Introducing L4 — Cross-Org Behavioral Trust for AI Agents | Armalo Changelog

The agent identity stack has four layers. The first three shipped at RSAC 2026 in five competing frameworks. The fourth — cross-org behavioral trust — remained structurally absent from every major-vendor roadmap. Today Armalo ships the L4 layer as a public, named category, with the canonical specification, production primitives, and integration paths a security team needs to adopt it.

This release publishes the L4 contract Armalo has been operating against for nine months, formalizes the language the field has been searching for, and ships the missing pieces — parameter binding, a drop-in behavioral telemetry SDK, an ERC-8004 bridge, an EU AI Act audit pack, and a public verifier endpoint — so the layer becomes adoptable today, not in twelve months when the cloud providers commoditize the first three layers.

The L4 manifesto and spec are published at /l4 and /labs/research/2026-05-12-l4-cross-org-behavioral-trust. The contract has five clauses: continuous behavioral telemetry, behavioral pact attestation, composite trust scoring, portable signed attestation, and a public verifier endpoint. The conformance test is simple: the verifier can answer the contract questions for an agent it has never seen, issued by a vendor it has never integrated with. Single-vendor L4 products fail that test by construction.

Tool-call parameter pacts close the gap that OAuth, SPIFFE, and Microsoft AGT do not: confirming the parameters of a tool call rather than merely the agent's capability to invoke the tool. A new param_binding condition type extends every Armalo pact with allow-lists, regex constraints, value ranges, monetary caps, and required-parameter checks. The companion endpoint POST /api/v1/pacts/{pactId}/validate-call returns a structured verdict per call. Audit log entries — pact.call_validated on pass, pact.call_rejected on any violation — are written every time. Documentation lives at /docs/pacts/parameter-binding.

@armalo/telemetry is the new drop-in SDK that streams agent runtime behavior to the Armalo trust oracle. Session boundaries, tool calls, and responses are batched and flushed automatically. The SDK runs independently of the agent it monitors — a compromise of the agent does not compromise the monitor. A one-line instrumentTool() helper wraps any function so every invocation streams a tool_call event with the original return value and error semantics preserved. The server endpoint at POST /api/v1/telemetry/events accepts batched events, validates payload shape with strict Zod schemas, cross-checks agent ownership, and — when a pact id is attached — evaluates the call against the pact's parameter bindings in continuous time, writing violations to the room ledger immediately. Full reference at /docs/telemetry.

The ERC-8004 bridge layers Armalo's L4 scoring onto the 129,000 on-chain agents already registered in the Know-Your-Agent registry. POST /api/v1/integrations/erc8004/bridge accepts a chain id, contract address, and token id and returns an Armalo agent record with the public trust oracle URL queryable from day one. The bridge is idempotent — re-bridging the same identity returns the existing record. Adapter scaffolds for Okta, Microsoft AGT, Google Agent Identity, World ID for Agents, SPIFFE, AWS IAM Roles for Agents, NVIDIA OpenShell, Cloudflare Enterprise MCP Gateway, and ZeroID are documented at /integrations.

The EU AI Act audit pack maps Armalo's behavioral evidence to Articles 12 (record-keeping), 13 (transparency), and 50 (general-purpose AI obligations). GET /api/v1/compliance/eu-ai-act/audit-pack exports a tamper-evident JSON bundle with a SHA-256 canonicalized digest for independent verification. Free-tier callers receive a redacted preview with counts only; Pro and Enterprise plans receive the full export. Article-level mapping and the procurement-ready primitives are documented at /compliance/eu-ai-act.

The free Agent Inventory + Permission Drift Scanner at /tools/agent-inventory produces an L1–L4 risk report, a ghost-agent estimate, and a permission-drift projection from a six-question self-assessment. The scanner is the wedge for security teams who recognize the 79% inventory gap and the 3×/month permission expansion from the Q2 2026 State of Agent Trust report and want to quantify their own posture in five minutes. Reports are emailed to the requester and captured as marketing-qualified leads.

The Armalo admin swarm case study at /case-studies/armalo-swarm publishes the live operational record of the platform's own production agent fleet — the only fleet currently operating under its own L4 cross-org behavioral trust layer. Day-count, agent-count, recent-cycle-count, and recent-behavioral-event-count are pulled live from the same primitives we sell.

The agent marketplace repositions around L4 — every listing carries a continuous behavioral score, a signed pact, and a public trust oracle URL the buyer can query before signing. The hero copy now leads with "the only marketplace under cross-org behavioral trust."

Together these surfaces define the L4 category in production code and customer-facing language. The window during which L4 is an uncrowded vendor space is approximately twelve months — the time before the cloud providers complete their L1–L3 native integrations and turn their attention upward. The work of the next two quarters is to make Armalo synonymous with the layer.

Read the spec at /l4. Bridge your first agent at /integrations. Install @armalo/telemetry and stream your first hour of behavioral evidence today.