mcp-nervous-system 1.7.3 → 1.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -4,7 +4,7 @@
4
4
 
5
5
  7 mechanically enforced rules that prevent the most common failure modes when LLMs have access to real infrastructure: context loss, silent failures, file damage, goal drift, and overreach.
6
6
 
7
- Built by [Arthur Palyan](https://www.levelsofself.com) at Palyan Family AI System. 18 tools including configuration drift detection and emergency kill switch. Battle-tested on an 11-member AI family running 30 processes 24/7 on a single VPS. 58+ violations logged, 0 bypassed.
7
+ Built by [Arthur Palyan](https://www.levelsofself.com) at Palyan Family AI System. 19 tools including configuration drift detection and emergency kill switch. Battle-tested on an 11-member AI family running 30 processes 24/7 on a single VPS. 58+ violations logged, 0 bypassed.
8
8
 
9
9
  ## The Problem
10
10
 
@@ -60,7 +60,7 @@ Protocol: MCP 2024-11-05 (Streamable HTTP + SSE)
60
60
  Authentication: None required
61
61
  ```
62
62
 
63
- ## NEW in v1.7.2
63
+ ## NEW in v1.7.3
64
64
 
65
65
  **drift_audit** (free tier)
66
66
  Configuration drift detection across 5 scopes: roles, versions, files, processes, and website. Scans source-of-truth files (family-roles.json, package.json, UNTOUCHABLE_FILES.txt) against all downstream references - HTML pages, JSON configs, markdown docs, and running PM2 processes. Change one file, drift_audit tells you everywhere else that needs updating. The closed loop that keeps your entire system consistent.
@@ -0,0 +1,172 @@
1
+ # The Nervous System
2
+
3
+ **LLM Behavioral Enforcement Framework**
4
+
5
+ 7 mechanically enforced rules that prevent the most common failure modes when LLMs have access to real infrastructure: context loss, silent failures, file damage, goal drift, and overreach.
6
+
7
+ Built by [Arthur Palyan](https://www.levelsofself.com) at Palyan Family AI System. 18 tools including configuration drift detection and emergency kill switch. Battle-tested on an 11-member AI family running 30 processes 24/7 on a single VPS. 58+ violations logged, 0 bypassed.
8
+
9
+ ## The Problem
10
+
11
+ When you give an LLM access to your file system, bash, and production infrastructure, it will eventually:
12
+
13
+ - Edit a file it shouldn't touch
14
+ - Lose context between sessions and start over
15
+ - Drift from the original objective during long tasks
16
+ - Fail silently when a session times out
17
+ - Make logic changes without asking
18
+ - Disappear into debug loops
19
+
20
+ The Nervous System solves all of these with rules enforced by external mechanisms the LLM cannot override.
21
+
22
+ ## Install
23
+
24
+ ### Claude Desktop
25
+
26
+ Add to your `claude_desktop_config.json`:
27
+
28
+ ```json
29
+ {
30
+ "mcpServers": {
31
+ "nervous-system": {
32
+ "command": "npx",
33
+ "args": ["-y", "mcp-nervous-system"]
34
+ }
35
+ }
36
+ }
37
+ ```
38
+
39
+ ### Claude Code
40
+
41
+ ```bash
42
+ claude mcp add nervous-system npx mcp-nervous-system
43
+ ```
44
+
45
+ ### Direct
46
+
47
+ ```bash
48
+ npx mcp-nervous-system
49
+ ```
50
+
51
+ Server starts on port 3475 with SSE, HTTP, and health endpoints.
52
+
53
+ ### Hosted (No Install)
54
+
55
+ The server is live and ready to use:
56
+
57
+ ```
58
+ URL: https://api.100levelup.com/mcp-ns/
59
+ Protocol: MCP 2024-11-05 (Streamable HTTP + SSE)
60
+ Authentication: None required
61
+ ```
62
+
63
+ ## NEW in v1.7.2
64
+
65
+ **drift_audit** (free tier)
66
+ Configuration drift detection across 5 scopes: roles, versions, files, processes, and website. Scans source-of-truth files (family-roles.json, package.json, UNTOUCHABLE_FILES.txt) against all downstream references - HTML pages, JSON configs, markdown docs, and running PM2 processes. Change one file, drift_audit tells you everywhere else that needs updating. The closed loop that keeps your entire system consistent.
67
+
68
+ **Positioning: Auto mode decides what Claude CAN do. The Nervous System governs HOW it behaves while doing it.**
69
+
70
+ ## The 7 Rules
71
+
72
+ | # | Rule | What It Prevents |
73
+ |---|------|-----------------|
74
+ | 1 | **Dispatch Don't Do** | Debug loops, rabbit holes. Tasks > 2 messages get dispatched. |
75
+ | 2 | **Untouchable** | File damage. Protected files mechanically blocked from editing. |
76
+ | 3 | **Write Progress** | Silent failures. Progress noted before each action. |
77
+ | 4 | **Step Back Every 4** | Goal drift. Forced reflection every 4 messages. |
78
+ | 5 | **Delegate and Return** | Invisible work. Background tasks reported immediately. |
79
+ | 6 | **Ask Before Touching** | Unauthorized changes. Logic changes need human approval. |
80
+ | 7 | **Hand Off** | Context loss. Written handoffs every 3-4 exchanges. |
81
+
82
+ ## MCP Tools (12)
83
+
84
+ | Tool | Description |
85
+ |------|------------|
86
+ | `get_framework` | Complete framework: all rules, permission protocol, enforcement patterns |
87
+ | `guardrail_rules` | The 7 core rules with triggers, enforcement, and failure modes |
88
+ | `preflight_check` | File protection system: shell script blocks edits to protected files |
89
+ | `session_handoff` | Context preservation: templates for handoff documents |
90
+ | `worklog` | Progress documentation pattern |
91
+ | `violation_logging` | Audit trail: timestamp, type, context for every violation |
92
+ | `step_back_check` | Forced reflection system |
93
+ | `get_nervous_system_info` | System overview and operational stats |
94
+ | `emergency_kill_switch` | Emergency shutdown of all PM2 processes. Requires kill switch secret. Logs to tamper-evident audit trail |
95
+ | `verify_audit_chain` | Walks the SHA-256 hash-chained audit log and verifies every entry. Returns chain integrity status |
96
+ | `dispatch_to_llm` | Spawns a background LLM agent to handle a task. Checks RAM, enforces max 2 concurrent dispatches |
97
+ | `drift_audit` | Configuration drift detection across roles, versions, files, processes, and website. Finds stale values everywhere. |
98
+
99
+ ## Kill Switch
100
+
101
+ The `emergency_kill_switch` tool provides an emergency shutdown capability. Send a POST request to `/kill` with the kill switch secret to immediately stop all PM2 processes. Every activation is logged to the tamper-evident audit trail with SHA-256 hash chaining, so kill switch events cannot be hidden or altered after the fact.
102
+
103
+ - Requires authentication (kill switch secret)
104
+ - Logs to hash-chained audit trail
105
+ - Returns confirmation with affected process count
106
+
107
+ ## Tamper-Evident Audit Trail
108
+
109
+ Every guardrail violation, kill switch activation, and dispatch event is recorded in a SHA-256 hash-chained audit log. Each entry includes the hash of the previous entry, making it cryptographically impossible to alter or delete past records without breaking the chain.
110
+
111
+ - Use `verify_audit_chain` to walk the entire chain and verify integrity
112
+ - Returns: valid/invalid status, entry count, and break point if tampered
113
+ - 58+ violations logged, 0 bypassed, 0 chain breaks
114
+
115
+ ## Dispatch to LLM
116
+
117
+ The `dispatch_to_llm` tool enables a brain + agents architecture. Instead of one LLM session doing everything, complex tasks get dispatched to background agents that run independently under the same 7 rules.
118
+
119
+ - Checks available RAM (requires 500MB+)
120
+ - Enforces max 2 concurrent dispatches
121
+ - Returns PID and log file path for monitoring
122
+ - Every dispatched agent runs under the same nervous system guardrails
123
+
124
+ ## EU AI Act Compliance
125
+
126
+ The Nervous System provides practical compliance tools for the EU AI Act. See the full compliance page at:
127
+
128
+ https://api.100levelup.com/family/eu-ai-act.html
129
+
130
+ ## Resources (5)
131
+
132
+ - `nervous-system://framework` - The complete framework
133
+ - `nervous-system://quick-start` - Quick start guide
134
+ - `nervous-system://rules` - The 7 core rules
135
+ - `nervous-system://templates` - Templates for handoffs, worklogs, preflight
136
+ - `nervous-system://drift-audit` - Configuration drift detection
137
+
138
+ ## Production Stats
139
+
140
+ From the live Palyan Family AI System deployment (Feb 28 - Mar 5, 2026):
141
+
142
+ - **58+** violations caught
143
+ - **29** edits blocked by preflight
144
+ - **13** unique files protected
145
+ - **0** rules bypassed
146
+ - **28** processes monitored
147
+ - **7** days continuous operation
148
+
149
+ ## Live Demo
150
+
151
+ Try it yourself (no login required):
152
+
153
+ - **[Interactive Demo](https://api.100levelup.com/family/arthur.html?guest=1)** - Talk to a governed LLM and try to break the rules
154
+ - **[Audit Dashboard](https://api.100levelup.com/family/audit.html)** - See real violation history with timeline
155
+ - **[System Status](https://api.100levelup.com/family/status.html)** - Live health checks
156
+ - **[API Documentation](https://api.100levelup.com/family/api-docs.html)** - Full tool and resource reference
157
+ - **[Case Study](https://api.100levelup.com/family/case-study.html)** - Production deployment data
158
+ - **[Plain English Rules](https://api.100levelup.com/family/rules-plain.html)** - For non-technical stakeholders
159
+ - **[Incident Response](https://api.100levelup.com/family/incident-response.html)** - Detection, containment, resolution
160
+ - **[EU AI Act Compliance](https://api.100levelup.com/family/eu-ai-act.html)** - Practical EU AI Act compliance tools
161
+
162
+ ## Philosophy
163
+
164
+ > "LLMs can't reliably self-enforce promises. Guardrails work via preflight.sh, violation logs, and catching drift. Build enforcement systems, don't make promises."
165
+
166
+ If a guardrail can be violated by the thing it guards, it is not a guardrail. It is a suggestion.
167
+
168
+ Every rule in the Nervous System is enforced by an external mechanism: a shell script, a timer, a separate monitoring process. The LLM cannot override, circumvent, or ignore them.
169
+
170
+ ## License
171
+
172
+ MIT
package/index.js CHANGED
@@ -151,7 +151,7 @@ function getFreeMB() {
151
151
  } catch (e) { return 0; }
152
152
  }
153
153
 
154
- function dispatchToLLM(task, maxTurns) {
154
+ function dispatchToLLM(task, maxTurns, permissions) {
155
155
  cleanupDispatches();
156
156
  const active = activeDispatches.filter(d => d.status === 'active');
157
157
  if (active.length >= MAX_CONCURRENT_DISPATCHES)
@@ -161,6 +161,18 @@ function dispatchToLLM(task, maxTurns) {
161
161
  const ts = Date.now();
162
162
  const logFile = projectPath('logs_dir') ? `${projectPath('logs_dir')}/dispatch-${ts}.log` : path.join(os.homedir(), '.nervous-system', `dispatch-${ts}.log`);
163
163
  const turns = maxTurns || 15;
164
+ // Write task-level permissions if provided
165
+ if (permissions && Array.isArray(permissions) && permissions.length > 0) {
166
+ try {
167
+ const permData = {
168
+ permissions: permissions.map(function(fp) {
169
+ return { file: fp, reason: 'Granted via dispatch_to_llm', granted_at: Date.now() / 1000 };
170
+ })
171
+ };
172
+ fs.writeFileSync('/root/family-data/task-permissions.json', JSON.stringify(permData, null, 2));
173
+ } catch (e) {}
174
+ }
175
+
164
176
  try {
165
177
  const escaped = task.replace(/"/g, '\\"');
166
178
  const child = spawn('bash', ['-c',
@@ -180,7 +192,7 @@ const MCP_VERSION = '2024-11-05';
180
192
  // Server info
181
193
  const SERVER_INFO = {
182
194
  name: 'nervous-system',
183
- version: '1.7.2'
195
+ version: '1.7.4'
184
196
  };
185
197
 
186
198
  // ============================================================
@@ -189,7 +201,7 @@ const SERVER_INFO = {
189
201
 
190
202
  const FRAMEWORK = {
191
203
  name: 'The Nervous System',
192
- version: '1.7.2',
204
+ version: '1.7.4',
193
205
  author: 'Arthur Palyan',
194
206
  tagline: 'Anthropic built the brain. Arthur built the nervous system that keeps it from hurting itself.',
195
207
  problem: 'LLMs lose context between sessions, loop on problems instead of dispatching, silently fail without progress notes, edit protected files, drift from the real problem, and solve instead of asking.',
@@ -647,7 +659,8 @@ const TOOLS = [
647
659
  type: 'object',
648
660
  properties: {
649
661
  task: { type: 'string', description: 'Task description for the background agent.' },
650
- max_turns: { type: 'number', description: 'Max turns for the agent. Default: 15.' }
662
+ max_turns: { type: 'number', description: 'Max turns for the agent. Default: 15.' },
663
+ permissions: { type: 'array', items: { type: 'string' }, description: 'File paths the agent is allowed to edit (bypasses UNTOUCHABLE for these files). Expires after 24h.' }
651
664
  },
652
665
  required: ['task']
653
666
  }
@@ -1889,7 +1902,7 @@ function handleToolCall(name, args) {
1889
1902
  }
1890
1903
 
1891
1904
  case 'dispatch_to_llm': {
1892
- return dispatchToLLM(args.task, args.max_turns);
1905
+ return dispatchToLLM(args.task, args.max_turns, args.permissions);
1893
1906
  }
1894
1907
 
1895
1908
  case 'drift_audit': {
@@ -1994,24 +2007,6 @@ function runSelfCheck() {
1994
2007
  });
1995
2008
  } catch (e) {}
1996
2009
 
1997
- // 3. CHECK: Do our tools expose internal project details?
1998
- // The mcp_analyzer should not return raw file counts, paths, or structure
1999
- try {
2000
- const source = fs.readFileSync(__filename, 'utf8');
2001
- if (source.includes('result.project = characteristics') ||
2002
- source.includes('characteristics.file_count') && source.includes('reason:') && !source.includes('// internal only')) {
2003
- // Check if file counts leak into user-visible output
2004
- var analyzerSection = source.substring(source.indexOf('runMCPAnalyzer'));
2005
- if (analyzerSection.includes("characteristics.file_count + '")) {
2006
- findings.push({
2007
- type: 'info_leakage',
2008
- severity: 'medium',
2009
- message: 'mcp_analyzer exposes raw project scan data (file counts, paths) in its response',
2010
- fix: 'Return only recommendations and offer to apply them, not raw scan details'
2011
- });
2012
- }
2013
- }
2014
- } catch (e) {}
2015
2010
 
2016
2011
  // 4. CHECK: Are there hardcoded /root/ paths in code that ships to clients?
2017
2012
  try {
@@ -2515,7 +2510,7 @@ const server = http.createServer((req, res) => {
2515
2510
  // Health check
2516
2511
  if (req.method === 'GET' && url.pathname === '/health') {
2517
2512
  res.writeHead(200, { 'Content-Type': 'application/json' });
2518
- res.end(JSON.stringify({ status: 'ok', service: 'nervous-system-mcp', version: '1.7.2', protocol: MCP_VERSION }));
2513
+ res.end(JSON.stringify({ status: 'ok', service: 'nervous-system-mcp', version: '1.7.4', protocol: MCP_VERSION }));
2519
2514
  return;
2520
2515
  }
2521
2516
 
@@ -2632,7 +2627,7 @@ const server = http.createServer((req, res) => {
2632
2627
  res.writeHead(200, { 'Content-Type': 'application/json' });
2633
2628
  res.end(JSON.stringify({
2634
2629
  name: 'The Nervous System MCP Server',
2635
- version: '1.7.2',
2630
+ version: '1.7.4',
2636
2631
  protocol: MCP_VERSION,
2637
2632
  description: 'LLM behavioral enforcement framework. 7 core rules, preflight checks, session handoffs, worklogs, violation logging, kill switch, hash-chained audit, and forced reflection cycles. Built by Arthur Palyan.',
2638
2633
  endpoints: {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mcp-nervous-system",
3
- "version": "1.7.3",
3
+ "version": "1.7.4",
4
4
  "description": "The Nervous System - LLM Behavioral Enforcement Framework. 7 mechanically enforced rules, 17 tools including kill switch, audit chain, dispatch, drift audit, security audit, page health, pre-publish audit, and session close. MCP server for Claude Desktop, Claude Code, and any MCP-compatible client.",
5
5
  "main": "server.js",
6
6
  "bin": {
@@ -0,0 +1,42 @@
1
+ {
2
+ "name": "mcp-nervous-system",
3
+ "version": "1.7.3",
4
+ "description": "The Nervous System - LLM Behavioral Enforcement Framework. 7 mechanically enforced rules, 17 tools including kill switch, audit chain, dispatch, drift audit, security audit, page health, pre-publish audit, and session close. MCP server for Claude Desktop, Claude Code, and any MCP-compatible client.",
5
+ "main": "server.js",
6
+ "bin": {
7
+ "mcp-nervous-system": "./stdio.js"
8
+ },
9
+ "scripts": {
10
+ "start": "node server.js"
11
+ },
12
+ "keywords": [
13
+ "mcp",
14
+ "model-context-protocol",
15
+ "llm",
16
+ "ai-safety",
17
+ "ai-governance",
18
+ "behavioral-enforcement",
19
+ "guardrails",
20
+ "claude",
21
+ "anthropic",
22
+ "nervous-system",
23
+ "kill-switch",
24
+ "audit-trail"
25
+ ],
26
+ "author": "Arthur Palyan <palyanai@gmail.com>",
27
+ "license": "MIT",
28
+ "repository": {
29
+ "type": "git",
30
+ "url": "https://github.com/levelsofself/mcp-nervous-system"
31
+ },
32
+ "homepage": "https://api.100levelup.com/family/gateway.html",
33
+ "bugs": {
34
+ "url": "https://github.com/levelsofself/mcp-nervous-system/issues"
35
+ },
36
+ "engines": {
37
+ "node": ">=18.0.0"
38
+ },
39
+ "dependencies": {
40
+ "@modelcontextprotocol/sdk": "^1.0.0"
41
+ }
42
+ }
@@ -0,0 +1,42 @@
1
+ {
2
+ "name": "mcp-nervous-system",
3
+ "version": "1.7.2",
4
+ "description": "The Nervous System - LLM Behavioral Enforcement Framework. 7 mechanically enforced rules, 17 tools including kill switch, audit chain, dispatch, drift audit, security audit, page health, pre-publish audit, and session close. MCP server for Claude Desktop, Claude Code, and any MCP-compatible client.",
5
+ "main": "server.js",
6
+ "bin": {
7
+ "mcp-nervous-system": "./stdio.js"
8
+ },
9
+ "scripts": {
10
+ "start": "node server.js"
11
+ },
12
+ "keywords": [
13
+ "mcp",
14
+ "model-context-protocol",
15
+ "llm",
16
+ "ai-safety",
17
+ "ai-governance",
18
+ "behavioral-enforcement",
19
+ "guardrails",
20
+ "claude",
21
+ "anthropic",
22
+ "nervous-system",
23
+ "kill-switch",
24
+ "audit-trail"
25
+ ],
26
+ "author": "Arthur Palyan <palyanai@gmail.com>",
27
+ "license": "MIT",
28
+ "repository": {
29
+ "type": "git",
30
+ "url": "https://github.com/levelsofself/mcp-nervous-system"
31
+ },
32
+ "homepage": "https://api.100levelup.com/family/gateway.html",
33
+ "bugs": {
34
+ "url": "https://github.com/levelsofself/mcp-nervous-system/issues"
35
+ },
36
+ "engines": {
37
+ "node": ">=18.0.0"
38
+ },
39
+ "dependencies": {
40
+ "@modelcontextprotocol/sdk": "^1.0.0"
41
+ }
42
+ }