SINT Protocol: Runtime Authorization and Evidence Logging for LLM-Driven Physical AI Systems
Description
Large language model (LLM) agents increasingly issue commands to tools, robots, drones, smart-home devices, and industrial systems. Existing agent protocols (MCP, A2A, ACP, ANP) standardize communication, but no widely adopted runtime authorization model currently covers the full LLM-to-actuator path with graduated human oversight, physical-constraint enforcement, and tamper-evident evidence trails.
We present SINT Protocol, a capability-based runtime authorization framework for LLM-driven physical AI. SINT interposes a single Policy Gateway between agent intent and actuator execution. Every request is normalized to a canonical schema, validated against Ed25519-signed capability tokens, classified into one of four approval tiers (T0_OBSERVE, T1_PREPARE, T2_ACT, T3_COMMIT), evaluated against physical constraints (velocity, force, geofence, body-region force limits per ISO/TS 15066), and recorded in a SHA-256 hash-chained evidence ledger.
The reference implementation provides bridge adapters for MCP, ROS 2, MAVLink, A2A, gRPC, MQTT, OPC-UA, Open-RMF, Sparkplug, Matter, Home Assistant, FHIR R5, swarm coordination, and economic operations; SDKs in TypeScript, Python, Go, and Rust; and conformance fixtures mapped to the OWASP Top 10 for Agentic Applications. On an Apple M3 Pro with in-memory persistence, the gateway adds a 5.1 ms steady-state p99 latency over 600 single-process iterations, fitting within the 10 ms budget of a 100 Hz ROS 2 control loop. We discuss how SINT supports implementation evidence for IEC 62443 FR1–FR7, EU AI Act Articles 9/11/12/13/14(4)(e)/15 stop-control and logging obligations, and NIST AI RMF functions, and we identify open limitations: no real-robot validation yet, heuristic drift thresholds, no mechanized formal verification, and operator-burden risks under high escalation rates.
SINT does not replace model alignment, hardware emergency-stop controllers, or domain-rated safety standards (ISO 13849, IEC 61508). It provides a deterministic authorization and evidence layer between agent cognition and physical execution.
Keywords: agentic AI security · physical AI · capability-based security · runtime authorization · OWASP ASI · EU AI Act Article 14 · NIST AI RMF · robot safety · Model Context Protocol · evidence ledger
Files
SINT_Protocol_2026_rev1.1.pdf
Files
(376.9 kB)
| Name | Size | Download all |
|---|---|---|
|
md5:df9e3398fbbd0e8f760c50498db140eb
|
376.9 kB | Preview Download |
Additional details
Dates
- Created
-
2026-05-25Initial working paper completion
- Updated
-
2026-05-25Revision 1.1 — credibility-discipline pass
Software
- Repository URL
- https://github.com/sint-ai/sint-protocol
- Programming language
- TypeScript , Python , Go , Rust
- Development Status
- Active
References
- I. S. Cardenas et al., "ROSClaw: An OpenClaw ROS 2 framework for agentic robot control and interaction," arXiv:2603.26997, 2026.
- "MCP Security Analysis: Architectural vulnerabilities in the Model Context Protocol," arXiv:2601.17549, 2026.
- OWASP Foundation, "OWASP Top 10 for Agentic Applications (Agentic Security Initiative)," 2026.
- Anthropic, "Model Context Protocol Specification," 2024.
- M. Alshiekh, R. Bloem, R. Ehlers, B. Konighofer, S. Niekum, and U. Topcu, "Safe reinforcement learning via shielding," Proc. AAAI, 2018, pp. 2669-2678.
- M. S. Miller, K.-P. Yee, and J. Shapiro, "Capability myths demolished," Combex Inc., Tech. Rep., 2003.
- G. Caiazza et al., "Security analysis of ROS 2 and SROS2," Proc. ACM CCS, 2022.
- European Parliament and Council, "Regulation (EU) 2024/1689 - Harmonised rules on artificial intelligence (EU AI Act)," 2024.