Proof packet
One agent, one constitution, one proof packet.
Start with the framework or CI lane the team already uses, then prove the boundaries that matter under one policy. The strongest proof blocks a dangerous tool call, branches a database, and runs protected compute into the same evidence packet.
Packet contents
What the auditor sample contains.
01Constitution evidence
The same policy revision and decision context across action, data, and compute boundaries.02Adapter evidence
Framework wrapper, strict tool list, install command, and certification lane result.03Runtime evidence
Allowed call, blocked call, halt state, decision headers, and proof digest.04CI evidence
GitLab or Vercel hosted run when applicable; otherwise a local scanner artifact.05Database evidence
Governed branch metadata, source-isolation checks, query result scope, and cleanup proof when data is in scope.06Compute evidence
Protected run metadata, attestation, digest, finite output/loss signals, and zeroized cleanup when compute is in scope.07Audit chain
Ordered entries carry previousHash, canonicalPayloadHash, entryHash, and one final chain root.08Buyer packet
One auditor-redacted markdown or JSON packet the security reviewer can inspect without logging into a console.Current proof packet
01LangChain adapter
Focused 4/4 LangChain proof covers Python and TypeScript wrapped tools, agent tool-loop middleware, ToolNode, and original-tool LangSmith traceable wrappers.02OpenAI Agents adapter
Focused 4/4 OpenAI Agents SDK proof covers Python and TypeScript wrapped function tools retained inside Agent tool lists, JS action aliases for SDK-normalized names, and raw tool-loop guards.03Vercel AI SDK adapter
Focused 2/2 Vercel AI SDK proof covers direct tool.execute, generateText and streamText tool loops, actionAliases for JS-safe tool keys, forwarded toolCallId metadata, and zero blocked-path body calls.04LlamaIndex adapter
Focused 4/4 LlamaIndex proof covers Python and TypeScript FunctionTool.call, metadata.name preservation, action aliases, and zero blocked-path body calls.05CrewAI adapter
Focused 4/4 CrewAI proof covers Python real-package Tool.run, Tool._run, CrewStructuredTool.invoke, action_aliases, and zero blocked-path body calls.06Haystack adapter
Focused 4/4 Haystack proof covers Python real-package haystack-ai component.run, Pipeline.run, action_aliases, and zero blocked-path body calls.07AutoGen adapter
Focused 4/4 AutoGen proof covers Python real-package autogen-core FunctionTool.run_json, FunctionTool.run, action_aliases, and zero blocked-path body calls.08PydanticAI adapter
Focused 2/2 PydanticAI proof covers Python real-package pydantic-ai Tool.function_schema.call, Agent.run_sync, FunctionToolset, action_aliases, and zero blocked-path body calls.09Semantic Kernel adapter
Focused 4/4 Semantic Kernel proof covers Python real-package semantic-kernel KernelFunction.invoke, Kernel.invoke plugin dispatch, action_aliases, and zero blocked-path body calls.10Remaining adopter batch
LangGraph, Mastra, DSPy, Dify, Flowise, n8n, Zapier AI, Botpress, Rasa, and smolagents share alias-aware metadata.name mapping, strict preflight, original-tool boundary wrapping, and zero blocked-path body calls.11Hosted adopters
Dify, Flowise, n8n, Zapier MCP, and Botpress use credentialed hosted proof artifacts; claim a lane only from the latest passing URL/token artifact.12Customer proof
The buyer-flow packet combines allowed/blocked runtime evidence, scanner output, DB branch proof, protected compute evidence, redaction manifest, and chain root once a customer workspace exists.13Auditor sample
The public sample packet shows the digest shape now: blocked-before-body, source untouched, protected compute metadata, SHA-256 chain root, and downloadable JSON sidecar.14MCP authority
Local MCP client and Claude/Cursor/Windsurf config lanes passed; remote HTTP MCP remains an additional hosted endpoint proof.Proof trial command shape
# Pick the closest adopter path
imladri init --framework <framework> --ci-provider <gitlab|vercel>
# Certify the wrapper and scan the repo locally
imladri sdk certify --real --target <framework>
imladri scan --path . --fail-on new
# Export the review packet for buyer evidence
imladri proof export --format json --output imladri-proof.jsonThe cross-boundary packet stays private until the customer has a real side effect, database branch, or compute job to prove.