Never-Leak Protocol Specification

The complete technical specification for the Never-Leak Protocol. Nine chapters defining how AI agents interact with secrets without those secrets ever entering the agent's context window.

Version 1.0-draft | CC BY 4.0 | 9 chapters
00

Overview

Goals, architecture, terminology, design principles, and conformance tiers.

 01

Agent Identity

Level 1

Cryptographic identity, Agent Identity Documents (AID), attestation, trust levels (L0-L3), and lifecycle management.

 02

Action-Based Access

Level 2

Typed action semantics, opaque handles, scope grants, conditions, and secret rotation propagation.

 03

Execution Isolation

Level 3

Isolated subprocesses, environment scrubbing, output sanitization, memory wipe, and timeout enforcement.

 04

Pre-Execution Defense

Level 4

Command interception, injection detection, exfiltration pattern matching, and policy validation.

 05

Audit Integrity

Level 5

SHA-256 hash-chained records, HMAC signatures, tamper-evident verification, and forensic queries.

 06

Attack Detection & Response

Level 6

Behavioral anomaly detection, prompt injection detection, circuit breakers, and automated response.

 07

Cross-Agent Trust & Federation

Level 7

Delegation tokens, scope attenuation, trust federation, and result-only propagation.

 08

Wire Protocol & Transport

JSON message format, transport bindings (HTTP, stdio, WebSocket), MCP integration, and error handling.

Conformance Tiers

Basic
Levels 1 - 3

Agent identity, action-based access, execution isolation.

Standard
Levels 1 - 5

Adds pre-execution defense and immutable audit trails.

Advanced
Levels 1 - 7

Full protocol with attack detection and cross-agent trust.