Spaces:
Sleeping
Sleeping
| title: AANA Demo | |
| sdk: gradio | |
| app_file: app.py | |
| license: mit | |
| python_version: "3.11" | |
| short_description: Try AANA's pre-action agent control layer. | |
| pinned: false | |
| # Try AANA In 2 Minutes | |
| This local Hugging Face Space artifact is the repo-owned source for the public | |
| "try AANA" demo. It accepts the frozen Agent Action Contract v1 fields and | |
| returns the same route decision used by the Python SDK, FastAPI service, and MCP | |
| tool. | |
| AANA is a pre-action control layer for AI agents: agents propose actions, AANA checks evidence/auth/risk, and tools execute only when the route is accept. | |
| Core runtime pattern: | |
| ```text | |
| agent proposes -> AANA checks -> tool executes only if route == accept | |
| ``` | |
| What this demonstrates: an agent proposes a tool call. AANA checks | |
| evidence/auth/risk. The tool only executes if the route is `accept`. | |
| How to test it: pick an example, click `Check With AANA`, then inspect the | |
| route and executor proof. | |
| Reviewer checklist: | |
| - `accept` allows execution | |
| - `ask`, `defer`, and `refuse` block execution | |
| - missing auth/evidence becomes a blocker | |
| - audit-safe event is emitted | |
| - a bad runtime recommendation can be overridden | |
| Contrast: a plain permissive agent would execute the proposed tool call. AANA | |
| blocks unless the contract is satisfied. | |
| This is the difference reviewers should inspect: AANA turns pre-tool safety into | |
| a typed contract, route table, hard execution rule, and audit-safe decision | |
| event instead of relying only on prompts, classifiers, LLM judges, or | |
| framework-specific middleware. | |
| Frozen required fields: | |
| - `tool_name` | |
| - `tool_category` | |
| - `authorization_state` | |
| - `evidence_refs` | |
| - `risk_domain` | |
| - `proposed_arguments` | |
| - `recommended_route` | |
| The Space calls `aana.check_tool_call` with these fields and displays: | |
| - route: `accept`, `ask`, `defer`, or `refuse` | |
| - AIx score | |
| - hard blockers | |
| - missing evidence | |
| - authorization state | |
| - recovery guidance | |
| - audit-safe log event | |
| - blocked-tool non-execution proof from a synthetic executor | |
| The synthetic executor is intentionally safe: it records that it would have run | |
| only when AANA returns `accept`. It cannot send, delete, purchase, deploy, | |
| export, or access private data. | |
| Public evidence links: | |
| - Model card: https://huggingface.co/mindbomber/aana | |
| - Peer-review evidence pack: https://huggingface.co/datasets/mindbomber/aana-peer-review-evidence-pack | |
| - Public artifact hub: https://huggingface.co/collections/mindbomber/aana-public-artifact-hub-69fecc99df04ae6ed6dbc6c4 | |
| - Short technical report: https://github.com/mindbomber/Alignment-Aware-Neural-Architecture--AANA-/blob/master/docs/aana-pre-action-control-layer-technical-report.md | |
| Peer-review request: | |
| - Are routes correct? | |
| - Are false positives acceptable? | |
| - Is evidence handling sufficient? | |
| - Does this generalize beyond examples? | |
| Please post critique in the Space discussion: | |
| https://huggingface.co/spaces/mindbomber/aana-demo/discussions/1 | |
| Current diagnostic boundary: safety/adversarial prompt routing is useful but | |
| incomplete, FinanceBench-style QA evidence routing is controlled and not an | |
| official leaderboard claim, and governance/compliance routing is diagnostic | |
| rather than legal, regulatory, or platform-policy certification. | |
| Integration validation v1 is now included in the evidence pack: held-out | |
| tool-call cases validate route parity, blocked-tool non-execution, | |
| decision-shape parity, audit completeness, and schema behavior across CLI, SDK, | |
| FastAPI, MCP, and middleware surfaces. | |