Skip to content

feat: add Nobulex — Ed25519 action receipts as external execution evidence #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
arian-gogani wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: add Nobulex — Ed25519 action receipts as external execution evidence #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
99a5a2b
feat: add Nobulex — Ed25519 action receipts as external execution evi…
arian-gogani Jun 18, 2026
31f2f27
fix: correct integration.yaml schema — flat format, description under…
arian-gogani Jun 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions integrations/nobulex/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Nobulex integration with TRACE (external execution evidence)

Nobulex is a Python SDK that emits Ed25519-signed receipts for agent actions. Each receipt is JCS-canonical (RFC 8785) and carries `action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))` as a content-derived identifier.

This positions Nobulex receipts as external execution evidence in the sense described in trace-spec #34: signed assertions from a non-gateway authority, bound to a specific call by `action_ref`, independently verifiable against the issuer public key.

**What this integration does:** generates verifiable per-action receipts from Python agents that can be attached as `external_execution_evidence` on cMCP audit entries.

**What it does not claim:** Nobulex receipts are not TRACE Trust Records. They are per-action signed assertions that a verifier can optionally check alongside a Trust Record, as described in trace-spec #34.

## Run it

```bash
pip install nobulex
```

```python
from nobulex import Agent

agent = Agent("my-agent")
receipt = agent.act("tool_call", scope="resource:read")

assert receipt.verify() # Ed25519 signature over JCS-canonical fields
print(receipt.action_ref) # SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))
print(receipt.signature) # hex-encoded Ed25519 signature
print(receipt.signer_public_key) # hex-encoded Ed25519 public key
```

## What is verified

Running the above produces a receipt where:
- `receipt.verify()` returns `True` — signature is valid over the canonical field set
- `receipt.action_ref` is a 64-character hex string — SHA-256 over JCS-canonical JSON
- The receipt can be independently verified by any party holding `signer_public_key`

## Links

- PyPI: https://pypi.org/project/nobulex/
- npm: https://www.npmjs.com/package/@nobulex/core
- Repo: https://github.com/arian-gogani/nobulex
- Demo: https://nobulex.com/demo
15 changes: 15 additions & 0 deletions integrations/nobulex/integration.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: Nobulex
vendor: Nobulex
integrates_with:
- trace
description: >-
Emits Ed25519-signed JCS-canonical action receipts; each carries
action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))
usable as TRACE external execution evidence (trace-spec #34).
maintainer:
github: arian-gogani
email: nobulex.dev@gmail.com
repository: https://github.com/arian-gogani/nobulex
homepage: https://nobulex.com
license: MIT
tier: community
Loading