nobulex-mcp-server
Provides GitHub repository hosting for the Nobulex project, including source code, documentation, and issue tracking for the proof-of-behavior protocol.
Hosts the Nobulex repository with CI/CD workflows, documentation, and community collaboration features for the proof-of-behavior protocol development.
Provides drop-in compliance middleware for LangChain, allowing behavioral rule enforcement and cryptographic proof of agent actions within LangChain applications.
Provides npm package distribution for the Nobulex SDK and related packages, enabling installation and integration via npm ecosystem.
Provides PyPI distribution for langchain-nobulex package, enabling Python developers to integrate proof-of-behavior verification into LangChain applications.
Provides TypeScript SDK and packages for implementing proof-of-behavior protocol, with strict TypeScript support for type-safe behavioral rule definition and verification.
Nobulex
The proof-of-behavior protocol for autonomous AI agents.
Every AI agent makes promises — "I won't transfer more than $500," "I'll only access approved APIs," "I won't touch production data." But today, there's no way to prove an agent kept those promises. Logs are written by the same software being audited. Compliance is asserted, never proven.
Nobulex changes that. Define behavioral rules. Enforce them before execution. Prove compliance with cryptography, not trust.
What is Proof-of-Behavior?
You can't audit a neural network. But you can audit actions against stated commitments.
verify(covenant, actionLog) → { compliant: boolean, violations: Violation[] }This is always decidable, always deterministic, always efficient. No ML, no heuristics — mathematical proof.
Proof-of-behavior means every autonomous agent action is:
Declared — behavioral rules defined before deployment in a formal language
Enforced — violations blocked at runtime, before execution
Proven — every action hash-chained into a tamper-evident audit trail that third parties can independently verify
Quick Start
npm install @nobulex/sdkimport { createDID } from '@nobulex/identity';
import { parseSource } from '@nobulex/covenant-lang';
import { EnforcementMiddleware } from '@nobulex/middleware';
import { verify } from '@nobulex/verification';
// 1. Create an agent identity
const agent = await createDID();
// 2. Write behavioral rules
const spec = parseSource(`
covenant SafeTrader {
permit read;
permit transfer (amount <= 500);
forbid transfer (amount > 500);
forbid delete;
}
`);
// 3. Enforce at runtime
const mw = new EnforcementMiddleware({ agentDid: agent.did, spec });
// $300 transfer — allowed
await mw.execute(
{ action: 'transfer', params: { amount: 300 } },
async () => ({ success: true }),
);
// $600 transfer — BLOCKED before execution
await mw.execute(
{ action: 'transfer', params: { amount: 600 } },
async () => ({ success: true }), // never runs
);
// 4. Prove compliance
const result = verify(spec, mw.getLog());
console.log(result.compliant); // true
console.log(result.violations); // []Cross-Agent Verification Handshake
Before two agents transact, they verify each other's proof-of-behavior. No proof, no transaction.
import { generateProof, verifyCounterparty } from '@nobulex/sdk';
// Agent A generates its proof-of-behavior
const proof = await generateProof({
identity: agentA,
covenant: spec,
actionLog: middleware.getLog(),
});
// Agent B verifies Agent A before transacting
const result = await verifyCounterparty(proof);
if (!result.trusted) {
console.log('Refusing transaction:', result.reason);
return; // No proof, no transaction
}
// Safe to transact — Agent A is verified
await executeTransaction(proof.agentDid, amount);The handshake checks six things in order: covenant signature, proof signature, log integrity, compliance, minimum history, and required covenant. If any check fails, the transaction is refused.
Why Proof-of-Behavior Matters
What exists today | What's missing |
Guardrails filter prompts and outputs | No proof the agent followed rules at the action layer |
Monitoring watches what agents do after the fact | No enforcement before execution |
Identity verifies who the agent is | No verification of what the agent did |
Governance platforms provide dashboards and policies | No cryptographic evidence a third party can independently verify |
Proof-of-behavior fills the gap: declare → enforce → prove.
The Covenant DSL
covenant SafeTrader {
permit read;
permit transfer (amount <= 500);
forbid transfer (amount > 500);
forbid delete;
require counterparty.compliance_score >= 0.8;
}Forbid wins. If any forbid matches, the action is immediately blocked regardless of permits. Default deny for unmatched actions. Conditions support >, <, >=, <=, ==, != on numeric, string, and boolean fields.
Three keywords. No configuration files. No YAML. No JSON schemas. Just rules.
Architecture
┌─────────────────────────────────────────────────────────────┐
│ Platform │
│ cli · sdk · mcp-server │
├─────────────────────────────────────────────────────────────┤
│ Proof-of-Behavior Stack │
│ │
│ ┌──────────┐ ┌──────────────┐ ┌────────────┐ │
│ │ identity │ │ covenant-lang│ │ action-log │ │
│ │ (DID) │ │ (DSL) │ │(hash-chain)│ │
│ └──────────┘ └──────────────┘ └────────────┘ │
│ │
│ ┌────────────┐ ┌──────────────┐ ┌───────────────┐ │
│ │ middleware │ │ verification │ │ composability │ │
│ │(pre-exec) │ │ (post-hoc) │ │(trust graph) │ │
│ └────────────┘ └──────────────┘ └───────────────┘ │
├─────────────────────────────────────────────────────────────┤
│ Foundation │
│ core-types · crypto · types │
└─────────────────────────────────────────────────────────────┘Core Packages
Package | What It Does |
W3C DID creation with Ed25519 keys | |
Cedar-inspired DSL: lexer, parser, compiler | |
SHA-256 hash-chained tamper-evident log with Merkle proofs | |
Pre-execution enforcement — blocks violations before they run | |
Deterministic compliance verification | |
Unified API combining all primitives | |
MCP compliance server for any MCP-compatible agent | |
Command-line: | |
LangChain middleware integration (PyPI) |
Integrations
npm —
npm install @nobulex/sdkPyPI —
pip install langchain-nobulexMCP —
npx @nobulex/mcp-server(works with Claude Desktop, Cursor, VS Code)LangChain — drop-in compliance middleware
ElizaOS — plugin for actions, evaluators, providers
Conceptual Comparison
Bitcoin | Ethereum | Nobulex | |
What it verifies | Monetary transfers | Contract execution | Agent behavior |
Mechanism | Proof of Work | Proof of Stake | Proof of Behavior |
What's proven | Transaction validity | State transitions | Behavioral compliance |
Guarantee | Trustless money | Trustless contracts | Trustless agents |
Live Demo
npx tsx demo/covenant-demo.tsCreates two agents, defines behavioral rules, enforces at runtime, blocks a forbidden transfer, and cryptographically verifies compliance — all in one script.
Development
git clone https://github.com/arian-gogani/nobulex.git
cd nobulex
npm install
npx vitest run # 4,237 tests, 80 files, 0 failuresDocumentation
Proof-of-Behavior Spec — Formal standard specification (CC-BY-4.0)
White Paper — Formal protocol specification
Getting Started — Developer guide
NIST RFI Response — Formal comments to NIST AI Agent Standards Initiative
Links
Website: nobulex.com
npm: @nobulex
PyPI: langchain-nobulex
NIST: Docket NIST-2025-0035 (public comment submitted)
License
MIT — use it for anything.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/arian-gogani/nobulex'
If you have feedback or need assistance with the MCP directory API, please join our Discord server