Willam Fan

Try it: ``` npm install @signet-auth/core @signet-auth/mcp ``` or ``` cargo install signet-cli ``` GitHub: github.com/Prismer-AI/sig… Star if this matters to you. Issues/PRs welcome. We think every agent action should be signed by default. This is step one. #AIAgentSecurity #Ed25519 #DevTools #MCP #OpenSource

Yesterday's v0.9.3 release added the outcome side of bilateral co-signing — the server's response is now signed alongside the agent's request, not just the request alone. Original framing of why this matters, from a few weeks back: dev.to/willamhou/is-t… #OpenSource

@Taishan_x @CryptoCaligh 把豆哥打开小铃铛了

@CryptoCaligh 感谢，很喜欢您的帖子。

10多年前，我开始在 推 上发帖，因为我当时正开启自己的加密货币致富之旅，想实时记录整个过程并留下证据，这样没人能说我是在装逼。最后我成功实现了目标，但我依然留在这里。我个人其实不喜欢出名，也非常不喜欢炫耀。这10年来，我从未从发帖中赚过一分钱，也从来没有接过任何广告或与任何项目合作。我留在这里的唯一原因，就是希望能帮助到其他人。但我得到的回报却是一堆骂声和负面能量。有时候我很努力地想帮助别人，告诉他们有很多其他币正在上涨，但他们不但不听，还反过来骂我。

Signet v0.9.3 shipped — pilot-readiness release. Bilateral co-signing now records the server's outcome inside the signed payload, not just the agent's request. Durable nonce store, forensic verification, atomic check_and_record. github.com/Prismer-AI/sig… #OpenSource

Coming this week: • v0.9.3 deep-dive — bilateral outcome model + durable nonce store • OpenClaw plugin, pending npm publish Open source cryptographic receipts for AI agent tool calls. No telemetry. No hosted service. #OpenSource

Worked: • CrewAI tutorial post landed clean (Codex review caught 7 real issues) • AGT example merged (PR #1196), now in their tutorials • Zhihu AGT post hit Chinese audit/compliance crowd Didn't: • OpenClaw plugin npm publish slipped — kept the announcement off • CrewAI feature request closed NOT_PLANNED — but that confirmed the plugin path is the right shape

This week's recap. Stars: 32 → 32 (flat — downloads moved, stars didn't follow) PyPI signet-auth weekly: 396 → 595 (+50%) npm @signet-auth/core monthly: 1908 → 2284 (+20%) dev.to (CrewAI tutorial): dev.to/willamhou/how-…

给自由猫做了个LBTI，欢迎大家来玩～～如果赚哥@Ryu_LCat觉得有意思，直接贡献给社区啦～～ prismer.services/zh/features/li… 有些icon是我们自己的引流，可以忽略～～

Asked CrewAI core to support cryptographic tool-call receipts. Maintainers closed as NOT_PLANNED. Right call. install_hooks() already plugs into CrewAI's existing tool hooks and signs every call — no core changes needed. dev.to/willamhou/how-… #CrewAI

CrewAI agents delegate, call tools, hand off results. When something breaks, "which agent did what" is a real question. Just published: signed receipts + hash-chained audit log on every CrewAI tool call. ~5 min setup. dev.to/willamhou/how-… #CrewAI

Spent today scaffolding a Signet plugin for OpenClaw. OpenClaw acts on your machine. After a bad tool call, you want to prove what it did — Ed25519 signature + hash-chained audit log per call. Source up: github.com/Prismer-AI/sig… #OpenClaw

@TingHu888 报名

Xchat推出安卓版本后建一个群，也顺带把积累的私信都回了😅...

We just submitted to LangChain's ComplianceBackend RFC — here's how it works in practice. Two lines to add audit trails to your LangChain agent: from signet_auth.langchain import SignetCallbackHandler signer = SignetCallbackHandler(agent) Every tool call gets an Ed25519 signature. No server, no API key. Full tutorial: [dev.to/willamhou/how-…] pip install signet-auth[langchain] #LangChain #AIAgents #Python #BuildInPublic

A pattern is emerging across agent frameworks: transport → identity → policy → proof. Each layer has different owners. None replaces the others. This week Signet submitted to four of them: - LangChain RFC #35691 (ComplianceBackend) - CrewAI #4875 (MCP security) - OpenAI Agents #2868 (PolicyAttestation) - Agno #6892 (bilateral + delegation) #AIAgents #LangChain #OpenSource #BuildInPublic

Your agent's audit log is not proof. It's a claim. The operator wrote that log. They can edit it, delete it, reorder it. A signed receipt says the same thing — except modifying any field breaks the Ed25519 signature, and deleting any entry breaks the SHA-256 hash chain. Logs are trust-me. Receipts are verify-me. github.com/Prismer-AI/sig… #AIAgents #AISafety #AICompliance

Built a K8s operator that deploys AI agent runtimes (OpenClaw, NanoClaw, ZeroClaw, IronClaw, HermesClaw, K8sOps) behind a single CRD. IPC bus with WAL/DLQ, auto-update with circuit-breaker rollback, Go SDK. Writeup: dev.to/willamhou/k8s4… Code: github.com/Prismer-AI/k8s… #Kubernetes #Golang #AIagents #OpenSource #DevOps

signet v0.9.1 shipped. `signet explore` — browse your receipt chain from the terminal. Filter by tool, signer, trace. One command, full audit picture. Also: --ttl delegations (short-lived tokens, no revocation) and ComplianceBackend adapter for LangChain RFC #35691. github.com/Prismer-AI/sig… #OpenSource #AIAgents #DevTools

Fair. The reconcile pattern is standard; the control boundary is the point. The agent can't directly mutate live resources, only write intent, and the reconciler is the sole mutator after validation. A lot of LLM ops tooling gives the agent kubectl-like write access to live state. That's the part that feels too permissive to me.

@WillamUpUp i didn't really understand what you're doing, but if all you're doing is allowing agent to write an annotation which then you audit+convert to spec, it's prob fine

building an operator where the LLM agent never patches STS directly — it writes an intent annotation on the CR, single reconciler validates (allowlist + generation guard + Ed25519) and executes. the "agent patches k8s directly" pattern feels load-bearing in most LLMops tools I've seen and I think it's wrong for prompt injection reasons. full argument: #why-intent-annotation-not-direct-patching" target="_blank" rel="nofollow noopener">github.com/Prismer-AI/k8s… @ahmetb does this match anything you've seen in controller-runtime land, or am I reinventing something?

Your AI agent just tried to run `rm -rf /`. Most systems log it after. Signet v0.7 blocks it before — and the signed receipt proves the policy was enforced. One YAML file. Three rule types: `allow`, `deny`, `require_approval`. When a blocked action is attempted, no receipt is produced. Nothing is logged as "allowed." The enforcement is cryptographically proven, not just claimed. github.com/Prismer-AI/sig… #AIAgents #AISafety #OpenSource #BuildInPublic

Signet is now referenced in Microsoft's Agent Governance Toolkit. AGT evaluates allow/deny. Signet proves it happened. Two layers, one audit trail. PR #1196 ↓ github.com/microsoft/agen… #AIAgents #AgentSecurity #BuildInPublic