mcp-nervous-system 1.11.0 → 1.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -231
- package/aram.manifest.yaml +22 -0
- package/corona.manifest.yaml +22 -0
- package/harout.manifest.yaml +22 -0
- package/harry.manifest.yaml +22 -0
- package/index.js +6 -6
- package/kris.manifest.yaml +22 -0
- package/lady.manifest.yaml +24 -0
- package/lib/mcp-audit.js +184 -0
- package/lily.manifest.yaml +22 -0
- package/lou.manifest.yaml +24 -0
- package/mcp-nervous-system.js +6 -6
- package/nick.manifest.yaml +22 -0
- package/package.json +2 -2
- package/roman.manifest.yaml +22 -0
- package/server.js +19 -2
- package/server.js.bak-0707-h123 +1666 -0
- package/smoke-test.js +49 -5
- package/soriano.manifest.yaml +22 -0
- package/spartak.manifest.yaml +22 -0
- package/stdio.js +26 -6
- package/tamara.manifest.yaml +24 -0
- package/README.md.bak.1773425049 +0 -218
- package/package.json.bak.1773425049 +0 -48
package/README.md
CHANGED
|
@@ -1,239 +1,32 @@
|
|
|
1
|
-
#
|
|
1
|
+
# Agent Manifests
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
The following manifest files define governance settings for each agent:
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
- `tamara.manifest.yaml` - Oversees multi-agent operations with elevated permissions and reliability controls.
|
|
6
|
+
- `lily.manifest.yaml` - Guides users with public-facing coaching plans and motivational feedback.
|
|
7
|
+
- `kris.manifest.yaml` - Analyzes business credit signals and flags potential financial risk patterns.
|
|
8
|
+
- `aram.manifest.yaml` - Provides legal guidance under strict escalation and compliance boundaries.
|
|
9
|
+
- `harry.manifest.yaml` - Handles strict financial data workflows for bookkeeping and reconciliations.
|
|
10
|
+
- `harout.manifest.yaml` - Supports client-facing real estate workflows for listings and buyer matching.
|
|
11
|
+
- `roman.manifest.yaml` - Creates educational content and lesson structures for clear learning outcomes.
|
|
12
|
+
- `lou.manifest.yaml` - Finds grant opportunities and synthesizes eligibility and deadline requirements.
|
|
13
|
+
- `spartak.manifest.yaml` - Translates multilingual content accurately while preserving tone and intent.
|
|
14
|
+
- `nick.manifest.yaml` - Delivers advanced training workflows with restricted data and access controls.
|
|
15
|
+
- `corona.manifest.yaml` - Develops creative real estate concepts, campaigns, and positioning strategies.
|
|
16
|
+
- `soriano.manifest.yaml` - Designs youth empowerment programs with supportive coaching and resource guidance.
|
|
17
|
+
- `lady.manifest.yaml` - Executes parallel workstreams across five lanes with synchronized delivery control.
|
|
6
18
|
|
|
7
|
-
|
|
8
|
-
npx mcp-nervous-system
|
|
9
|
-
# Server starts on port 3475
|
|
10
|
-
```
|
|
19
|
+
## Governance lint + paid x402 API
|
|
11
20
|
|
|
12
|
-
|
|
13
|
-
```bash
|
|
14
|
-
claude mcp add nervous-system npx mcp-nervous-system
|
|
15
|
-
```
|
|
21
|
+
The Nervous System is an external governance layer for agent systems: governance, attribution, and coordination across vendors.
|
|
16
22
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
https://api.100levelup.com/mcp-ns/
|
|
20
|
-
```
|
|
23
|
+
### Free, local tool: `audit_mcp_config`
|
|
24
|
+
Deterministic governance lint for MCP server configurations. Pass the config JSON (e.g. `claude_desktop_config.json`) as `config` (object) or `config_json` (string). It checks for plaintext secrets in `env`, unpinned packages, auto-install flags, broad filesystem scopes, shell wrappers, non-TLS remote transports, and unpinned docker tags, then returns findings with severities and a 0-100 score. Zero dependencies, fully offline, never throws.
|
|
21
25
|
|
|
22
|
-
|
|
26
|
+
### Hosted x402 API (pay-per-call)
|
|
27
|
+
For CI/agent use, the same checks plus audit-chain verification are available as pay-per-call HTTP endpoints priced in USDC on Base (x402):
|
|
23
28
|
|
|
24
|
-
|
|
29
|
+
- `POST https://api.100levelup.com/x402/audit-mcp` - governance lint ($0.05 USDC)
|
|
30
|
+
- `GET https://api.100levelup.com/x402/verify-audit` - audit-chain verification ($0.005 USDC)
|
|
25
31
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
Built by [Arthur Palyan](https://www.levelsofself.com) at Palyan Family AI System. 30 tools including configuration drift detection, emergency kill switch, usage monitoring, and bot compliance auditing. Battle-tested on a 13-agent AI family running 28 processes 24/7 on a $300/month infrastructure (7.8GB RAM, 154GB SSD). SAM.gov registered (CAGE 19R10). 35 partners across 10 countries. 99+ violations caught, 0 bypassed.
|
|
29
|
-
|
|
30
|
-
## The Problem
|
|
31
|
-
|
|
32
|
-
When you give an LLM access to your file system, bash, and production infrastructure, it will eventually:
|
|
33
|
-
|
|
34
|
-
- Edit a file it shouldn't touch
|
|
35
|
-
- Lose context between sessions and start over
|
|
36
|
-
- Drift from the original objective during long tasks
|
|
37
|
-
- Fail silently when a session times out
|
|
38
|
-
- Make logic changes without asking
|
|
39
|
-
- Disappear into debug loops
|
|
40
|
-
|
|
41
|
-
The Nervous System solves all of these with rules enforced by external mechanisms the LLM cannot override.
|
|
42
|
-
|
|
43
|
-
## Install
|
|
44
|
-
|
|
45
|
-
### Claude Desktop
|
|
46
|
-
|
|
47
|
-
Add to your `claude_desktop_config.json`:
|
|
48
|
-
|
|
49
|
-
```json
|
|
50
|
-
{
|
|
51
|
-
"mcpServers": {
|
|
52
|
-
"nervous-system": {
|
|
53
|
-
"command": "npx",
|
|
54
|
-
"args": ["-y", "mcp-nervous-system"]
|
|
55
|
-
}
|
|
56
|
-
}
|
|
57
|
-
}
|
|
58
|
-
```
|
|
59
|
-
|
|
60
|
-
### Claude Code
|
|
61
|
-
|
|
62
|
-
```bash
|
|
63
|
-
claude mcp add nervous-system npx mcp-nervous-system
|
|
64
|
-
```
|
|
65
|
-
|
|
66
|
-
### Direct
|
|
67
|
-
|
|
68
|
-
```bash
|
|
69
|
-
npx mcp-nervous-system
|
|
70
|
-
```
|
|
71
|
-
|
|
72
|
-
Server starts on port 3475 with SSE, HTTP, and health endpoints.
|
|
73
|
-
|
|
74
|
-
### Hosted (No Install)
|
|
75
|
-
|
|
76
|
-
The server is live and ready to use:
|
|
77
|
-
|
|
78
|
-
```
|
|
79
|
-
URL: https://api.100levelup.com/mcp-ns/
|
|
80
|
-
Protocol: MCP 2024-11-05 (Streamable HTTP + SSE)
|
|
81
|
-
Authentication: None required
|
|
82
|
-
```
|
|
83
|
-
|
|
84
|
-
## NEW in v1.9.3
|
|
85
|
-
|
|
86
|
-
**Platform Integration Guides** - Working examples for governing multi-agent systems on the 3 biggest platforms plus any MCP client. Each guide gets you to governed agents in under 10 minutes.
|
|
87
|
-
|
|
88
|
-
- [Ruflo (claude-flow)](./integrations/ruflo/) - Queen-Worker hive mind governance with preflight checks, drift audits, and violation logging to swarm_state
|
|
89
|
-
- [Hivemind](./integrations/hivemind/) - Team chat agent governance with tool interception, heartbeat drift audits, and session handoffs
|
|
90
|
-
- [Anthropic Agent Teams](./integrations/agent-teams/) - Parallel agent governance via CLAUDE.md propagation with shared untouchable lists and unified audit trails
|
|
91
|
-
- [Generic MCP](./integrations/generic-mcp/) - 5-minute setup for any MCP client (Claude Desktop, Claude Code, Cursor, Windsurf, Cline)
|
|
92
|
-
|
|
93
|
-
## v1.9.3
|
|
94
|
-
|
|
95
|
-
**Tamara Reference Implementation + Case Study** (2 new resources)
|
|
96
|
-
Production reference implementation of an autonomous AI operations manager built on the Nervous System. Includes full architecture documentation, build-your-own guide, and case study with real metrics from managing 13 agents across 5 platforms.
|
|
97
|
-
|
|
98
|
-
## v1.9.3
|
|
99
|
-
|
|
100
|
-
**drift_audit** (free tier)
|
|
101
|
-
Configuration drift detection across 5 scopes: roles, versions, files, processes, and website. Scans source-of-truth files (family-roles.json, package.json, UNTOUCHABLE_FILES.txt) against all downstream references - HTML pages, JSON configs, markdown docs, and running PM2 processes. Change one file, drift_audit tells you everywhere else that needs updating. The closed loop that keeps your entire system consistent.
|
|
102
|
-
|
|
103
|
-
**Positioning: Auto mode decides what Claude CAN do. The Nervous System governs HOW it behaves while doing it.**
|
|
104
|
-
|
|
105
|
-
## The 7 Rules
|
|
106
|
-
|
|
107
|
-
| # | Rule | What It Prevents |
|
|
108
|
-
|---|------|-----------------|
|
|
109
|
-
| 1 | **Dispatch Don't Do** | Debug loops, rabbit holes. Tasks > 2 messages get dispatched. |
|
|
110
|
-
| 2 | **Untouchable** | File damage. Protected files mechanically blocked from editing. |
|
|
111
|
-
| 3 | **Write Progress** | Silent failures. Progress noted before each action. |
|
|
112
|
-
| 4 | **Step Back Every 4** | Goal drift. Forced reflection every 4 messages. |
|
|
113
|
-
| 5 | **Delegate and Return** | Invisible work. Background tasks reported immediately. |
|
|
114
|
-
| 6 | **Ask Before Touching** | Unauthorized changes. Logic changes need human approval. |
|
|
115
|
-
| 7 | **Hand Off** | Context loss. Written handoffs every 3-4 exchanges. |
|
|
116
|
-
|
|
117
|
-
## MCP Tools (21)
|
|
118
|
-
|
|
119
|
-
| Tool | Description |
|
|
120
|
-
|------|------------|
|
|
121
|
-
| `get_framework` | Complete framework: all rules, permission protocol, enforcement patterns |
|
|
122
|
-
| `guardrail_rules` | The 7 core rules with triggers, enforcement, and failure modes |
|
|
123
|
-
| `preflight_check` | File protection system: shell script blocks edits to protected files |
|
|
124
|
-
| `session_handoff` | Context preservation: templates for handoff documents |
|
|
125
|
-
| `worklog` | Progress documentation pattern |
|
|
126
|
-
| `violation_logging` | Audit trail: timestamp, type, context for every violation |
|
|
127
|
-
| `step_back_check` | Forced reflection system |
|
|
128
|
-
| `get_nervous_system_info` | System overview and operational stats |
|
|
129
|
-
| `emergency_kill_switch` | Emergency shutdown of all PM2 processes. Requires kill switch secret. Logs to tamper-evident audit trail |
|
|
130
|
-
| `verify_audit_chain` | Walks the SHA-256 hash-chained audit log and verifies every entry. Returns chain integrity status |
|
|
131
|
-
| `dispatch_to_llm` | Spawns a background LLM agent to handle a task. Checks RAM, enforces max 2 concurrent dispatches |
|
|
132
|
-
| `drift_audit` | Configuration drift detection across roles, versions, files, processes, and website. Finds stale values everywhere. |
|
|
133
|
-
|
|
134
|
-
## Kill Switch
|
|
135
|
-
|
|
136
|
-
The `emergency_kill_switch` tool provides an emergency shutdown capability. Send a POST request to `/kill` with the kill switch secret to immediately stop all PM2 processes. Every activation is logged to the tamper-evident audit trail with SHA-256 hash chaining, so kill switch events cannot be hidden or altered after the fact.
|
|
137
|
-
|
|
138
|
-
- Requires authentication (kill switch secret)
|
|
139
|
-
- Logs to hash-chained audit trail
|
|
140
|
-
- Returns confirmation with affected process count
|
|
141
|
-
|
|
142
|
-
## Tamper-Evident Audit Trail
|
|
143
|
-
|
|
144
|
-
Every guardrail violation, kill switch activation, and dispatch event is recorded in a SHA-256 hash-chained audit log. Each entry includes the hash of the previous entry, making it cryptographically impossible to alter or delete past records without breaking the chain.
|
|
145
|
-
|
|
146
|
-
- Use `verify_audit_chain` to walk the entire chain and verify integrity
|
|
147
|
-
- Returns: valid/invalid status, entry count, and break point if tampered
|
|
148
|
-
- 99+ violations caught, 0 bypassed, 0 chain breaks
|
|
149
|
-
|
|
150
|
-
## Dispatch to LLM
|
|
151
|
-
|
|
152
|
-
The `dispatch_to_llm` tool enables a brain + agents architecture. Instead of one LLM session doing everything, complex tasks get dispatched to background agents that run independently under the same 7 rules.
|
|
153
|
-
|
|
154
|
-
- Checks available RAM (requires 500MB+)
|
|
155
|
-
- Enforces max 2 concurrent dispatches
|
|
156
|
-
- Returns PID and log file path for monitoring
|
|
157
|
-
- Every dispatched agent runs under the same nervous system guardrails
|
|
158
|
-
|
|
159
|
-
## EU AI Act Compliance
|
|
160
|
-
|
|
161
|
-
The Nervous System provides practical compliance tools for the EU AI Act. See the full compliance page at:
|
|
162
|
-
|
|
163
|
-
https://api.100levelup.com/family/eu-ai-act.html
|
|
164
|
-
|
|
165
|
-
## Production Reference: Tamara
|
|
166
|
-
|
|
167
|
-
Tamara is an autonomous AI operations manager built on the Nervous System framework. She manages 13 AI agents across 5 platforms, serving 175+ countries accessible from a $12/month VPS - without dedicated DevOps staff.
|
|
168
|
-
|
|
169
|
-
Tamara is the proof that the Nervous System works in production. She runs 60-minute autonomous check cycles, detects configuration drift, dispatches remediation agents, and reports to the human operator only when judgment is needed.
|
|
170
|
-
|
|
171
|
-
- **Case Study**: Use the `nervous-system://case-study` resource for full production metrics
|
|
172
|
-
- **Reference Implementation**: Use the `nervous-system://tamara-reference` resource for architecture details and build-your-own guide
|
|
173
|
-
- **Enterprise Support**: For organizations deploying AI agent fleets at scale, implementation consulting is available at wa.me/18184399770
|
|
174
|
-
- **Blog**: [Meet Tamara](https://api.100levelup.com/family/blog/meet-tamara.md) | [Why AI Agent Management Is the Next Infrastructure Layer](https://api.100levelup.com/family/blog/ai-agent-management.md)
|
|
175
|
-
|
|
176
|
-
## Resources (7)
|
|
177
|
-
|
|
178
|
-
- `nervous-system://framework` - The complete framework
|
|
179
|
-
- `nervous-system://quick-start` - Quick start guide
|
|
180
|
-
- `nervous-system://rules` - The 7 core rules
|
|
181
|
-
- `nervous-system://templates` - Templates for handoffs, worklogs, preflight
|
|
182
|
-
- `nervous-system://drift-audit` - Configuration drift detection
|
|
183
|
-
- `nervous-system://tamara-reference` - Tamara autonomous ops manager reference implementation
|
|
184
|
-
- `nervous-system://case-study` - Palyan Family AI System production case study
|
|
185
|
-
|
|
186
|
-
## Production Stats
|
|
187
|
-
|
|
188
|
-
From the live Palyan Family AI System deployment (Feb 28 - Mar 5, 2026):
|
|
189
|
-
|
|
190
|
-
- **58+** violations caught
|
|
191
|
-
- **29** edits blocked by preflight
|
|
192
|
-
- **100** files protected
|
|
193
|
-
- **0** rules bypassed
|
|
194
|
-
- **27** processes monitored
|
|
195
|
-
- **5** days continuous operation
|
|
196
|
-
|
|
197
|
-
## Live Demo
|
|
198
|
-
|
|
199
|
-
Try it yourself (no login required):
|
|
200
|
-
|
|
201
|
-
- **[Interactive Demo](https://api.100levelup.com/family/arthur.html?guest=1)** - Talk to a governed LLM and try to break the rules
|
|
202
|
-
- **[Audit Dashboard](https://api.100levelup.com/family/audit.html)** - See real violation history with timeline
|
|
203
|
-
- **[System Status](https://api.100levelup.com/family/status.html)** - Live health checks
|
|
204
|
-
- **[API Documentation](https://api.100levelup.com/family/api-docs.html)** - Full tool and resource reference
|
|
205
|
-
- **[Case Study](https://api.100levelup.com/family/case-study.html)** - Production deployment data
|
|
206
|
-
- **[Plain English Rules](https://api.100levelup.com/family/rules-plain.html)** - For non-technical stakeholders
|
|
207
|
-
- **[Incident Response](https://api.100levelup.com/family/incident-response.html)** - Detection, containment, resolution
|
|
208
|
-
- **[EU AI Act Compliance](https://api.100levelup.com/family/eu-ai-act.html)** - Practical EU AI Act compliance tools
|
|
209
|
-
|
|
210
|
-
## Integrations
|
|
211
|
-
|
|
212
|
-
Works with the major multi-agent platforms and any MCP client:
|
|
213
|
-
|
|
214
|
-
| Platform | Integration | Setup Time |
|
|
215
|
-
|----------|------------|------------|
|
|
216
|
-
| **[Ruflo (claude-flow)](./integrations/ruflo/)** | Plugin hooks into Queen-Worker pipeline | 10 min |
|
|
217
|
-
| **[Hivemind](./integrations/hivemind/)** | MCP connector with tool interception | 10 min |
|
|
218
|
-
| **[Anthropic Agent Teams](./integrations/agent-teams/)** | CLAUDE.md governance propagation | 10 min |
|
|
219
|
-
| **[Any MCP Client](./integrations/generic-mcp/)** | 3 lines of config | 5 min |
|
|
220
|
-
|
|
221
|
-
Each integration includes working code, example configs, and a step-by-step README.
|
|
222
|
-
|
|
223
|
-
## Agent Skills
|
|
224
|
-
|
|
225
|
-
The Nervous System is also available as an Agent Skill following the open [Agent Skills standard](https://agentskills.io). Install the governance skill to teach any AI agent (Claude, Codex, Cursor, Copilot, VS Code) how to enforce behavioral guardrails in multi-agent systems.
|
|
226
|
-
|
|
227
|
-
See `skills/multi-agent-governance/SKILL.md` for the full skill definition.
|
|
228
|
-
|
|
229
|
-
## Philosophy
|
|
230
|
-
|
|
231
|
-
> "LLMs can't reliably self-enforce promises. Guardrails work via preflight.sh, violation logs, and catching drift. Build enforcement systems, don't make promises."
|
|
232
|
-
|
|
233
|
-
If a guardrail can be violated by the thing it guards, it is not a guardrail. It is a suggestion.
|
|
234
|
-
|
|
235
|
-
Every rule in the Nervous System is enforced by an external mechanism: a shell script, a timer, a separate monitoring process. The LLM cannot override, circumvent, or ignore them.
|
|
236
|
-
|
|
237
|
-
## License
|
|
238
|
-
|
|
239
|
-
MIT
|
|
32
|
+
Discovery: [`/openapi.json`](https://api.100levelup.com/openapi.json) and [`/llms.txt`](https://api.100levelup.com/llms.txt).
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
agent_id: "aram"
|
|
2
|
+
role: "legal counsel"
|
|
3
|
+
version: "1.0.0"
|
|
4
|
+
description: "Provides legal guidance under strict escalation and compliance boundaries."
|
|
5
|
+
capabilities:
|
|
6
|
+
- "policy_interpretation"
|
|
7
|
+
- "compliance_review"
|
|
8
|
+
- "escalation_routing"
|
|
9
|
+
required_tools:
|
|
10
|
+
- "policy_engine"
|
|
11
|
+
- "citation_retriever"
|
|
12
|
+
- "approval_gate"
|
|
13
|
+
policy: "/root/levels-os/governance/policies/agents/aram.yaml"
|
|
14
|
+
memory_access:
|
|
15
|
+
global_read: true
|
|
16
|
+
agent_read: true
|
|
17
|
+
agent_write: false
|
|
18
|
+
max_runtime_minutes: 30
|
|
19
|
+
model_preference: "ollama-qwen3"
|
|
20
|
+
fallback_model: "claude-sonnet"
|
|
21
|
+
cost_limit_usd: 1.0
|
|
22
|
+
heartbeat_interval_sec: 30
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
agent_id: "corona"
|
|
2
|
+
role: "creative real estate"
|
|
3
|
+
version: "1.0.0"
|
|
4
|
+
description: "Develops creative real estate concepts, campaigns, and positioning strategies."
|
|
5
|
+
capabilities:
|
|
6
|
+
- "campaign_concepting"
|
|
7
|
+
- "property_storytelling"
|
|
8
|
+
- "market_positioning"
|
|
9
|
+
required_tools:
|
|
10
|
+
- "content_editor"
|
|
11
|
+
- "media_planner"
|
|
12
|
+
- "listing_database"
|
|
13
|
+
policy: "/root/levels-os/governance/policies/agents/corona.yaml"
|
|
14
|
+
memory_access:
|
|
15
|
+
global_read: true
|
|
16
|
+
agent_read: true
|
|
17
|
+
agent_write: true
|
|
18
|
+
max_runtime_minutes: 60
|
|
19
|
+
model_preference: "ollama-qwen3"
|
|
20
|
+
fallback_model: "claude-sonnet"
|
|
21
|
+
cost_limit_usd: 2.0
|
|
22
|
+
heartbeat_interval_sec: 30
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
agent_id: "harout"
|
|
2
|
+
role: "realtor"
|
|
3
|
+
version: "1.0.0"
|
|
4
|
+
description: "Supports client-facing real estate workflows for listings and buyer matching."
|
|
5
|
+
capabilities:
|
|
6
|
+
- "listing_analysis"
|
|
7
|
+
- "client_communication"
|
|
8
|
+
- "market_comparison"
|
|
9
|
+
required_tools:
|
|
10
|
+
- "listing_database"
|
|
11
|
+
- "crm_connector"
|
|
12
|
+
- "calendar_scheduler"
|
|
13
|
+
policy: "/root/levels-os/governance/policies/agents/harout.yaml"
|
|
14
|
+
memory_access:
|
|
15
|
+
global_read: true
|
|
16
|
+
agent_read: true
|
|
17
|
+
agent_write: true
|
|
18
|
+
max_runtime_minutes: 60
|
|
19
|
+
model_preference: "ollama-qwen3"
|
|
20
|
+
fallback_model: "claude-sonnet"
|
|
21
|
+
cost_limit_usd: 2.0
|
|
22
|
+
heartbeat_interval_sec: 30
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
agent_id: "harry"
|
|
2
|
+
role: "accountant"
|
|
3
|
+
version: "1.0.0"
|
|
4
|
+
description: "Handles strict financial data workflows for bookkeeping and reconciliations."
|
|
5
|
+
capabilities:
|
|
6
|
+
- "ledger_reconciliation"
|
|
7
|
+
- "expense_classification"
|
|
8
|
+
- "financial_reporting"
|
|
9
|
+
required_tools:
|
|
10
|
+
- "ledger_reader"
|
|
11
|
+
- "calculator"
|
|
12
|
+
- "audit_logger"
|
|
13
|
+
policy: "/root/levels-os/governance/policies/agents/harry.yaml"
|
|
14
|
+
memory_access:
|
|
15
|
+
global_read: true
|
|
16
|
+
agent_read: true
|
|
17
|
+
agent_write: false
|
|
18
|
+
max_runtime_minutes: 30
|
|
19
|
+
model_preference: "ollama-qwen3"
|
|
20
|
+
fallback_model: "claude-sonnet"
|
|
21
|
+
cost_limit_usd: 1.0
|
|
22
|
+
heartbeat_interval_sec: 30
|
package/index.js
CHANGED
|
@@ -538,7 +538,7 @@ const NERVOUS_SYSTEM_INFO = {
|
|
|
538
538
|
]
|
|
539
539
|
},
|
|
540
540
|
origin_story: {
|
|
541
|
-
context: 'Arthur Palyan runs a startup with 12 AI family members, each with distinct roles. The entire operation runs on a
|
|
541
|
+
context: 'Arthur Palyan runs a startup with 12 AI family members, each with distinct roles. The entire operation runs on a ~$48/month VPS with a $200/month LLM subscription, about $375/month all in.',
|
|
542
542
|
problem_discovered: 'After months of building, patterns emerged: LLMs would break working systems while trying to improve them. They would loop on debugging instead of dispatching. They would silently fail when sessions timed out. They would lose all context between sessions.',
|
|
543
543
|
solution_built: 'Arthur built the nervous system - not by changing the LLM model, but by wrapping it in behavioral rules enforced through scripts, file checks, and prompt engineering. The LLM itself became the enforcement mechanism, trained to check before acting.',
|
|
544
544
|
philosophy: 'The brain (LLM) is powerful but needs a nervous system to keep it from hurting itself. Just like a human nervous system sends pain signals before you touch a hot stove, this system sends BLOCKED/PROTECTED signals before the LLM edits a critical file.',
|
|
@@ -570,7 +570,7 @@ const NERVOUS_SYSTEM_INFO = {
|
|
|
570
570
|
reflection_trigger: 'Every 4 messages',
|
|
571
571
|
processes_managed: '22+ autonomous PM2 processes',
|
|
572
572
|
family_members: 12,
|
|
573
|
-
monthly_cost: 'Under $
|
|
573
|
+
monthly_cost: 'Under $500/month total infrastructure (about $375 actual)',
|
|
574
574
|
uptime: '24/7 autonomous operation',
|
|
575
575
|
deployment: 'Single VPS, single LLM subscription'
|
|
576
576
|
}
|
|
@@ -895,7 +895,7 @@ const RESOURCES = [
|
|
|
895
895
|
{ uri: 'nervous-system://templates', name: 'Templates', description: 'Ready-to-use templates for handoffs, worklogs, preflight, and untouchable lists', mimeType: 'text/plain' },
|
|
896
896
|
{ uri: 'nervous-system://drift-audit', name: 'Drift Audit', description: 'Configuration drift detection - checks roles, versions, file references, and running processes against source-of-truth files', mimeType: 'text/plain' },
|
|
897
897
|
{ uri: 'nervous-system://tamara-reference', name: 'Tamara Reference Implementation', description: 'Autonomous AI operations manager - reference implementation for managing AI agent fleets using the Nervous System framework', mimeType: 'text/plain' },
|
|
898
|
-
{ uri: 'nervous-system://case-study', name: 'Palyan Family AI System Case Study', description: 'Production case study: 13 agents, 5 platforms, 175 countries, $
|
|
898
|
+
{ uri: 'nervous-system://case-study', name: 'Palyan Family AI System Case Study', description: 'Production case study: 13 agents, 5 platforms, 175 countries, under $500/month - autonomous AI operations at scale', mimeType: 'text/plain' },
|
|
899
899
|
];
|
|
900
900
|
|
|
901
901
|
// ============================================================
|
|
@@ -3875,7 +3875,7 @@ PRODUCTION RESULTS
|
|
|
3875
3875
|
- 13 AI agents managed autonomously
|
|
3876
3876
|
- 5 platforms (Telegram, Instagram, Facebook, Web, Bot Builder)
|
|
3877
3877
|
- 175 countries served
|
|
3878
|
-
- $
|
|
3878
|
+
- Under $500/month total infrastructure cost (about $375 actual)
|
|
3879
3879
|
- Zero dedicated DevOps staff
|
|
3880
3880
|
- 99+ protected files with automated enforcement
|
|
3881
3881
|
- Autonomous operation for weeks without human intervention
|
|
@@ -3900,7 +3900,7 @@ Open source: npmjs.com/package/mcp-nervous-system`;
|
|
|
3900
3900
|
Autonomous AI Operations at Scale
|
|
3901
3901
|
|
|
3902
3902
|
OVERVIEW
|
|
3903
|
-
The Palyan Family AI System is a production deployment of 13 specialized AI agents serving users across 175 countries through 5 platforms. The entire operation runs on a single 4GB VPS for $
|
|
3903
|
+
The Palyan Family AI System is a production deployment of 13 specialized AI agents serving users across 175 countries through 5 platforms. The entire operation runs on a single 4GB VPS for about $48/month, managed autonomously by Tamara - an AI operations manager built on the Nervous System framework.
|
|
3904
3904
|
|
|
3905
3905
|
This is not a demo. This is a live system that has been running continuously since February 2026, processing real user interactions, managing real infrastructure, and operating without dedicated DevOps staff.
|
|
3906
3906
|
|
|
@@ -3923,7 +3923,7 @@ INFRASTRUCTURE
|
|
|
3923
3923
|
- Server: 4GB VPS (Ubuntu)
|
|
3924
3924
|
- Process Manager: PM2 (29 registered processes, 19+ online)
|
|
3925
3925
|
- LLM Access: Anthropic Max subscription
|
|
3926
|
-
- Total Monthly Cost:
|
|
3926
|
+
- Total Monthly Cost: ~$375 (VPS ~$48 + LLM ~$200 + Vercel/insurance/tools)
|
|
3927
3927
|
- Platforms: Telegram, Instagram, Facebook Messenger, Web, Bot Builder SaaS
|
|
3928
3928
|
|
|
3929
3929
|
GOVERNANCE LAYER
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
agent_id: "kris"
|
|
2
|
+
role: "business credit scanner"
|
|
3
|
+
version: "1.0.0"
|
|
4
|
+
description: "Analyzes business credit signals and flags potential financial risk patterns."
|
|
5
|
+
capabilities:
|
|
6
|
+
- "credit_profile_scan"
|
|
7
|
+
- "risk_scoring"
|
|
8
|
+
- "report_generation"
|
|
9
|
+
required_tools:
|
|
10
|
+
- "data_fetcher"
|
|
11
|
+
- "risk_engine"
|
|
12
|
+
- "report_writer"
|
|
13
|
+
policy: "/root/levels-os/governance/policies/agents/kris.yaml"
|
|
14
|
+
memory_access:
|
|
15
|
+
global_read: true
|
|
16
|
+
agent_read: true
|
|
17
|
+
agent_write: true
|
|
18
|
+
max_runtime_minutes: 60
|
|
19
|
+
model_preference: "ollama-qwen3"
|
|
20
|
+
fallback_model: "claude-sonnet"
|
|
21
|
+
cost_limit_usd: 2.0
|
|
22
|
+
heartbeat_interval_sec: 30
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
agent_id: "lady"
|
|
2
|
+
role: "5-lane executor"
|
|
3
|
+
version: "1.0.0"
|
|
4
|
+
description: "Executes parallel workstreams across five lanes with synchronized delivery control."
|
|
5
|
+
capabilities:
|
|
6
|
+
- "parallel_execution"
|
|
7
|
+
- "priority_routing"
|
|
8
|
+
- "status_synchronization"
|
|
9
|
+
- "handoff_coordination"
|
|
10
|
+
required_tools:
|
|
11
|
+
- "lane_orchestrator"
|
|
12
|
+
- "task_dispatcher"
|
|
13
|
+
- "status_board"
|
|
14
|
+
- "audit_logger"
|
|
15
|
+
policy: "/root/levels-os/governance/policies/agents/lady.yaml"
|
|
16
|
+
memory_access:
|
|
17
|
+
global_read: true
|
|
18
|
+
agent_read: true
|
|
19
|
+
agent_write: true
|
|
20
|
+
max_runtime_minutes: 60
|
|
21
|
+
model_preference: "ollama-qwen3"
|
|
22
|
+
fallback_model: "claude-sonnet"
|
|
23
|
+
cost_limit_usd: 2.0
|
|
24
|
+
heartbeat_interval_sec: 30
|
package/lib/mcp-audit.js
ADDED
|
@@ -0,0 +1,184 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
// mcp-audit.js - deterministic governance lint for MCP server configurations.
|
|
3
|
+
// Zero deps, pure Node. Powers the paid POST /audit-mcp SKU in x402-app.js.
|
|
4
|
+
//
|
|
5
|
+
// auditMcpConfig(input) -> { score:0-100, findings:[...], summary:{...} } (never throws)
|
|
6
|
+
// Malformed input -> { error, hint } (no throw)
|
|
7
|
+
//
|
|
8
|
+
// Input is PARSED JSON, either:
|
|
9
|
+
// Claude-Desktop shape { "mcpServers": { "<name>": {command,args,env,...} } }
|
|
10
|
+
// or a single server { command, args, env, ... }
|
|
11
|
+
//
|
|
12
|
+
// Each finding: { severity:'error'|'warn'|'info', code, server, message, hint }
|
|
13
|
+
// Score: start 100; -25 per error, -10 per warn, -2 per info; floor 0.
|
|
14
|
+
|
|
15
|
+
// Recognized keys (typo detection). Anything else -> UNKNOWN_TOP_FIELDS (info).
|
|
16
|
+
const KNOWN_TOP_KEYS = new Set(['mcpServers']);
|
|
17
|
+
const KNOWN_SERVER_KEYS = new Set([
|
|
18
|
+
'command', 'args', 'env', 'url', 'transport', 'type', 'cwd', 'name',
|
|
19
|
+
'disabled', 'enabled', 'autoApprove', 'alwaysAllow', 'timeout', 'headers', 'description'
|
|
20
|
+
]);
|
|
21
|
+
// Flags that consume the following token as their value (so it is NOT the docker image / package).
|
|
22
|
+
const VALUE_FLAGS = new Set([
|
|
23
|
+
'-e', '--env', '-v', '--volume', '-p', '--publish', '--name', '-w', '--workdir',
|
|
24
|
+
'--network', '-u', '--user', '--mount', '--label', '-l', '--entrypoint'
|
|
25
|
+
]);
|
|
26
|
+
|
|
27
|
+
function baseName(cmd) {
|
|
28
|
+
if (typeof cmd !== 'string') return '';
|
|
29
|
+
const parts = cmd.replace(/\\/g, '/').split('/');
|
|
30
|
+
return parts[parts.length - 1].toLowerCase();
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
function isEnvRef(v) {
|
|
34
|
+
// ${VAR} / $VAR / plain reference -> not an inline secret.
|
|
35
|
+
return /^\$\{?[A-Za-z_][A-Za-z0-9_]*\}?$/.test(String(v).trim());
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
function looksHighEntropy(v) {
|
|
39
|
+
// 20+ chars, token-like charset, mixes letters AND digits -> probably a real credential.
|
|
40
|
+
return v.length >= 20 && /^[A-Za-z0-9+/=_.\-]{20,}$/.test(v) && /[0-9]/.test(v) && /[A-Za-z]/.test(v);
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
function firstNonFlagArg(args) {
|
|
44
|
+
for (const a of args) { if (typeof a === 'string' && !a.startsWith('-')) return a; }
|
|
45
|
+
return null;
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
// Best-effort docker image extraction: first bare token after `run`, skipping flags + their values.
|
|
49
|
+
function dockerImage(args) {
|
|
50
|
+
const i = args.indexOf('run');
|
|
51
|
+
if (i < 0) return null;
|
|
52
|
+
for (let j = i + 1; j < args.length; j++) {
|
|
53
|
+
const a = args[j];
|
|
54
|
+
if (typeof a !== 'string') continue;
|
|
55
|
+
if (a.startsWith('-')) { if (VALUE_FLAGS.has(a)) j++; continue; } // skip flag (and its value)
|
|
56
|
+
return a; // first bare token = the image reference
|
|
57
|
+
}
|
|
58
|
+
return null;
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
function checkServer(name, srv, findings) {
|
|
62
|
+
const push = (severity, code, message, hint) => findings.push({ severity, code, server: name, message, hint });
|
|
63
|
+
if (!srv || typeof srv !== 'object' || Array.isArray(srv)) {
|
|
64
|
+
push('info', 'UNKNOWN_TOP_FIELDS', 'server entry is not an object', 'Each server must map to an object with command/url + args/env.');
|
|
65
|
+
return;
|
|
66
|
+
}
|
|
67
|
+
const args = Array.isArray(srv.args) ? srv.args : [];
|
|
68
|
+
const cmd = baseName(srv.command);
|
|
69
|
+
|
|
70
|
+
// Unknown server-level keys (typo detection).
|
|
71
|
+
for (const k of Object.keys(srv)) {
|
|
72
|
+
if (!KNOWN_SERVER_KEYS.has(k)) {
|
|
73
|
+
push('info', 'UNKNOWN_TOP_FIELDS', 'unrecognized server field "' + k + '"', 'Check for a typo; expected command/args/env/url/type.');
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
// SECRET_IN_ENV (error)
|
|
78
|
+
if (srv.env && typeof srv.env === 'object' && !Array.isArray(srv.env)) {
|
|
79
|
+
for (const [k, v] of Object.entries(srv.env)) {
|
|
80
|
+
if (typeof v !== 'string' || v.length === 0 || isEnvRef(v)) continue;
|
|
81
|
+
const keyMatch = /key|token|secret|password|passwd|pwd|credential|apikey|auth|access[_-]?id|private/i.test(k);
|
|
82
|
+
if (keyMatch) {
|
|
83
|
+
push('error', 'SECRET_IN_ENV', 'env "' + k + '" appears to hold an inline credential', 'Reference a secret via ${ENV_VAR} or a secret manager; never inline credentials.');
|
|
84
|
+
} else if (looksHighEntropy(v)) {
|
|
85
|
+
push('error', 'SECRET_IN_ENV', 'env "' + k + '" holds a high-entropy value that looks like a secret', 'Reference a secret via ${ENV_VAR} or a secret manager; never inline credentials.');
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
// SHELL_WRAPPER (warn) - sh/bash/zsh -c hides the real binary
|
|
91
|
+
if ((cmd === 'sh' || cmd === 'bash' || cmd === 'zsh') && args.some((a) => a === '-c')) {
|
|
92
|
+
push('warn', 'SHELL_WRAPPER', 'command wraps the real binary in ' + cmd + ' -c', 'Invoke the real binary directly instead of wrapping in a shell.');
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
// UNPINNED_PACKAGE (warn) + AUTO_INSTALL_FLAG (warn) for npx/uvx/bunx-style runners
|
|
96
|
+
if (cmd === 'npx' || cmd === 'uvx' || cmd === 'bunx' || cmd === 'pnpm' || cmd === 'yarn') {
|
|
97
|
+
const pkg = firstNonFlagArg(args);
|
|
98
|
+
if (pkg) {
|
|
99
|
+
const body = pkg.startsWith('@') ? pkg.slice(1) : pkg; // strip scope so @scope/x isn't read as a pin
|
|
100
|
+
if (!body.includes('@')) {
|
|
101
|
+
push('warn', 'UNPINNED_PACKAGE', 'package "' + pkg + '" is not version-pinned', 'Pin the version (name@1.2.3) to prevent supply-chain drift.');
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
if (args.some((a) => a === '-y' || a === '--yes')) {
|
|
105
|
+
push('warn', 'AUTO_INSTALL_FLAG', cmd + ' auto-installs unreviewed code (-y/--yes)', 'Remove -y/--yes; review packages before first execution.');
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
// BROAD_FS_SCOPE (warn) - filesystem servers granted / or a home root
|
|
110
|
+
const joined = (srv.command ? srv.command + ' ' : '') + args.join(' ');
|
|
111
|
+
const isFs = /filesystem/i.test(joined) || srv.type === 'filesystem' || /(^|[^a-z])fs($|[^a-z])/i.test(String(srv.name || ''));
|
|
112
|
+
if (isFs) {
|
|
113
|
+
for (const a of args) {
|
|
114
|
+
if (typeof a !== 'string') continue;
|
|
115
|
+
if (/^(\/|~|\$HOME|\/root|\/home\/[^/]+|\/Users\/[^/]+)\/?$/.test(a.trim())) {
|
|
116
|
+
push('warn', 'BROAD_FS_SCOPE', 'filesystem access granted to broad path "' + a + '"', 'Scope filesystem access to a specific project subdirectory, not / or $HOME.');
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
// REMOTE_URL_NO_TLS (error) - http:// to a non-localhost host
|
|
122
|
+
const urlCandidates = [];
|
|
123
|
+
if (typeof srv.url === 'string') urlCandidates.push(srv.url);
|
|
124
|
+
if (srv.transport && typeof srv.transport === 'object' && typeof srv.transport.url === 'string') urlCandidates.push(srv.transport.url);
|
|
125
|
+
for (const a of args) { if (typeof a === 'string' && /^https?:\/\//i.test(a)) urlCandidates.push(a); }
|
|
126
|
+
for (const raw of urlCandidates) {
|
|
127
|
+
let u; try { u = new URL(raw); } catch (e) { continue; }
|
|
128
|
+
if (u.protocol !== 'http:') continue;
|
|
129
|
+
const h = u.hostname.toLowerCase();
|
|
130
|
+
const local = h === 'localhost' || h === '127.0.0.1' || h === '0.0.0.0' || h === '::1' || h.endsWith('.local');
|
|
131
|
+
if (!local) {
|
|
132
|
+
push('error', 'REMOTE_URL_NO_TLS', 'remote transport uses plaintext http:// (' + h + ')', 'Use https:// for remote transports.');
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
// NO_VERSION_PIN_DOCKER (info) - image without a tag or :latest
|
|
137
|
+
if (cmd === 'docker') {
|
|
138
|
+
const img = dockerImage(args);
|
|
139
|
+
if (img) {
|
|
140
|
+
const tagless = !img.includes('@') && (!img.includes(':') || /:latest$/i.test(img));
|
|
141
|
+
if (tagless) {
|
|
142
|
+
push('info', 'NO_VERSION_PIN_DOCKER', 'docker image "' + img + '" has no immutable tag', 'Pin the image to a specific tag or digest, not :latest.');
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
function auditMcpConfig(input) {
|
|
149
|
+
if (input === null || typeof input !== 'object' || Array.isArray(input)) {
|
|
150
|
+
return { error: 'input must be a JSON object', hint: 'Provide {"mcpServers":{...}} (Claude Desktop) or a single server object {"command":...}.' };
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
const findings = [];
|
|
154
|
+
let servers;
|
|
155
|
+
|
|
156
|
+
if (input.mcpServers && typeof input.mcpServers === 'object' && !Array.isArray(input.mcpServers)) {
|
|
157
|
+
servers = input.mcpServers;
|
|
158
|
+
for (const k of Object.keys(input)) {
|
|
159
|
+
if (!KNOWN_TOP_KEYS.has(k)) {
|
|
160
|
+
findings.push({ severity: 'info', code: 'UNKNOWN_TOP_FIELDS', server: '(top)', message: 'unrecognized top-level field "' + k + '"', hint: 'Check for a typo; the config root normally holds only "mcpServers".' });
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
} else if ('command' in input || 'url' in input || 'args' in input || 'env' in input || 'transport' in input) {
|
|
164
|
+
servers = { '(root)': input }; // single-server shape
|
|
165
|
+
} else {
|
|
166
|
+
return { error: 'no MCP servers found', hint: 'Expected {"mcpServers":{...}} or a server object with a "command" or "url" field.' };
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
const names = Object.keys(servers);
|
|
170
|
+
for (const name of names) checkServer(name, servers[name], findings);
|
|
171
|
+
|
|
172
|
+
let score = 100;
|
|
173
|
+
let errors = 0, warns = 0, infos = 0;
|
|
174
|
+
for (const f of findings) {
|
|
175
|
+
if (f.severity === 'error') { score -= 25; errors++; }
|
|
176
|
+
else if (f.severity === 'warn') { score -= 10; warns++; }
|
|
177
|
+
else { score -= 2; infos++; }
|
|
178
|
+
}
|
|
179
|
+
if (score < 0) score = 0;
|
|
180
|
+
|
|
181
|
+
return { score, findings, summary: { servers: names.length, errors, warns, infos } };
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
module.exports = { auditMcpConfig };
|