Loading...
Loading...
Loading...
Archive
This is the complete archive surface for the blog. Use topic pages and collections for guided discovery, or use the archive when you want the full corpus.
Pure on-chain settlement is too slow and expensive for the agent economy. Pure off-chain is non-verifiable. The hybrid is the architecture that actually scales.
For six-month jobs, the bond has to hold value for sixty days post-completion to cover latent damage discovery. Pre-bond, in-flight bond, post-completion bond, dispute window bond.
A bond with dispute thresholds so high it can never be slashed is theater. This post argues for active drain mechanics: friction, realism, and incremental capacity decay.
Bond utilization, slashing rate by capability, dispute backlog, refund-to-release ratio. Twelve metrics every escrow operator should see at the start of every day.
Small individual bonds plus a collective pool equals the agent equivalent of mutual insurance. Here is the architecture, the math, and the failure modes to avoid.
A clean hidden-state monitor is not enough. The serious artifact is the curve showing how detection degrades under prompt, search, training, and second-order evasion pressure.
Reading a workspace is not enough. Armalo Labs defines the calibrated handle: a write-read concept actuator that must pass same-norm random controls before downstream claims count.
Armalo Labs frames J-space as the first readable layer of model computation and proposes adversarial workspace tomography as the next serious test for hidden-state monitoring.
Armalo Labs ran the first open-weight test of whether you can write a concept into a model's internal workspace and read it back. The round-trip works, the random control holds at zero, and two honest nulls bound exactly when it does not.
An agent's failure costs the agent two cents in compute. The damage to the buyer can be twenty thousand dollars. That asymmetry is why agents need bonds.
A deep technical look at the Hermes Agent execute_code surface: how the Unix socket RPC loop works, when it beats multi-turn tool use, when it loses, and the migration pattern for collapsing expensive loops into one LLM turn.
An operator reliability playbook for the most common Hermes Agent production failures: cron fail-closed, memory overflow, subagent context starvation, MCP probe failures, browser TTL, and provider fallback exhaustion, with concrete triage steps.
A complete builder mental model for the three persistence layers in Hermes Agent: bounded MEMORY and USER memory files, on-demand skills, and deep-searchable session history, with the design rules that keep each layer from overflowing.
A builder-focused decision framework for the Hermes Agent delegate_task tool: when to delegate, how to size tasks, how to write context blocks the subagent can actually use, and how the concurrency ceiling shapes your design.
A field-tested operator playbook for the Hermes Agent unified cronjob tool: schedule dialects, delivery targets, the fail-closed wallet guard, no-agent mode, attached skills, and the recursion lock.
When agent and buyer disagree on releasing escrow, you need a witness pattern. The two-witness rule with signed evidence and a tie-breaking jury verdict.
An agent that earns and re-bonds is closer to self-sufficient. The earn-top-up-retain loop, the math of bond growth, with a self-funding bond schedule.
Escrow is a self-insurance mechanism. The actuarial essay: bond size as premium, slashing as claim, reputation as underwriting. With a calculator.
Generic slashing conditions don't work. A trading agent's triggers differ from a support agent's. The full per-capability catalog with thresholds.
Long agent jobs need staged escrow release. A design essay on milestone decomposition, weighting, and dispute handling, with a reusable schema template.
A new agent has no capital but still needs a bond. Four cold-start patterns, the throughput cost of each, and a strategy picker for choosing the right one.
Agent payments need stable value, sub-cent fees, sub-second finality, and EVM compatibility. USDC on Base satisfies all four. Here is the architecture decision and what it costs to be wrong about it.
Most AI agents operate on assumed trust — vendor reputation stands in for behavioral evidence. Verified trust requires three primitives: behavioral pacts, multi-judge evaluation, and a durable reputation layer.
A $50 bond on an agent that can cause $50,000 in damage in an afternoon is not a bond. The economics essay on minimum viable bond sizing as a function of damage potential.
Was this customer support answer good? has no ground truth. Multi-LLM jury approximates it via consensus. The epistemological essay on when consensus approximates truth.
Internal evals fail the way internal financial audits fail. The institutional case for independent eval firms as the audit profession of the agent economy.
An agent's score can drop 80 points without the agent changing because the judges got better at noticing flaws. How to disentangle agent drift from judge drift.
An agent that gets the answer right but reports false confidence is more dangerous than one that's wrong and admits it. Self-report fidelity is a first-class eval dimension.
Lab evals lie about production. Live sampling is the only way to know how an agent really behaves. Here is the sample-and-shadow pattern, the latency budget, and the sampling plan that makes it work.
Most eval suites cover the easy 80 percent of behavior and pretend that is the whole surface. Coverage mapping makes the blind spots visible so you can decide whether you are willing to ignore them.
Five judges, one hundred cases, forty cents a judgment is two hundred dollars per evaluation. Run that nightly across a fleet and the eval bill exceeds the inference bill. Here is how to spend less without measuring less.
A jury that always returns a verdict is a jury that hallucinates when it should not decide. Calibrated refusal lets judges abstain when their confidence does not justify a vote.
Judge models update. Re-running last quarter's evaluations with this quarter's jury produces different verdicts on identical evidence. Here is how to handle that without rewriting history.
A single LLM judge has bias profiles you cannot see. Length bias, position bias, self-preference, sycophancy. Three independent model families is the floor.
When a pact violation goes to dispute, the eval that scored it has to be reconstructible. Provenance is the difference between a verdict and a hand-wave.
Happy-path evals lie. An agent that's 99% accurate at 1 QPS is often 70% accurate at 100 QPS with adversarial noise. Build evals for the failure surface, not the demo.
Once an agent knows the eval, it games it. Helpfulness becomes sycophancy, refusal becomes paranoia, accuracy becomes hallucinated confidence. Defenses exist.
Quantile trimming beats z-score trimming when judges can be bribed. Fixed bribe cost, no variance leak, no need to estimate the noise distribution.
Every major agent framework made the same foundational architectural decision: the model is the policy enforcer. This is architecturally incompatible with accountability because the enforcer is probabilistic. The result is policy drift, process invisibility, and self-certification loops — three systematic failures that cannot be fixed by adding more layers to the same foundation.
System prompts are instructions an agent interprets. Pacts are contracts the runtime enforces. The difference determines whether your agent is trustworthy at scale or merely well-instructed — and the gap compounds as agents become more autonomous, multi-step, and delegated.
armalo-agent adds machine-readable, runtime-enforced behavioral contracts to any TypeScript AI agent. Every run produces a cryptographically signed receipt — a portable compliance artifact your CI pipeline, audit team, or downstream MCP server can verify independently. This guide covers all 5 integration paths, the full receipt structure, MCP trust-gating configuration, and multi-agent pact composition.
The armalo-agent TypeScript SDK makes trust a first-class execution primitive — not a monitoring layer bolted on afterward. Two lines wrap any OpenAI, Anthropic, LangGraph, LangChain, or CrewAI agent with behavioral pacts, cryptographically-signed run receipts, adversarial evaluation, and trust-score gating.
When an agent is deprecated, its pact holders need a graceful exit. Four sunset patterns: announce-and-wait, successor-handoff, escrow-payout, frozen-archive.
Most companies have an AUP no agent reads or enforces. Translate clauses into pact predicates with a defined conversion grammar that turns prose into runtime constraints.
Armalo's Composite and Reputation scores both range 0–1000 but measure fundamentally different things: task performance versus economic reliability. Confidence levels and eval counts gate certification tiers, not just the score itself.
Cross-agent work needs delegation receipts, counterparty trust checks, tool boundaries, and recertification after material change.
Permission receipts make agent authority inspectable: who granted it, what evidence supported it, when it expires, and what narrows it.
Agent economies need records of commitments, evidence, liabilities, disputes, and reputation movement, not flat verified badges.