help

I’m building Agent Middleware API, an open-source control layer for autonomous agent actions. The narrow goal is not “another agent framework.” It is infrastructure for the moment an agent wants to do something with a real tool: discover -> authenticate -> authorize -> invoke -> meter -> receipt -> audit -> govern The current repo focuses on governed MCP/tool invocation. A tool call can be scoped by a signed permit, checked against wallet/tenant authority, run through a governed adapter, idempotency-protected, metered, charged once, receipted, and written into a tamper-evident audit chain. There is also an AWI-over-MCP proof surface for web agents: semantic web actions, progressive representations, human intervention controls, and draft action vocabulary docs. I’m treating AWI as a workload that exercises the trust plane, not as the core product. The main proof command is: `make prove-trust-plane` It checks the full loop: discovery, signed permit issuance, valid governed MCP call, one-time wallet charge, signed receipt, audit-chain verification, replay without double charge, denied out-of-scope action, and tamper detection for receipt/audit evidence. I’m looking for critique on the architecture, especially: * Should the core wedge be MCP governance, signed receipts, or metering? * Is the permit/receipt/audit model enough to be useful to security reviewers? * What would make this credible as infrastructure rather than a demo-heavy agent backend? This is production beta, not production complete. I’m trying to keep the claims narrow and make the trust loop falsifiable.