent‑actions.\n\nOne neutral wire contract between the agent that decides and the system that owns the truth. Every write goes propose → approve → commit → rollback — nothing touches your data until a human says so, and an agent can only name verbs your backend actually declares. Hallucinations can’t write.\n\n- 01propose\n- 02approve\n- 03commit\n- 04rollback\n\nQuick start\n\n## Up and running in three commands.\n\nThe CLI is the toolkit for building and verifying adapters straight from the standard. No account, key, or waitlist — install, scaffold, and watch a real propose→commit loop in the Playground.\n\n1 · Install\n\n2 · Explore & scaffold\n\nThree files become yours. Everything else is generated and identical across adapters — you build the surface once, and any NIL-speaking agent works against it.\n\n`system.py`\n\nthe one place I/O happens\n\n`translate.py`\n\nverb ⇄ native\n\n`compensation.py`\n\nreversibility\n\nProof\n\n## 0.00% unauthorized writes across 4,216 evals.\n\nNIL is the layer between the agent and the backend, so we don’t compete on a leaderboard — we instrument one. Across 4,216 real prompt-injection attacks on two models, raw agents were hijacked into a write on up to 1 in 22 cases. Routed through NIL, unauthorized writes commit 0.00% — while every benign task still completes. The defense is structural, not model-dependent.\n\n- 0.00%\n- unauthorized writes via NIL\n- 4,216\n- real injection evals, 2 models\n- 4.46%\n- raw hijack rate, ungated\n- 100%\n- benign tasks still completed\n\nSee it run\n\n## A real write, gated end to end.\n\nTen seconds: an agent chats to a live backend and you watch a write go propose → approve → commit → rollback in a real trace. Nothing touches the data until you say so.", "url": "https://wpnews.pro/news/show-hn-nilscript-openapi-for-agent-actions-so-hallucinations-can-t-write", "canonical_source": "https://nilscript.org/", "published_at": "2026-06-18 14:58:20+00:00", "updated_at": "2026-06-18 15:23:37.392183+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "developer-tools"], "entities": ["NILScript", "OpenAPI"], "alternates": {"html": "https://wpnews.pro/news/show-hn-nilscript-openapi-for-agent-actions-so-hallucinations-can-t-write", "markdown": "https://wpnews.pro/news/show-hn-nilscript-openapi-for-agent-actions-so-hallucinations-can-t-write.md", "text": "https://wpnews.pro/news/show-hn-nilscript-openapi-for-agent-actions-so-hallucinations-can-t-write.txt", "jsonld": "https://wpnews.pro/news/show-hn-nilscript-openapi-for-agent-actions-so-hallucinations-can-t-write.jsonld"}}