Back
GCgithub.com
29
·12 hr ago·Dev community · RSS

Show HN: Halo – open-source, tamper-evident runtime evidence for AI agents

View original
Why it matters

This covers a coding tool or code-capability update — useful for developers assessing workflow changes and reusable value.

AI summary

Halo is an open-source tool providing tamper-evident runtime records for AI agents.…

Tamper-evident runtime records for AI agents: the audit trail the vendor runs but cannot edit.

Every action your agent takes (tool calls, model calls, data access, approvals) becomes one record in an append-only, hash-chained log. Any party can verify the log was never altered, without trusting whoever produced it. When a customer's security team asks "what did your agent do with our data?", you hand them a link instead of a paragraph. Security reviews already ask AI questions next to the SOC 2 checklist, and today a written assurance still passes. The bet behind this project is that it won't for long.

The record format is open and free to implement. This package is the reference implementation: recorder, verifier, witness client, and report server.

Why you can trust this code

You are being asked to put a recorder inside your agent. You should not take that on faith:

- Zero runtime dependencies. Standard library only. pip install halo-record installs exactly one package.

- No network calls, except the witness, which is opt-in and receives only a record count and a chain fingerprint. Record contents never leave your infrastructure.

- Raw inputs never enter a record. Arguments are hashed and stored only as a redacted summary — never the raw value. Redaction is best-effort (regex over common secret and PII formats): treat it as defense-in-depth, not a guarantee.

- Small enough to audit. ~4,300 lines of Python. Read all of it in an afternoon.

- Apache-2.0.

60-second demo

No agent required. With uv , nothing to install:

uvx --from halo-record halo demo --serve

or the classic way:

pip install halo-record halo demo --serve

Either one scaffolds a fictional support-agent vendor with two customers, witnesses the chains, serves their gated Runtime Reports, and opens the operator console in your browser. Then try the tamper test: delete a line from one of the .jsonl files and reload. The report catches it.

Record your own agent

One line at the boundary:

from halo import trace

agent = trace ( run_my_agent , profile = "my-agent" , log = "audit.jsonl" ) # wraps your entrypoint; records every tool call to ./audit.jsonl

Without log=, records go to ~/.halo/my-agent.jsonl (one chain per agent). Or use the adapter for what you already run (see the matrix below). Then render the report:

halo report audit.jsonl -o report.html # one chain -> self-verifying HTML halo serve ./records --port 8721 # all tenants, gated per customer

The quickstart ends when you are looking at your own agent's Runtime Report in a browser. If you got a JSONL file and no report, something is wrong: open an issue.

Connect to what you already run

TopicsOfficial announcementGitHubOpen source
Keywords#evidence#evident#runtime#agents#source#tamper
View originalgithub.com
Single source, no cross-check yet
Show HN: Halo – open-source, tamper-evident runtime evidence for AI agents · BuzzRadr