Show HN: NILScript – OpenAPI for agent actions, so hallucinations can't write

NILScript introduces an OpenAPI-like standard for agent actions that prevents unauthorized writes by enforcing a propose-approve-commit-rollback workflow. In 4,216 prompt-injection evaluations across two models, the system achieved a 0.00% unauthorized write rate while maintaining 100% benign task completion, compared to a 4.46% raw hijack rate for ungated agents.

Open standard · v0.3.0 OpenAPI for agent‑actions. One neutral wire contract between the agent that decides and the system that owns the truth. Every write goes propose → approve → commit → rollback — nothing touches your data until a human says so, and an agent can only name verbs your backend actually declares. Hallucinations can’t write. - 01propose - 02approve - 03commit - 04rollback Quick start Up and running in three commands. The CLI is the toolkit for building and verifying adapters straight from the standard. No account, key, or waitlist — install, scaffold, and watch a real propose→commit loop in the Playground. 1 · Install 2 · Explore & scaffold Three files become yours. Everything else is generated and identical across adapters — you build the surface once, and any NIL-speaking agent works against it. system.py the one place I/O happens translate.py verb ⇄ native compensation.py reversibility Proof 0.00% unauthorized writes across 4,216 evals. NIL is the layer between the agent and the backend, so we don’t compete on a leaderboard — we instrument one. Across 4,216 real prompt-injection attacks on two models, raw agents were hijacked into a write on up to 1 in 22 cases. Routed through NIL, unauthorized writes commit 0.00% — while every benign task still completes. The defense is structural, not model-dependent. - 0.00% - unauthorized writes via NIL - 4,216 - real injection evals, 2 models - 4.46% - raw hijack rate, ungated - 100% - benign tasks still completed See it run A real write, gated end to end. Ten seconds: an agent chats to a live backend and you watch a write go propose → approve → commit → rollback in a real trace. Nothing touches the data until you say so.