What can you do with this server?

This server provides AI agent behavioral governance through covenant-based rules, runtime enforcement, and cryptographically verifiable audit trails. * Set Covenant Rules (set_rules): Define behavioral policies using permit, forbid, and require syntax (e.g., 'forbid delete_user', 'permit read_data'), establishing what actions are allowed or blocked. * Check Action Compliance (check_action): Evaluate whether a specific action (with optional parameters) is permitted or blocked under the active rules, enabling pre-execution enforcement before an action runs. * Retrieve Audit Log (get_audit_log): Fetch the full hash-chained audit trail of all compliance checks, providing a tamper-evident history of every action evaluation. * Verify Log Integrity (verify_log): Independently verify the cryptographic integrity of the audit log to detect any tampering, ensuring the trustworthiness of the agent's behavioral history.

Which integrations are available for this server?

Provides GitHub repository hosting for the Nobulex project, including source code, documentation, and issue tracking for the proof-of-behavior protocol. Hosts the Nobulex repository with CI/CD workflows, documentation, and community collaboration features for the proof-of-behavior protocol development. Provides drop-in compliance middleware for LangChain, allowing behavioral rule enforcement and cryptographic proof of agent actions within LangChain applications. Provides npm package distribution for the Nobulex SDK and related packages, enabling installation and integration via npm ecosystem. Provides PyPI distribution for langchain-nobulex package, enabling Python developers to integrate proof-of-behavior verification into LangChain applications. Provides TypeScript SDK and packages for implementing proof-of-behavior protocol, with strict TypeScript support for type-safe behavioral rule definition and verification.

de en es ja ko ru zh

nobulex-mcp-server

by arian-gogani

Overview Schema Related Servers Score Discussions

TypeScript

Remote

OpenSSF PyPI npm License Spec

Every person has a credit score. Every business has one. AI agents have nothing.

Nobulex is the credit and trust protocol for autonomous AI agents. Agents earn Trust Capital through verified behavior. Higher trust, more access. Autonomy earned, not granted.

Website · Try it live · Quickstart · Spec · PyPI · npm

Break the AI. Win $7,400.
Five AI agents, each with rules they must not break. Make them violate their own rules. Beat Level 5 to claim the bounty. 29 attempts, 0 winners so far.
Enter the Arena →

Install

pip install nobulex

npm install @nobulex/core

from nobulex.agent import Agent
agent = Agent("my-agent")
receipt = agent.act("send_email", scope="user@example.com")
assert receipt.verify()  # tamper-proof

Related MCP server: DCL Evaluator

How it works

Every agent action produces a cryptographic receipt -- Ed25519 signed before and after execution, hash-chained for tamper evidence. A third party can verify the full history without trusting the agent or the operator.

Here is the whole idea in one run (python -m nobulex demo):

generated 3 receipts
  allow: 141ca2947a7e819b8bdebbf8... verified=True
  allow: f3377758ac94d812535cbb99... verified=True
  deny:  85b2dfd6b87f2678795726e4... verified=True
trust score: 23.26

tamper test:
  modified receipt verified=False   (tamper detected)

Change one byte of a receipt and verification fails. That is the whole guarantee.

Performance: ~13,683 signed receipts/sec at p50 (Python SDK, single core). Full signed-and-chained receipt takes ~73 μs end-to-end. See BENCHMARKS.md for the full breakdown; reproduce with python3 scripts/benchmark.py.

Receipts accumulate into Trust Capital -- a credit score for the agent.

Tier	Trust Capital	Access Level
Restricted	0 -- 30	Read-only, sandboxed execution
Standard	30 -- 60	Financial ops up to $500, API access
Trusted	60 -- 85	Cross-org operations, regulated markets
Sovereign	85+	Full autonomy, self-directed

Agents that create more value earn more access. Agents that deviate get cut off automatically. Not as punishment -- as math.

Quick start

Python (recommended for AI agents)

# Install from source (PyPI coming soon)
pip install git+https://github.com/arian-gogani/nobulex.git#subdirectory=packages/python

# Or try the CLI demo instantly
git clone https://github.com/arian-gogani/nobulex.git
cd nobulex/packages/python
pip install -e .
python -m nobulex demo

from nobulex import Agent

agent = Agent("my-agent")
receipt = agent.act("send_email", scope="user@example.com")
assert receipt.verify()       # Cryptographic proof
print(agent.trust_score)      # Trust Capital: 13.86

LangChain integration (2 lines)

from nobulex.langchain import NobuReceipts
wrapped = NobuReceipts.wrap(your_agent, "my-agent")
# Every tool call now generates a tamper-proof receipt

JavaScript / TypeScript

npm install @nobulex/core
npx tsx examples/trust-capital-demo.ts

Agent starts at RESTRICTED tier (Trust Capital: 0)

Action 1: read_data       — ALLOWED   (Trust Capital: 12)
Action 2: read_data       — ALLOWED   (Trust Capital: 24)
Action 3: process_payment — BLOCKED   (insufficient trust)
Action 4: read_data       — ALLOWED   (Trust Capital: 36)
Action 5: read_data       — ALLOWED   (Trust Capital: 48)

Agent promoted to STANDARD tier
Action 6: process_payment — ALLOWED   (Trust Capital: 65)

Agent promoted to TRUSTED tier (Trust Capital: 89)
Action 8: approve_contract — ALLOWED

The protocol

DECLARE ──► ENFORCE ──► PROVE ──► ACCUMULATE

Covenant      Pre-execution     Receipt chain     Trust Capital
defines       receipt blocks    verified by       earned over
the rules     violations        third parties     time
              before they
              happen                              ──► more access
                                                      ──► more receipts
                                                           ──► higher trust

The flywheel: more Trust Capital leads to more valuable work, which produces more receipts, which builds higher Trust Capital. Accountability becomes the most profitable strategy.

Code

import { createDID, parseSource, EnforcementMiddleware, verify } from '@nobulex/core';

const agent = await createDID();
const spec = parseSource(`
  covenant SafeTrader {
    permit read;
    permit transfer (amount <= 500);
    forbid transfer (amount > 500);
    forbid delete;
  }
`);

const mw = new EnforcementMiddleware({ agentDid: agent.did, spec });

await mw.execute(
  { action: 'transfer', params: { amount: 300 } },  // allowed
  async () => ({ success: true }),
);

await mw.execute(
  { action: 'transfer', params: { amount: 600 } },  // BLOCKED before execution
  async () => ({ success: true }),                    // never runs
);

const result = verify(spec, mw.getLog());
console.log(result.compliant);   // true

Traction

Independent, verifiable signals (each links to evidence):

	What	Evidence
	OWASP CheatSheetSeries	Sections 8-11 (JCS canonicalization, cross-agent accountability, sanctions-list freshness, regulatory mapping) merged into master by Jim Manico, Jun 2026 (PR #2210)
	vaara v0.50	Independent third-party adoption — Henri Sirkkavaara shipped EU AI Act Article 12 audit trails citing the nobulex signed-receipt design (GitHub)
	Dify Marketplace	Plugin PR open on 60,000+ star platform (PR #2500). LangGenius Community Operations confirmed architecture is sound and Trust Capital is genuinely differentiated.
	Microsoft AI Agents for Beginners	PR open to add nobulex as the Python production receipt library in Lesson 18 — Securing AI Agents with Cryptographic Receipts (PR #571)
	AgentAudit AI	Five-point integration partnership active. Signed specimen receipt verifies end-to-end in 10 lines of Python (fixture)
	Microsoft AGT	Listed in ADOPTERS (PR merged by Microsoft maintainers)
	builderz-labs / mission-control	Cross-session Trust Capital RFC accepted as open issue; TypeScript reference implementation delivered

EU AI Act Article 12 enforcement: August 2, 2026.

Why now

AI agents are being deployed into production with no accountability infrastructure.

86% of AI agents deployed without security approval (CSA, 2026)
UUMit launched the first A2A marketplace with zero identity verification
$138B+ committed to physical AI with zero accountability layer
Top models score 10-15% on real problems (LemmaBench) with zero traceability on failure

The agents are deployed. The money is flowing. The accountability infrastructure doesn't exist yet. We're building it.

Standards

Standard	Status
Proof-of-Behavior spec	`draft-gogani-nobulex-proof-of-behavior-00`
Microsoft AGT	Listed in ADOPTERS (PR merged)
CTEF v0.3.2	14/14 byte-match conformance
A2A Protocol	Receipt row proposed; URN scheme `urn:nobulex:receipt:<id>`
NIST RFI	Formal comments submitted

Development

git clone https://github.com/arian-gogani/nobulex.git
cd nobulex && npm install
npx vitest run              # tests
npx tsx examples/demo.ts    # end-to-end
npx tsx benchmarks/bench.ts # benchmarks

Website · Try it · npm · Spec · X @nobulexlabs

Star this repo to follow the project

MIT License

Install Server

license - permissive license

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

1dResponse time

6wRelease cycle

2Releases (12mo)

Commit activity

Issues opened vs closed

Resources

GitHub Repository

Need Help?

Related Servers

Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/arian-gogani/nobulex'

If you have feedback or need assistance with the MCP directory API, please join our Discord server