Encrypted compute layer for AI agents
Project description
NXD
NXD is an encrypted compute layer for AI agents. It wraps fully homomorphic encryption, credential vaulting, and privacy primitives behind a single Python import — so developers can run agents on sensitive data without exposing client records, credentials, or proprietary code to models, clouds, or MCP servers.
Three guarantees
- The agent works fully — capability unchanged; scores, matches, charges, and aggregates complete normally.
- The agent sees nothing — sensitive values stay encrypted; agents handle opaque tokens and references only.
- The operator holds the keys — keys stay local, auditable, and revocable.
Install
export NXD_OPERATOR_PASSPHRASE="choose-a-long-random-passphrase"
pip install nxd
Requires Python 3.10 or 3.11 (Concrete ML FHE dependency).
Quick start
import nxd
# FHE compute on encrypted data
results = nxd.score(model, clients)
matched = nxd.match(model, record_a, record_b)
average = nxd.aggregate(model, records)
# Credentials — agent never sees plaintext keys
vault = nxd.Vault(agent_id="billing-agent")
vault.store("stripe_key", "sk_live_xxxx")
result = vault.use("stripe_key", stripe_charge_fn)
vault.audit_log()
vault.rotate_master_key()
# Agent-to-agent encrypted context
handoff = nxd.Handoff()
token = handoff.pack(clients)
scores = nxd.receive(model, token, handoff)
# Code and text privacy before any AI call
protected = nxd.shield(source_code)
original = nxd.unshield(protected)
# Encrypted search, identity, tokenization, best-effort redaction
index = nxd.build_index(records)
token, hits = nxd.search(index, "diabetes")
nxd.register("user_123", "credential")
nxd.verify("user_123", candidate)
safe = nxd.redact("Patient John Smith, SSN 432-12-6789")
token = nxd.tokenize("4532-1234-5678-9010")
# Documents, channels, state, signatures
nxd.seal("contract.pdf")
ch = nxd.channel("agent-a", "agent-b")
nxd.checkpoint.save("agent-123", state)
nxd.sign("agent-a", "approve payment")
# Privacy-noise analytics, key control, audit
nxd.blur(47230.0, sensitivity=1000, epsilon=1.0)
shares = nxd.split("master_key", n=5, m=3)
locked = nxd.bind(data, recipient="agent-compliance-7")
nxd.audit.verify()
Benchmarks (MacBook Air, Python 3.11, Concrete ML 1.9.0)
| Operation | Latency | Notes |
|---|---|---|
| FHE score (1 record) | ~183 ms | First-call cold start |
| FHE score (1k records, parallel) | 1.6 s | 8 cores, ~1.6 ms/record |
| FHE match (single pair) | 352 ms | Cross-system comparison |
| FHE aggregate (1k records, parallel) | 1.8 s | ~0.009% quantization error |
| Credential vault use | <1 ms | Decrypt in memory only |
| Proof suite | 85/85 passed | python3 prove.py |
What NXD does not protect against
NXD protects credentials and sensitive data from AI providers, model context, and ordinary cloud exposure. It does not remove the need for normal endpoint security and key management discipline.
If your local machine is compromised, master.key can be stolen. NXD protects credentials in transit and keeps them out of agent-visible plaintext, but it does not protect against local machine compromise.
NXD can prevent a model from seeing plaintext inputs. It does not control what a model does with the encrypted or redacted results it receives, so output handling still matters.
NXD uses FHE for specific compute operations such as score, match, and aggregate. It does not run the full LLM context window under FHE. For prompt and code protection, use redact() and shield().
The local master.key model is suitable for development and small deployments. Production systems should use a managed key system such as HashiCorp Vault or AWS KMS. Hosted key management is on the NXD roadmap.
NXD helps protect against external providers and cloud exposure. It does not protect against a trusted operator with physical access, because that operator holds the keys by design.
Current encryption choices are not presented as quantum-resistant. Post-quantum primitives are on the roadmap, but they are not part of the current release.
redact() is best-effort pattern detection for common PII and secret formats. It reduces exposure, but it is not a guarantee that every sensitive value in every format will be detected.
blur() uses calibrated Laplace privacy noise with explicit epsilon and sensitivity inputs. The helper is suitable for internal privacy-noise workflows, but formal differential-privacy claims for regulated deployments should follow an external review of the implementation and your parameter choices.
split() adds tamper detection to Shamir-style key splitting, but formal secret-sharing assurances should likewise be covered by external review before carrying a security certification claim.
Operator workflow
Set NXD_OPERATOR_PASSPHRASE before using the vault, audit chain, signatures, or any operator-only reveal flow. NXD stores ciphertext at rest, and the local key files are now wrapped with a PBKDF2-derived key from that operator passphrase.
When you use nxd init, NXD can vault .env secrets, replace them with NXD_VAULT::NAME references, and write an encrypted .env.backup.nxd recovery file.
On the MCP path, decrypt-style tools such as nxd_unshield, nxd_unseal_text, and nxd_detokenize no longer return plaintext to the agent. They queue an operator-only reveal:
nxd reveal <reveal_id>
Development
git clone https://github.com/Nexploraai/nxd
cd nxd
pip install -e ".[dev]"
python3 prove.py
python3 agent.py
python3 demo.py
License
Proprietary — Nexplora Labs. Free to use in projects, but the source may not be modified, redistributed, resold, or used to build a competing encryption or agent-protection product. See LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nxd-0.3.0.tar.gz.
File metadata
- Download URL: nxd-0.3.0.tar.gz
- Upload date:
- Size: 31.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d85861b1390ed049bff74802f561b11c64bada4b20c9bda1d45bb207e5258678
|
|
| MD5 |
4983b222c7e2c4bbb5c03d62b75f26da
|
|
| BLAKE2b-256 |
785ff790867f3282b93585f64d1e98ec6e5b4c0b9a6a5ac211c4866c0d95c32a
|
File details
Details for the file nxd-0.3.0-py3-none-any.whl.
File metadata
- Download URL: nxd-0.3.0-py3-none-any.whl
- Upload date:
- Size: 31.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
64ff3add84c3b1c30ce98059801e176b3429f415cb4fcd9f853e1770356b8655
|
|
| MD5 |
4469a234dff12708043d77ed9773ebbd
|
|
| BLAKE2b-256 |
0e1afa0cb147e0d8860eb368893d8d59ee7b1686b489641bb90e2117992bbab4
|