# Show HN: NILScript – OpenAPI for agent actions, so hallucinations can't write > Source: > Published: 2026-06-18 14:58:20+00:00 Open standard · v0.3.0 # OpenAPI for agent‑actions. One neutral wire contract between the agent that decides and the system that owns the truth. Every write goes propose → approve → commit → rollback — nothing touches your data until a human says so, and an agent can only name verbs your backend actually declares. Hallucinations can’t write. - 01propose - 02approve - 03commit - 04rollback Quick start ## Up and running in three commands. The CLI is the toolkit for building and verifying adapters straight from the standard. No account, key, or waitlist — install, scaffold, and watch a real propose→commit loop in the Playground. 1 · Install 2 · Explore & scaffold Three files become yours. Everything else is generated and identical across adapters — you build the surface once, and any NIL-speaking agent works against it. `system.py` the one place I/O happens `translate.py` verb ⇄ native `compensation.py` reversibility Proof ## 0.00% unauthorized writes across 4,216 evals. NIL is the layer between the agent and the backend, so we don’t compete on a leaderboard — we instrument one. Across 4,216 real prompt-injection attacks on two models, raw agents were hijacked into a write on up to 1 in 22 cases. Routed through NIL, unauthorized writes commit 0.00% — while every benign task still completes. The defense is structural, not model-dependent. - 0.00% - unauthorized writes via NIL - 4,216 - real injection evals, 2 models - 4.46% - raw hijack rate, ungated - 100% - benign tasks still completed See it run ## A real write, gated end to end. Ten seconds: an agent chats to a live backend and you watch a write go propose → approve → commit → rollback in a real trace. Nothing touches the data until you say so.