TKeeper – policy-governed, signed intents for autonomous systems

As autonomous systems evolve (we see what AI agents are doing now), we open-sourced TKeeper, which allows you to build guardrails around their actions using typed intents, policy checks, and cryptographic proofs.

It allows you to restrict and audit AI agent workflows, blockchain operations, certificate issuance, and any actions that can be expressed as a structured intent.

In simple terms, the proposed interaction looks like this:

1. Machine sends an intent to TKeeper. 2. TKeeper understands the request, executes the policies, and if everything is OK, signs the action (in the case of blockchain operations, this is a transaction signature). 3. The signed intent is sent by the machine to the backend. 4. Backend verifies signature and does its job.

This mechanism makes all "permissions" for actions intent-bound, so we believe it is very effective against LLM06: Excessive Agency, if its primary use case is guardrailing AI.

We also believe that concentrated risks are greatly underestimated, so TKeeper is based on multi-party computation based threshold schemes.

This means that with a quorum setup, it can withstand up to t-1 compromises, allowing risk sharing between or within organizations. For the fastest time to market, you can deploy 1-of-1 setup and then promote it to t-of-n.

Additionally, the following features are built-in: 1. Audit logging & Asset inventory 2. Four-eye control for keys that require human verification. 3. The entire key lifecycle follows the canons: rotation, destruction, and resharing.

Feedback is greatly appreciated :')