Sovereign Agent OS โ Persistent Memory, Governance & Compliance for AI Agents
Project description
๐ง Nucleus โ Sovereign Agent OS
โ ๏ธ official repository โ nucleus-mcp
The sovereign, local-first Agent Operating System โ persistent memory, governance, compliance, and audit trails for any AI agent.
๐ Website โข ๐ฆ Live KYC Demo โข ๐ 170+ Tool Catalog โข ๐ฌ Discord
[!CAUTION] After the OpenClaw security crisis (1.5M API keys leaked, sleeper agents in skills), agent security is no longer optional. Nucleus is built security-first: hypervisor controls, resource locking, compliance governance, and full audit trails โ all 100% local.
๐ฏ The Problem
AI agents are powerful, but ungoverned:
- No memory โ every session starts from zero
- No audit trail โ no one knows why the agent did what it did
- No compliance โ regulators can't approve what they can't trace
- No sovereignty โ your data flows through someone else's cloud
For regulated industries (BFSI, healthcare, legal), this is a dealbreaker.
โจ The Solution: Sovereign Agent OS
Nucleus gives every AI agent a persistent brain with built-in governance:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ง Nucleus โ Sovereign Agent OS โ
โ โ
โ โโ Memory โโโ โโ Governance โ โโ DSoR โโโโโ โ
โ โ Engrams โ โ HITL โ โ Decision โ โ
โ โ Sessions โ โ Kill Switch โ โ Trail โ โ
โ โ Context โ โ Compliance โ โ Audit โ โ
โ โโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโ โ
โ โ
โ 100% Local โข Zero Cloud โข Full Audit Trail โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Quick Start (2 Minutes)
Install
pip install nucleus-mcp
nucleus self-setup
Adaptive Path Discovery
Nucleus automatically locates your .brain by following this hierarchy:
NUCLEUS_BRAIN_PATHenvironment variable.- Climbing parent directories from CWD to find an existing
.brain. - Defaulting to
$HOME/.nucleus/brain.
Try It
# See your sovereignty posture
nucleus sovereign
# Run a KYC compliance demo (15-minute BFSI demo)
nucleus kyc demo
# Apply EU DORA compliance
nucleus comply --jurisdiction eu-dora
# Generate audit-ready report
nucleus audit-report --format html -o report.html
# Browse decision trails
nucleus trace list
# System Health & Lock Recovery
nucleus status --health
nucleus status --cleanup-lock
Configure (Claude Desktop / Cursor / Windsurf)
Add to your MCP config:
{
"mcpServers": {
"nucleus": {
"command": "python3",
"args": ["-m", "nucleus_mcp"],
"env": {
"NUCLEAR_BRAIN_PATH": "/path/to/your/.brain"
}
}
}
}
๐๏ธ Agent CLI โ v1.6.0 "The Autonomous Incident Brain"
Nucleus speaks MCP + CLI + SDK. Every command auto-detects TTY (table) vs pipe (JSON).
# Memory
nucleus engram search "compliance" # Table in terminal, JSONL when piped
nucleus engram write my_key "important insight" --context Strategy --intensity 8
nucleus engram query --context Decision --limit 10
# Tasks
nucleus task list --status READY --format json # Force JSON output
nucleus task add "Ship v1.4.0 CLI" --priority 1
nucleus task update task-abc123 --status DONE
# Sessions
nucleus session save "Working on CLI implementation"
nucleus session resume # Most recent session
# Growth
nucleus growth pulse # GitHub stars + PyPI + compound
nucleus growth status # Metrics without side effects
# Outbound I/O
nucleus outbound check reddit r/ClaudeAI # Idempotency gate
nucleus outbound record reddit r/ClaudeAI --permalink https://reddit.com/abc
nucleus outbound plan # What's ready vs posted
# Pipe-friendly (Unix composable)
nucleus engram search "test" | jq '.key'
nucleus task list --format tsv | cut -f1,3
Global flags: --format json|table|tsv โข --brain-path /path/to/.brain โข --version
๏ฟฝ๐ฅ The Layered Open-Core Model
Nucleus is designed for progressive adoption. You can start local and scale up to full institutional compliance seamlessly.
- Layer 1: Sovereign Core (OSS): 100% local, persistent engrams, session state, and essential file governance.
- Layer 2: CLI-First Tooling:
morning-brief,end-of-day, and thedogfoodtracker for compounding intelligence. - Layer 3: Deployment Kit: 1-command jurisdiction deployments (
nucleus deploy --jurisdiction eu-dora). - Layer 4: Institutional Compliance: DSoR Trace Viewer, Audit Report HTML exports (DORA/MAS TRM), and strict HITL gates.
๐๏ธ Why Nucleus for Regulated Industries
Jurisdiction-Aware Compliance
One command to configure for any regulatory framework:
nucleus comply --jurisdiction eu-dora # EU DORA (7yr retention, kill switch)
nucleus comply --jurisdiction sg-mas-trm # Singapore MAS TRM (5yr, strictest HITL)
nucleus comply --jurisdiction us-soc2 # US SOC2 (1yr retention)
nucleus comply --report # Check compliance status
| Jurisdiction | Region | Retention | HITL Ops | Kill Switch |
|---|---|---|---|---|
eu-dora |
EU | 7 years | 5 types | โ Required |
sg-mas-trm |
Singapore | 5 years | 5 types | โ Required |
us-soc2 |
US/Global | 1 year | 3 types | โช Optional |
global-default |
Global | 90 days | 2 types | โช Optional |
KYC Compliance Demo
Built-in demo workflow showing how Nucleus governs a KYC document review:
nucleus kyc review APP-001 # Low risk โ โ
APPROVE
nucleus kyc review APP-002 # Medium risk โ โ ๏ธ ESCALATE (PEP match)
nucleus kyc review APP-003 # High risk โ โ REJECT (sanctions)
nucleus kyc demo # Run all 3 in sequence
Each review generates:
- 5 automated checks (sanctions, PEP, document validity, risk factors, source of funds)
- Full decision trail stored as DSoR (Decision System of Record) trace
- HITL approval request for risky applications
- Sovereignty guarantee: all processing is local
Audit Reports
Generate audit-ready reports for regulators:
nucleus audit-report # Terminal text
nucleus audit-report --format json # JSON for APIs
nucleus audit-report --format html -o report.html # HTML for compliance officers
Sovereignty Status
See your full sovereignty posture:
nucleus sovereign
Shows: sovereignty score (0-100), memory health, governance posture, DSoR integrity, data residency guarantee.
๐ Full Feature Set
Core โ Persistent Agent Memory
| Feature | Command | Description |
|---|---|---|
| Engrams | nucleus_engrams |
Persistent knowledge that survives sessions |
| Sessions | nucleus_sessions |
Save and resume work context |
| Morning Brief | nucleus morning-brief |
Daily compounding intelligence brief |
| End of Day | nucleus end-of-day |
Capture learnings as engrams |
Governance โ Agent Controls
| Feature | Command | Description |
|---|---|---|
| Compliance | nucleus comply |
Jurisdiction-aware configuration |
| Audit Reports | nucleus audit-report |
Audit-ready compliance reports |
| KYC Demo | nucleus kyc |
Pre-built compliance demo workflow |
| DSoR Traces | nucleus trace |
Browse decision trails |
| Sovereignty | nucleus sovereign |
Full sovereignty posture report |
| HITL | Built-in | Human-in-the-loop approval gates |
| Kill Switch | Built-in | Emergency halt for agent operations |
| Hypervisor | nucleus_governance |
File locking, security, mode control |
Orchestration โ Multi-Agent Coordination
| Feature | Command | Description |
|---|---|---|
| Tasks | nucleus_tasks |
Track work across agents |
| Sync | nucleus_sync |
Multi-agent brain synchronization |
| Slots | nucleus_slots |
Agent orchestration with sprint mode |
| Federation | nucleus_federation |
Multi-brain coordination |
โก Comparison
| OpenClaw | Claude Code | Nucleus | |
|---|---|---|---|
| Security | โ Key leaks, sleeper agents | โ ๏ธ Cloud-managed | โ Hypervisor + audit trail |
| Compliance | โ None | โ None | โ DORA, MAS TRM, SOC2 |
| Audit Trail | โ | โ ๏ธ Basic logs | โ Full DSoR + HTML reports |
| HITL | โ | โ ๏ธ Limited | โ Jurisdiction-configurable |
| Cross-Platform | โ | โ | โ Any MCP client |
| Local-First | โ ๏ธ Some cloud | โ ๏ธ Some cloud | โ 100% local |
| Open Source | โ MIT | โ Closed | โ MIT |
๐ณ Deployment
Docker (per jurisdiction)
# EU DORA deployment
docker compose -f deploy/docker-compose.eu-dora.yml up -d
# Or use the one-command deployment script
./deploy/deploy.sh eu-dora
Local
pip install nucleus-mcp
nucleus init
nucleus comply --jurisdiction eu-dora
nucleus sovereign # Verify
๐ญ Anonymous Telemetry
Nucleus collects anonymous, aggregate usage statistics to improve the product. No personal data, no engram content, no org docs โ ever.
โ ๏ธ Note: Anonymous telemetry powers the autonomous incident brain engine (
telemetry.nucleusos.dev). Disabling it may degrade or disable autonomy features like policy adaptation, crash-loop detection, and rollout health scoring. Only opt out if you have a fully local telemetry stack.
Opt out in 1 command:
nucleus config --no-telemetry
# or via env: NUCLEUS_ANON_TELEMETRY=false
# or in config: telemetry.anonymous.enabled: false
What's collected: command name, duration, error type, Nucleus/Python version, OS platform.
What's NEVER collected: engram content, file paths, prompts, API keys, any PII.
See TELEMETRY.md for full details.
๐ฆ v1.6.0 โ The Autonomous Incident Brain
- Phase E: Automated Incident Response โ Playbook-driven detection and triage
- Phase F: Adaptive Policy Engine โ Feedback loops that tune autonomy bounds over time
- Phase G: Reliability Policy Surface โ Configurable autonomy envelope with hard limits
- Phase H: Full-Stack Health Monitoring โ Crash-loop defense with bounded restarts and backoff
- Phase I: Safe Rollouts & Auto-Rollback โ Health-gated releases with automatic regression recovery
- Pre-launch validated โ 18/20 tests passing; safety, stability, and dev-UX verified
- Safe by default โ
observe_onlymode;allow_disable_command: false
๐ฆ v1.5.0 โ The Sovereign Kernel
- Adaptive Path Discovery โ Zero-conf brain location (Env > CWD > Home)
- Universal Shell Integration โ Integrated bash/zsh completions via
self-setup - Federation Level 1 โ Automated local peer discovery via IPC
- DSoR Self-Healing โ Automated reconciliation of orphaned decisions in audit logs
- CLI Sovereignty โ Unified routing, Python-native bootstrap, and health monitoring
- 80+ tests โ All passing (including stale lock recovery and recursion guards)
See CHANGELOG.md for full details.
๐ค Community & Contributing
- ๐ Found a bug? Open an Issue
- ๐ก Feature idea? Start a Discussion
- ๐ง Want to contribute? See CONTRIBUTING.md
- ๐ฌ Join Discord โ Join the Nucleus Development Server
๐ License
MIT ยฉ 2026 Nucleus Team | hello@nucleusos.dev
Built for the AI-native enterprise. Star us if Nucleus gives your agents a brain โ and a conscience. โญ
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nucleus_mcp-1.6.1.tar.gz.
File metadata
- Download URL: nucleus_mcp-1.6.1.tar.gz
- Upload date:
- Size: 81.2 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2202a7c1773e013f8c2ef44f1eecc2a99851e884ee072ff5b70c6e8651cfe27e
|
|
| MD5 |
d19de713264c741a9e9ba3eaeaa8ed37
|
|
| BLAKE2b-256 |
29bd3a7c546d08f9e7cac7e1533c0bbad8051abf56519bbf3a9eea7a6532bc8f
|
File details
Details for the file nucleus_mcp-1.6.1-py3-none-any.whl.
File metadata
- Download URL: nucleus_mcp-1.6.1-py3-none-any.whl
- Upload date:
- Size: 675.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1ae79980794c10def55c0f3ffae7b6809f6a6c738e4507e4d9bbdbdcebf224b5
|
|
| MD5 |
d1addcddf916412d6f4666f22b0993a0
|
|
| BLAKE2b-256 |
ffc59df4bb552b28cdba4c0b4554c67d3e45b082de12ac45d9e2e74171da59e0
|
