NotaryOS creates tamper-evident, Ed25519-signed receipts for AI agent actions. Each receipt is SHA-256 hash-chained to the previous one, so modifying any entry breaks the chain — pinpointing the exact tampered receipt.
The feature I'm most curious about HN's take on: counterfactual receipts. These prove an agent considered actions {A, B, C}, had the capability to execute all three, and actively rejected B and C at time T. Uses a commit-reveal protocol so the decision is locked before the outcome is known.
Example: agent receives a "delete all user data" instruction, evaluates it against policy constraints, and refuses. The receipt cryptographically proves the decision surface was bounded — verifiable evidence of restraint, not just absence of evidence of harm.
Try it:
pip install notaryos # v2.0
npm install notaryos # v2.0
curl -s https://api.agenttownsquare.com/v1/notary/status | python3 -m json.tool
Some context: I'm not a programmer by background — I'm an infrastructure/ops founder who was building a protocol for secure multi-agent communication and realized I'd accidentally built something else entirely. NotaryOS started as a test of that protocol engine in a real deployment. It worked. 350+ unique clones on GitHub with zero stars or comments, which I take to mean the tool is useful but nobody knows it exists. Posting here to change that.
This is a beta — payments aren't wired up yet, free tier is open. An honest open question: how do you prove the counterfactual set is complete? If an agent omits option D from its decision surface, the receipt proves it didn't choose D — not that D wasn't possible. I think this is a fundamental bound. Would value HN's thoughts.