{"id":"madeinplutofabio-pic-standard","name":"pic-standard","homepage":null,"repo_url":"https://github.com/madeinplutofabio/pic-standard","category":"security","subcategories":[],"tags":["agentic-ai","security","provenance","intent-contracts","prompt-injection-mitigation","tool-gating","mcp","langgraph","python","cli","ed25519","offline"],"what_it_does":"PIC (Provenance & Intent Contracts) is a Python library/CLI and integration set that validates structured “action proposals” for AI agents, enforcing fail-closed checks on intent/impact, provenance trust, and evidence (hash/signature) before allowing tool execution.","use_cases":["Guard high-impact tool calls made by LLM agents (payments, irreversible actions, sensitive data access)","Local/offline verification of proposed actions against evidence (SHA-256 hashes, Ed25519 signatures)","Tool-gating integration for agent frameworks (LangGraph, MCP) to block unsafe or unproven actions","Building an internal safety “action boundary” layer for agentic systems"],"not_for":["Not a general-purpose policy engine for all application logic (it specifically validates PIC action proposals)","Not a replacement for secure tool implementations or backend authorization controls","Not intended to manage real payment/identity security by itself (it gates agent-side intent/evidence)"],"best_when":"You have agent workflows where side effects must be authorized based on verifiable provenance/evidence, and you want fail-closed gating at the tool execution boundary.","avoid_when":"You cannot supply any trustworthy provenance/evidence (because PIC will likely block). Avoid where you need complex, stateful, domain-specific authorization that PIC does not model.","alternatives":["OpenAI tool/function calling with your own policy layer","OPA/Rego-based authorization for tool calls","Custom JSON-schema validation + signature verification for action requests","Other agent guardrail frameworks (framework-specific moderation/guardrails)","Model Context Protocol tool gateways with your own validation layer"],"af_score":60.0,"security_score":59.5,"reliability_score":31.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:38:53.893358+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["Python"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Local trust/keyring for signature verification (Ed25519)","Optional HTTP bridge for /verify requests (authentication not described)","Optional key resolver interface for custom trust backends"],"oauth":false,"scopes":false,"notes":"The README describes a local-first trust keyring for verifying signature evidence (not user authentication/authorization). Authentication for the optional HTTP bridge and MCP integration is not specified in the provided content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"As an Apache-2.0 Python package, it appears to be open-source and local; no hosted pricing is mentioned."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":60.0,"security_score":59.5,"reliability_score":31.2,"mcp_server_quality":45.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":90.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":55.0,"scope_granularity":50.0,"dependency_hygiene":65.0,"secret_handling":70.0,"security_notes":"Strengths: fail-closed action gating; explicit evidence verification options (SHA-256 hashes, Ed25519 signatures) and a trust keyring with expiry/revocation support; local-first design to avoid data leaving the machine. Uncertainties: provided content does not specify HTTP server authentication/TLS requirements or detailed key storage/secret handling; scope granularity and operational authorization beyond evidence/provenance are not fully specified.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":30.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["PIC enforces fail-closed for high-impact proposals when trusted provenance/evidence is missing; agents may need to be adapted to produce richer Action Proposal JSON.","Signature evidence verification depends on having a correct trusted keyring/resolver configured; otherwise actions will be blocked."]}}