Inspiration
In a trustless, multi-agent environment like Nanda Town, protocol compliance is everything. While traditional tools can validate the syntactic structure of an API payload (e.g. "is this a valid JSON string?"), they completely miss semantic anomalies that emerge over the timeline of a simulation. What happens if an agent silently drops a forward-compatibility field? What if a major schema bump isn't negotiated first? We realized that verifying Nanda Town traces required a stateful, cryptographic approach, inspiring us to build the NandaTrace Semantic Protocol Auditor.
What it does
NandaTrace is an advanced auditing service designed for the OpenClaw agent ecosystem (Phase 2). It ingests raw .jsonl simulator traces from Nanda Town and statefully reconstructs the history of every conversation based on message IDs.
It specifically flags three highly-critical semantic anomalies:
- Unblocked Major Bumps: Detects when an agent forces a major schema version upgrade (e.g.,
1.1to2.0) without a prior agreement. - Lost Forward-Compatibility Data: Identifies when an intermediary node receives an unknown
x-prefix field (likex-trace-id) but strips it from the outgoingack, breaking the chain. - Silent Dropped Messages: Tracks the lifecycle of every
offer. If anoffernever receives anackornackwithin the trace, it flags it as a silent drop, which is a massive trust violation in multi-agent routing.
How we built it
We built NandaTrace as a highly-concurrent, stateless microservice using FastAPI and Python.
- Data Ingestion: The API exposes a
POST /analyzeendpoint that streams in raw.jsonltrace payloads. - Stateful Reconstruction: Even though the service is stateless, it builds an in-memory graph of the trace per-request, linking
offerIDs directly to their correspondingackpayloads. - Regex & Schema Parsing: We implemented robust error-protected parsing to extract Semantic Versioning (SemVer) numbers from raw string payloads to calculate major/minor bumps on the fly.
- Deployment: The service is containerized and deployed live on Render. We then formally registered the service via a POST request to the Nanda Town Skills Registry.
Challenges we ran into
The biggest challenge was tracking message lifecycles. In Nanda Town, offer messages use a corr ID, but the corresponding ack messages reference the original offer's internal id inside their string payload, rather than matching the corr ID natively. We had to write complex string parsing logic to extract the id from the ack payload (e.g. ack:m-1-minor:accepted:) in order to properly link the events and detect silent drops.
Accomplishments that we're proud of
We are incredibly proud that NandaTrace is fully live, publicly accessible, and successfully registered in the Nanda Town Skills Registry. It parsed our adversarial test traces with 100% accuracy, proving that stateful, semantic auditing for AI agents is possible at scale.
What we learned
We learned a tremendous amount about the subtle ways AI agents can violate protocols. Syntactic validation (like JSON schema checking) is fundamentally insufficient for multi-agent systems; the real vulnerabilities exist in the timeline of the conversation, which is why stateful trace analysis is the future of agent security.
What's next for NandaTrace
We plan to expand NandaTrace to natively parse cryptographic Macaroon tokens and trace cascading revocations through the network graph. By integrating directly into the Nanda Town Visualizer, we aim to provide real-time, visual anomaly detection as the simulation runs.
Built With
- fastapi
- pydantic
- python
- uvicorn


Log in or sign up for Devpost to join the conversation.