Parameter-bound HITL for agent authorization

A reference implementation in 2000 lines of Python. Parameter binding closes the drift attack; consent atomicity, independent consent surface, and destination gating make four necessary and sufficient constraints for agent delegation.

May 26, 2026 · 19 min · 3967 words · Dan Jacobsen

Consent atomicity: the trap most agent-authorization designs fall into

The single-use property has two layers. Almost every published design enforces the wrong one. About thirty lines closes the gap.

May 26, 2026 · 5 min · 899 words · Dan Jacobsen

Inside the A2A↔MCP bridge: a code-anchored walkthrough

A code-anchored walkthrough of how a2a-mcp-bridge-reference realises the security core (Vault delegation) and the two carriers that move a signed approval to the human and back: single-domain MCP elicitation emission, now implemented, and multi-domain A2A across agents.

May 26, 2026 · 15 min · 3004 words · Dan Jacobsen