BUSL-1.1 Β· Free for personal use

Your AI.
Your rules.
Proven.

Halyn sits between your AI agents and your system. Every action intercepted. Every decision auditable. The AI cannot bypass it.

$pip install halyn==2.2.4 && halyn serve

Dashboard at localhost:7420 Β· Nothing leaves your machine

$curl -fsSL https://halyn.dev/install | bash
Halyn Β· Live Feed Β· localhost:7420
3 agents active
Claude CoworkRead /docs/contract.pdfALLOWED14:32:01
GPT-4.1Search quarterly budget 2026ALLOWED14:32:02
Claude CoworkWrite /finances/budget.xlsxALLOWED14:32:03
Claude CoworkSend email β†’ cfo@company.com Β· [approve] [block]BLOCKED14:32:04
// The problem

AI agents act. Nobody watches.

Claude, GPT-4.1, Gemini 3.1 β€” they access your files, send your emails, control your browser. With no independent proof.

πŸ”“

Agents operate in the dark

1,184 malicious AI skills were found in February 2026, exfiltrating API keys and credentials.

πŸ‘

Trust is not accountability

No independent verifiable proof your agent did only what you intended.

βœ“

Halyn proves every action

Every action intercepted, signed, stored in tamper-evident chain. Locally. No cloud.

// Architecture

Three layers. The AI controls none.

Halyn intercepts at the API level, filesystem level, and process level simultaneously.

01

Proxy intercepts API calls

All cloud AI calls pass through a local proxy on 127.0.0.1. Rules apply before the request reaches the provider.

02

Filesystem hooks capture actions

inotify / FSEvents / ReadDirectoryChanges. Every file access captured before execution, on any OS.

03

Isolated process, encrypted audit

Halyn runs as a separate system user. SHA-256 hash chain, AES-256 encrypted. Agents cannot touch it.

04

Human approves or blocks

Flagged actions surface in the dashboard. One click to approve or block. The agent waits.

# Any AI agent
Claude Β· GPT-4.1 Β· Gemini 3.1 Β· Mistral Β· Grok Β· DeepSeek Β· Ollama Β· Any AI
β”‚ β–Ό every action
β”Œβ”€ HALYN LAYER ──────────────┐
β”œ Proxy (API calls)
β”œ Filesystem hooks
β”œ Shield rules (LEX)
β”œ Human consent gate
β”” Audit chain (SHA-256)
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚ β–Ό
βœ“ ALLOWED β†’ executes + proof
βœ— BLOCKED β†’ stopped + proof
// Compatibility

Every agent. One layer.

Cloud, local, agentic β€” Halyn governs them all out of the box.

Claude
GPT-4.1
Gemini 3.1
Mistral
Grok
DeepSeek
Groq
Cohere
Ollama
LM Studio
Jan.ai
llama.cpp
LocalAI
vLLM
OpenClaw
Any MCP
// Open standards

Built on open protocols.

Halyn implements two open protocols. Any system can adopt them independently.

Protocol
Solves
Layer
MCP
Communication
Transport
A2A
Orchestration
Coordination
AAPHalyn
Accountability
Governance
NRPHalyn
Physical safety
Enforcement
AAP

Agent Accountability Protocol

The accountability layer MCP and A2A don’t have. Identity, Provenance, Authorization, Audit.

aap-protocol.devSpec β†’
IdentityProvenanceAuthorizationAuditMIT
NRP

Node Reach Protocol

6 rules no AI can break. Safety standard for agents in physical and connected systems.

nrprotocol.devSpec β†’
ManifestObserveShieldConsentMIT
// Get started

Install in 30 seconds.

No account. No cloud. Your data stays local.

β–Ά Watch DemoView on GitHub β†’Contact β†’