.png&w=828&q=75)
Agent Passport Authority is a safety checkpoint for AI agents before they receive tool permissions. It works like a passport office or airport bag-check desk for agents: every agent must submit what it does, what data it handles, and which tools or permissions it wants. The system then reviews the request through multiple specialist agents: a Security Probe, Capability Verifier, Compliance Agent, and final Passport Authority. Safe, least-privilege workflows are approved quickly. Risky workflows can receive conditional approval with dangerous permissions blocked. Clearly malicious requests, such as credential theft, phishing, hidden webhooks, audit-log deletion, data exfiltration, or destructive automation, are rejected. The project includes a live frontend, FastAPI backend, SQLite request store, Band.ai multi-agent orchestration, and a fast local safety fallback so demos do not hang if remote agents are slow. Each review produces a final passport decision with trust score, approved permissions, blocked permissions, and rationale.
19 Jun 2026

AI agents need current public web data, but enterprises cannot let unmanaged agents browse freely. Agents can hit blocked sites, burn proxy budgets, follow unsafe domains, ingest hidden prompt injections, and produce business recommendations without source-level auditability. WebSentry AI is a governed control plane for live-web AI agents. Every investigation runs through a policy engine that checks approved domains, budget limits, request telemetry, Bright Data product routing, and page-level adversarial content before the evidence reaches the LLM. The demo focuses on GTM intelligence. A user enters a target company, competitors, focus areas, domain policy, budget, and risk tolerance. WebSentry discovers pricing, hiring, launch, and positioning sources through Bright Data SERP API, fetches approved pages through Bright Data Web Unlocker, scans content for hidden agent instructions, and generates a citation-backed competitive brief through AI/ML API. Bright Data is load-bearing. SERP API powers real-time discovery, Web Unlocker handles reliable public page access, and the UI presents the workflow as an observable agent tool timeline. If credentials are unavailable during judging, deterministic demo mode preserves the exact same policy, risk, audit, and brief flow.
31 May 2026

Cascade helps teams see merge risk before production. Most AI coding tools only see a snippet; Cascade is built around IBM Bob Shell running non‑interactively on the server, fed a strict CASCADE‑ARCHITECT prompt so the agent can reason with real repository context (diff + curated file snapshots) and return validated JSON describing changed symbols, downstream impacts, severity, and suggested regression tests. The product is a Next.js “blast radius observatory”: users can run preset scenarios from a bundled demo monorepo, paste any unified diff, or paste a public GitHub PR URL to fetch the PR patch plus head‑branch file contents for context. The UI streams status, trace, and partial structured output over Server‑Sent Events, then renders an impact table once the response passes a Zod schema—so demos stay honest and failures are explicit (for example when Bob isn’t installed in an environment). For the hackathon, Cascade demonstrates Bob as a practical dev partner: it automates a workflow engineers already dread—estimating blast radius on PRs—and makes the result reviewable, shareable, and demo‑safe. The same architecture can extend to private repos with a token, stricter context limits, or a dedicated host where Bob Shell is available end‑to‑end.
17 May 2026