nonsudo
v2.1.0
Published
Runtime governance and execution evidence for AI agents.
Readme
nonsudo
Runtime governance and execution evidence for AI agents.
nonsudo is the agentsec runtime for AI agents. It intercepts agent tool calls, evaluates them against policy, and produces cryptographically signed Tracescale receipts. Verifiable evidence of what your agent actually did, independent of any vendor.
Quick start
The full local emit-and-verify loop runs from a plain npm install in an empty directory. No monorepo checkout, no workspace, no provider API key: the sandbox runtime uses a deterministic local fake upstream.
mkdir my-sandbox && cd my-sandbox
npm install nonsudo
# 1. Check the environment.
./node_modules/.bin/nonsudo doctor
# 2. Scaffold a runnable local sandbox (.nonsudo/ with config, policy,
# and a LOCAL DEV ONLY signing key).
./node_modules/.bin/nonsudo init
# 3. Start the bundled proxy runtime (foreground; Ctrl-C to stop).
./node_modules/.bin/nonsudo proxy devWith the proxy running (default port 8080; pick another with
nonsudo init --listen-port <n>), submit one governed call and fetch
the signed receipt chain from a second terminal:
curl -s -X POST http://127.0.0.1:8080/v1/chat/completions \
-H 'content-type: application/json' \
-d '{
"model": "nonsudo-local-fake-upstream",
"messages": [
{"role": "system", "content": "You may call the process_refund tool."},
{"role": "user", "content": "{\"amount_cents\":5000,\"customer_id\":\"cust_001\"}"}
],
"tools": [{"type": "function", "function": {"name": "process_refund"}}],
"tool_choice": {"type": "function", "function": {"name": "process_refund"}}
}'
curl -s http://127.0.0.1:8080/v1/chain > chain.jsonThen export the PUBLIC signing key and verify the chain with full signature checking:
./node_modules/.bin/nonsudo export-public-key --out public-keys.json
./node_modules/.bin/nonsudo verify-chain --file chain.json --public-keys public-keys.jsonExpected result: Result: VALID with Signatures: PASS. The sandbox
chain carries evidence_context: demo (non-production demo evidence)
and defers third-party timestamping (TIMESTAMP_DEFERRED) until a
real TSA is configured; the output says both honestly.
Independent verification with the separately installed Tracescale
verifier requires @tracescale/verifier 0.3.0 or later (earlier
verifier releases predate the deferred-timestamp vocabulary and return
INVALID on fresh sandbox chains):
npm install @tracescale/[email protected]
./node_modules/.bin/tracescale-verify verify --file chain.json --public-keys public-keys.jsonDetailed setup: https://nonsudo.com
What you get
- Runtime proxy for AI agent tool calls
- Policy evaluation with full execution evidence
- Cryptographically signed Tracescale receipts
- Hash-chained evidence bundles
- Agent connectivity via standard wrappers
- Free local tier with full CLI access
Enterprise features (centralized policy, hosted dashboards, compliance reporting, advanced enforcement modes, production support) available via paid tier. Contact [email protected].
Independent verification
Tracescale is an open standard for AI agent execution evidence, published under Apache-2.0. Tracescale receipts can be independently verified using the open-source reference verifier. Anyone can confirm the provenance of an agent action without trusting the vendor.
The Tracescale specification, schemas, and golden test vectors:
npm install @tracescale/norpArchitecture
nonsudo is the proprietary commercial implementation of the open Tracescale standard. The standard defines the receipt format, verification semantics, and conformance test vectors. nonsudo provides the runtime, policy engine, evidence pipeline, and for paid customers hosted services.
License
Proprietary closed source. See LICENSE.md.
Tracescale standard packages (@tracescale/*) are open source under Apache-2.0 and published separately.
For commercial licensing, contact [email protected].
Links
- Product: https://nonsudo.com
- Tracescale standard: https://tracescale.org
