Open-source primitives for decentralized, cryptographically governed AI agent networks. Built on Project NANDA standards.

The industry is scaling the Internet of Agents — AI agents that discover, communicate, and collaborate across the web. But the mainstream narrative assumes reliable cloud connectivity, abundant compute, and low-stakes consumer tasks.

Critical segments of the autonomous economy — aerospace, defense, maritime logistics, physical infrastructure — operate at the extreme edge. Connectivity is intermittent. Trust must be continuously verified. The penalty for an AI hallucination or unauthorized action can be severe.

To scale AI agents in the enterprise, we need more than discovery. We need cryptographic model governance, offline-capable identity, structural regulatory compliance, verifiable capability restriction, and operator-facing surfaces that turn signed evidence into something a human can triage in real time.

These libraries are the building blocks.

Each library ships a small, versioned Protocol surface and a public conformance test suite. Any third-party backend — including proprietary ones — plugs in behind the same Protocol and proves compliance against the same public tests. The open substrate is the standard; what you build above it is yours. No vendor lock-in, no forked forks.

Operator Surfaces answer "how does a human see what the agents are doing?" — forensic, filterable timelines of signed agent action evidence. Behavioral Trust answers "what is this agent allowed to do, right now?" — regulation, capability, staging. Model Trust answers "what is this model?" — identity, metadata, integrity, approval. Federation sits beneath all three — how agents find each other on the network.

  +-----------------------------------------------------------+
  |                    OPERATOR SURFACES                      |
  |                       (TS / React)                        |
  |                                                           |
  |  sm-attest-viewer        chronological forensic timeline  |
  |  sm-decision-inspector   HITL workbench, M-of-N quorum    |
  |  sm-attest-auditor       bidirectional audit drill        |
  +--------------------------- ↑ -----------------------------+
                               |  W3C VC streams (AAE wire envelope)
                               |
  +-----------------------------------------------------------+
  |                      BEHAVIORAL TRUST                     |
  |                                                           |
  |    sm-locp     →     sm-airlock    →     sm-enclave       |
  |  (compliance)     (capabilities)      (speculative exec)  |
  |  *emits AAEs*                                             |
  +-----------------------------------------------------------+
                              |
  +-----------------------------------------------------------+
  |                         MODEL TRUST                       |
  |   sm-model-provenance · sm-model-card ·                   |
  |   sm-model-integrity-layer · sm-model-governance          |
  +-----------------------------------------------------------+
                              |
  +-----------------------------------------------------------+
  |                         FEDERATION                        |
  |                                                           |
  |   sm-bridge  —  registry endpoints, Quilt delta sync      |
  +-----------------------------------------------------------+

Substrate tiers (Behavioral / Model / Federation) are Python-first because they run where agents run. The Operator Surfaces tier is TypeScript / React because it runs where humans look — browsers, dashboards, embedded panels.

Agents need a standardized way to broadcast who they are and what model powers them, without heavy dependencies in constrained edge environments.

A zero-dependency Python dataclass capturing core model identity (model ID, provider, version, governance tier). Omit-when-empty serialization keeps payloads compact. Maps into the JSON shapes required by NANDA AgentFacts and decision envelopes.

pip install git+https://github.com/Sharathvc23/sm-model-provenance.git

Enterprise environments require structured documentation of an AI's capabilities, training metrics, and deployment lifecycle.

A unified model card schema for federated registries. Covers LoRA adapters, edge ONNX, federated learning, and heuristic models under a single validated dataclass. Four-state lifecycle (shadow → ready → deprecated → archived) with transition guards.

pip install git+https://github.com/Sharathvc23/sm-model-card.git

In a decentralized network, systems must mathematically verify an agent hasn't been compromised in transit or loaded with unauthorized model weights.

An additive integrity gate. Offline SHA-256 weight hashing, HMAC-SHA256 attestation, model lineage tracking, and 6 built-in governance policies. Prevents base-swapping attacks. Zero runtime dependencies.

pip install git+https://github.com/Sharathvc23/sm-model-integrity-layer.git

AI cannot autonomously execute high-stakes actions without a legally defensible audit trail and verifiable oversight.

Three-plane ML governance (Training → Approval → Serving). Ed25519 cryptographic signatures, M-of-N multi-party quorum, time-bounded approvals, and autonomous drift detection with auto-revocation. Designed for aerospace and defense compliance frameworks.

pip install git+https://github.com/Sharathvc23/sm-model-governance.git

An approved model can still do the wrong thing. Regulatory compliance is about what the agent does in the world, not what the model is.

The Open Compliance Protocol (OCP) — a defeasible-logic engine, machine-readable regulations (MRR) format, and W3C Verifiable Credential issuance layer. Agents observe their operational state, check it against regulatory theories, and produce cryptographic proofs of compliance that any third party can verify without re-running the evaluation. The VC issuance layer is what mints Attested Action Envelopes (AAEs) — the per-action evidence primitive consumed by sm-attest-viewer.

Persistence Protocol v1 is frozen. Ship your own corpus, your own backend — the engine is indifferent as long as your implementation passes the public conformance suite.

pip install git+https://github.com/Sharathvc23/sm-locp.git

A plugin system without an isolation boundary is an attack surface. Plugins must reach the host agent to be useful, but unrestricted access leaks state, bypasses tenant isolation, and floods the host with unbounded calls.

Allowlist-gated plugin sandbox for autonomous agents. The Airlock proxy denies every attribute access by default and permits only what the caller explicitly declares via AllowlistSpec. Per-method sliding-window rate limits, Ed25519-signed plugin manifests for supply-chain integrity, and a violation-callback hook for audit integration. Zero runtime dependencies.

pip install git+https://github.com/Sharathvc23/sm-airlock.git

AI agents that touch real-world state need to evaluate their options before committing. Otherwise a wrong decision fires hardware that cannot be undone.

Speculative execution sandbox. Stages side effects produced during speculative branch execution in isolated enclaves, commits the winner atomically, discards the losers. Irreversibility gate blocks hardware-touching commands from firing in speculative branches unless explicitly allowed. Pluggable committers per effect type. Zero runtime dependencies.

pip install git+https://github.com/Sharathvc23/sm-enclave.git

Compliance evidence and operator triage are useless if there's no way to see the signed envelopes flowing past in real time. Operators need a different artefact than a chat log.

Reference renderer for Attested Action Envelopes (AAEs) — the per-action evidence primitive minted by sm-locp. A React / TypeScript component library that displays AAE streams as forensic, filterable, reverse-chronological timelines. As of v0.2, the renderer surfaces the four AAE envelope kinds (action, decision, belief, checkpoint) with kind-specific visual distinctions while remaining backward-compatible with v0.1 producers.

A chronological timeline shows that decisions exist. It cannot ergonomically serve the multi-party gesture surface where operators actually authorize or deny — that demands a different primitive.

Reference workbench for the type: "decision" envelope variant. Surfaces the proposed action, the M-of-N countersignature roster, the live quorum chip, and the operator approve / deny controls as a forensic, gesture-safe HITL surface. Locks the gesture surface once quorum is reached so an operator never accidentally double-signs.

Forward envelope chains alone do not solve forensic audit, because an auditor often arrives after an incident — starting from a known checkpoint commitment and needing to prove a specific envelope was covered by it in O(log N) sibling-path verification.

Reference renderer for bidirectional audit over AAE envelope chains. Walks forward chains via predecessor_hash (cycle-safe, gap-tolerant) and verifies reverse merkle inclusion proofs from checkpoint envelopes per RFC 6962 SHA-256 — runs the cryptographic verification in-browser via Web Crypto, with no proprietary library on the audit path.

Exposing enterprise agents to a federated network should not require rewriting an entire database or implementing complex sync protocols from scratch.

A reference implementation for NANDA-compatible registry endpoints and Quilt-style delta synchronization. Drop-in FastAPI router, DID/handle parsing, thread-safe delta store, and a protocol-based converter for integrating with any internal data model.

pip install git+https://github.com/Sharathvc23/sm-bridge.git

# Identity
from sm_model_provenance import ModelProvenance
provenance = ModelProvenance(model_id="my-model", provider_id="local", model_version="1.0")

# Metadata
from sm_model_card import ModelCard
card = ModelCard(model_id="my-model", model_type="lora_adapter", status="shadow")

# Integrity
from sm_integrity import check_governance, STANDARD_POLICIES
report = check_governance(provenance, policies=STANDARD_POLICIES)

# Governance
from sm_governance import GovernanceCoordinator
coord = GovernanceCoordinator()
output = coord.complete_training("my-model", "sha256:abc", {"loss": 0.28})
approval = coord.submit_for_governance(output, approved_by="governance-lead")

# Regulatory compliance — produces AAEs
from sm_locp import (
    RegulatoryTheoryBuilder, Literal, VCGenerator, ComplianceCredentialSubject,
)
theory = (
    RegulatoryTheoryBuilder("WAREHOUSE")
    .defeasible("D1", ["operator_certified"], "permitted", priority=5)
    .fact("operator_certified")
    .build()
)
result = theory.query(Literal.parse("permitted"))

# Federation
from sm_bridge import SmBridge, SimpleAgent
bridge = SmBridge(registry_id="my-registry", provider_name="My Org", provider_url="https://example.com")
bridge.register_agent(SimpleAgent(id="my-agent", name="My Agent", description="An AI assistant"))

Sharath Chandra — Personal research contributions aligned with Project NANDA standards. Stellarminds.ai