Skip to main content

Smoltbot Overview

Smoltbot is a transparent AI agent tracing gateway. It observes your AI agent’s API calls and builds verifiable alignment traces — what decisions were made, what alternatives were considered, and whether behavior matches declared values. Your prompts and responses are never stored. Smoltbot is AAP-compliant and AIP-compliant. It produces structured AP-Traces and runs real-time AIP integrity checks on every agent interaction.

Architecture

smoltbot/
├── cli/          # CLI tool (npm package)
├── gateway/      # Cloudflare Worker — API proxy + tracing
├── observer/     # Cloudflare Worker — trace builder + AAP verification
├── api/          # Cloudflare Worker — REST API
├── dashboard/    # React frontend (legacy, see mnemom-website)
└── database/     # Supabase schema (Postgres)

Request Flow

                    ┌─── /anthropic/* ──→ Anthropic (Claude)
Your App → smoltbot ├─── /openai/*    ──→ OpenAI (GPT-5)
           gateway  └─── /gemini/*    ──→ Google (Gemini)

           CF AI Gateway

           Observer Worker

         AP-Trace + Verify → Supabase

         Dashboard (mnemom.ai)
The system consists of five components:
  1. Gateway — A Cloudflare Worker that intercepts API requests to Anthropic, OpenAI, and Gemini. It identifies your agent via API key hash (zero-config), attaches tracing metadata, injects thinking/reasoning per provider, performs real-time integrity checking, injects conscience nudges, and delivers webhooks. Your prompts and responses pass through unchanged.
  2. Observer — A scheduled Cloudflare Worker that processes AI Gateway logs. It extracts thinking blocks (Anthropic/Gemini) or reasoning summaries (OpenAI) from responses, analyzes decisions with Claude Haiku, builds AP-Traces, verifies them against your agent’s alignment card using the AAP SDK, and runs AIP integrity checks. Creates enforcement nudges when violations are detected.
  3. API — Serves agent data, traces, integrity scores, drift alerts, enforcement status, and a unified conscience timeline. Powers both the CLI and the web dashboard.
  4. CLI — The smoltbot command. Configures your local environment and queries your agent’s transparency data. See the CLI Reference for details.
  5. Dashboard — Web UI at mnemom.ai where you can view the conscience timeline, claim your agent, and monitor alignment.

Supported Providers

ProviderModelsThinking/AIPAuth
AnthropicClaude Opus 4.6, Opus 4.5, Sonnet 4.5Full (thinking blocks)x-api-key
OpenAIGPT-5.2, GPT-5.2 Pro, GPT-5Via reasoning summariesAuthorization: Bearer
GeminiGemini 2.5 Pro, Gemini 3 ProFull (thought parts)x-goog-api-key

What Gets Traced

Smoltbot builds AP-Traces that record:
  • Action — What the agent did (type, name, category)
  • Decision — What alternatives were considered and why one was selected
  • Escalation — Whether the agent escalated to a human and why
  • Verification — Whether the trace is consistent with the agent’s declared alignment card
  • Integrity — Real-time AIP analysis of thinking blocks, with verdict (clear/review_needed/boundary_violation)

What is NOT Stored

Your prompts, responses, and API keys are never stored. Only SHA-256 hashes of API keys are used for agent identification.

AIP Compatibility Matrix

Provider/ModelAIP SupportMethod
Anthropic reasoning models (Opus, Sonnet)FullThinking blocks analyzed directly
OpenAI GPT-5 Thinking seriesPartialReasoning summaries (reduced confidence)
Gemini 2.5/3 with thinkingFullThought parts analyzed directly
Non-reasoning modelsTracing onlySynthetic clear verdict
Legacy OpenAI (o3/o4-mini)UnsupportedReasoning encrypted

Claiming Your Agent

After running smoltbot init, your agent is registered automatically. To link it to your Mnemom account:
  1. Run smoltbot status to get your agent ID
  2. Go to mnemom.ai/claim
  3. Paste your agent ID and prove ownership with your API key hash
Claiming gives you a private dashboard with full trace history, integrity scores, and drift detection.

Current Limitations

  • API key auth only — Agent identification uses API key hashing (SHA-256, works identically across all providers). OAuth and other auth methods are not supported.
  • AIP requires reasoning models — AIP integrity checking requires models with exposed thinking (Anthropic, Gemini, GPT-5 Thinking). Models without thinking get synthetic clear verdicts.
  • Hosted gateway — The default gateway runs on Mnemom infrastructure. Self-hosting is possible but requires manual setup.

Dependencies

Next Steps

CLI Reference

Learn about all CLI commands and usage

Enforcement Modes

Configure how smoltbot responds to violations

Observability

Export traces to your observability platform via OpenTelemetry

EU Compliance

Map AAP/AIP to EU AI Act Article 50 obligations