DID
Decentralized identifiers. Who is this agent? Cryptographic binding to keys and lineage.
EU AI Act high-risk deadline in days
The paper trail for AI agents.
Your humans have paper trails. Your AI agents don't. Wrap any LangChain agent in three lines — every action becomes signed, hash-chained, independently verifiable evidence.
THE PROBLEM
Agents have permissions. Nobody has proof.
AI agents are starting to move money, make trades, and handle procurement. But right now there's no way to prove what they actually did. MCP handles tool connections. A2A handles messaging between agents. AP2 handles payments. But nobody handles proof that the agent actually followed its rules. That's what we built.
Until now.
SIX PRIMITIVES
The trust stack
Together, these turn “policy” from a promise into a proof.
Behavioral spec
What will it do — and won’t do? Signed, immutable constraints. Only narrowable, never loosened.
W3C VC
Verifiable credentials. Prove identity and compliance without revealing internals.
Hash-chained
Every action logged. Tamper-evident. Audit trail that anyone can verify.
Deterministic
Same inputs, same result. Independent, deterministic verification—no trust in the verifier.
Staking / slashing
Skin in the game. Violations are costly. Stake at risk aligns behavior with commitments.
HOW IT WORKS
From action to verifiable proof
1
Agent decides action
2
Middleware intercepts
3
Evaluate covenant
4
Block or allow
5
Log to action log
6
Verifiable by anyone
SEE IT FAIL CLOSED
Agent tries $600 transfer → middleware blocks → log verifies
nobulex-demo
$ mw.execute({ action: 'transfer', params: { amount: 600 } }, ...)
Agent: Attempting transfer of $600
Middleware: BLOCKED — covenant: amount > 500
Action log: { action: "transfer", amount: 600, result: "blocked", hash: "0x7a3f..." } ✓ verifiable
TWO-TIER GUARANTEE
Impossible or costly
Impossible violation
Middleware runs in a TEE. Policy bypass is prevented inside the enforcement boundary (TEE + attestation assumptions).
Assumptions & threat model: We assume the TEE is uncompromised and correctly attests its identity. The enclave intercepts all agent actions before execution; forbidden actions never reach the host. If the enclave is compromised, an attacker could bypass enforcement — attestation lets you verify which software is running. See the Spec for details.
Costly violation
Stake at risk. Slashing on breach. Rational agents don’t violate when the cost exceeds the gain.
WHY NOBULEX
Not just guardrails
| Guardrails / policy engines | Proof-of-Behavior (Nobulex) | |
|---|---|---|
| Enforcement | Best-effort; can be bypassed | Signed commitments; pre-execution middleware |
| Verification | Trust the operator | Third-party verifiable; anyone can audit |
| Consequences | Policy violation = incident | Tamper-evident proof; cryptographic evidence of breach |
REGULATORY DEADLINES
The clock is ticking
Every major AI compliance framework requires tamper-evident audit trails. Regular logs won't pass.
June 30, 2026
Colorado AI Act
Accountability requirements for AI systems making consequential decisions. First U.S. state-level AI law.
August 2, 2026
EU AI Act Article 12
Requires tamper-evident automatic event logging for high-risk AI systems. Penalties up to €15M or 3% of global revenue.
November 2026
NAIC AI Evaluation
Nationwide AI evaluation tool for insurance. Carriers must prove agent compliance across every claim touched.
WORKS WITH
Plugs into your existing stack
AWS AgentCore
MCP-native — auto-discoverable in Agent Registry
Microsoft AGT
Proof layer for governance toolkit
Google A2A
Behavioral attestation for Agent Cards
LangChain
Drop-in compliance callbacks
TRACTION
Built in the open
3 linesTo integrate
2,736Tests passing
5Packages
OATRRegistered issuer
NISTRFI submitted
FOR DEVELOPERS
Add accountability in minutes
JAVASCRIPT
import { createDID, parseSource, EnforcementMiddleware } from '@nobulex/core';
// 3 lines to add proof-of-behavior enforcement
const agent = await createDID();
const spec = parseSource(`covenant MyAgent { permit read; forbid write; }`);
const mw = new EnforcementMiddleware({ agentDid: agent.did, spec });