Thebe Protocol

AI agents move fast but lack enforceable controls. Thebe is open-source HTTPS for agents: a verification layer with guardrails, intent matching, and crypto proofs between your agent and APIs.

Comment

Thebe Protocol

Inspiration

AI agents are transforming enterprise operations, but execution-time risk is freezing adoption. Enterprises face \$500M+ paused deployments because no solution enforces intent, spend, and scope at the moment of action.

My experience building Kiroween (The Haunted Kraal) with Kiro and production systems like ProcureFlow revealed the gap: AI-first development works beautifully, but production needs verification layers agents cannot bypass. CISOs demand cryptographic proof that agents cannot take irreversible actions. Thebe was born: "SSL for autonomous systems".

What it does

Thebe Protocol is an open standard for enforceable agent intent. It sits between agents and APIs, guaranteeing every action matches human authorization:

Human Goal → Agent → THEBE → Protected API
                ↓ 3-Layer Verification

Three unbreakable layers:

  • Guardrails (OPA): Hard spend/scope limits
  • Intent Match: Cryptographic goal verification
  • Proof Tokens (JWT+DPoP): 60s delegation chain

Result: Companies define rules agents physically cannot break.

Live demo: "Book flights <R5k" → Agent attempts R6k → BLOCKED (42ms)

How we built it

Built spec-first with Kiro, leveraging patterns from Kiroween (vibe-coding game) and ProcureFlow (production procurement):

1. KIRO SPECS → Protocol design (VDP standard)
2. LangGraph + OpenFGA → Battle-tested primitives  
3. JWT + DPoP → Crypto proofs (60s tokens)
4. JNB nodes → 42ms latency (Randburg)

30-second integration:

npm i thebe-protocol
thebe.enforce("max_spend:500", intent="book flights")

Agent-native design: Works with LangGraph, CrewAI, OpenClaw—zero-config.

Challenges we ran into

  1. Semantic drift: Agents hallucinate (73% intent mismatch)
Solution: SIAE vector embeddings (92% accuracy)
  1. Framework chaos: LangGraph ≠ CrewAI ≠ OpenClaw
Solution: Protocol abstraction (npm/pip packages)
  1. Crypto complexity: JWT fatigue in enterprises
Solution: JWT+DPoP tokens (auditor-approved)
  1. Latency: Security cannot slow agents
Challenge: 42ms end-to-end (JNB deployment)

Accomplishments that we're proud of

Open standard: MIT Lisense → inspectable security ✅ Universal: LangGraph/OpenClaw compatible ✅ Kiro-powered: Spec-first → flawless execution ✅ African innovation: Randburg-built, globally relevant

What we learned

  1. Kiro excels at spec-first—production protocols emerge naturally
  2. Execution-time > prompt-time control (enterprises pay for this)
  3. 42ms = table stakes for real agent deployments
  4. OpenFGA + JWT+DPoP = perfect security primitives
  5. Protocol abstraction solves framework wars

What's next for Thebe Protocol

Q2 2026: OpenClaw adapter (OSS)
Q3 2026: Cloud deployment (JNB fintech) 
Q4 2026: Executive Certification
2027:   Category-standard status

Pre-seed raise: \$2.5M to make Thebe the default agent control layer.

Secure by Intent. Built in Africa.

🌐 www.delegant.info
📧 Tseliso@delegant.co.za
📱 +27 83 437 8732
⭐ github.com/bushboy/thebe_protocol

Built With

Share this project:

Updates