You'd reach for this when you need structured oversight across multiple AI agents with different roles and risk profiles. It enforces behavioral boundaries through manifest files that define permissions, escalation rules, and reliability controls per agent. The thirteen included manifests cover everything from public-facing coaching (lily) to strict financial workflows (harry) to legal guidance with compliance boundaries (aram). The drift detection catches when agents deviate from their defined parameters. If you're orchestrating specialized agents that need different trust levels and operating constraints, this gives you a governance layer instead of hoping prompt engineering holds up under load.
Deterministic governance lint for MCP server configurations, plus reference tooling for the 7 rules.
| Tool | Does real work? |
|---|---|
audit_mcp_config | Yes. Deterministic lint, zero dependencies, fully offline, never throws. Checks inline secrets in env, shell wrappers, unpinned packages, auto-install flags, broad filesystem scopes, non-TLS remote transports, unpinned docker tags. Returns findings with severities and a 0-100 score. |
check_preflight | Yes, when configured. Reads protected_files_list from nervous-system.config.json or NERVOUS_SYSTEM_PROTECTED_LIST. With no list it says so rather than guessing. If the list is unreadable it FAILS CLOSED. |
get_* (everything else) | No. They return text: the framework, templates, instructions. That is why they are named get_. |
npx mcp-nervous-system
Pass your config as config (object) or config_json (string), e.g. the contents of
claude_desktop_config.json. Returns findings with severities and a 0-100 score.
The write-capable toolset runs server-side and is not in this package.
POST https://api.100levelup.com/x402/audit-mcp - governance lint ($0.05 USDC)GET https://api.100levelup.com/x402/verify-audit - audit-chain verification ($0.005 USDC)Discovery: /openapi.json and /llms.txt.
emergency_kill_switch -> get_kill_switch_instructions. It never stopped anything.verify_audit_chain -> get_audit_verification_instructions. It never verified a chain.dispatch_to_llm -> get_dispatch_command. It never dispatched.check_preflight no longer matches hardcoded filenames from the author's own server. It reads your list.get_origin_story. A number baked into a
package is a fossil the moment it ships.MIT
io.github.ericm1018/skillfm-llm-cost-optimizer-openai-anthropic-usage
io.github.mikerawsonnz/llm-orchestration-agent
io.github.mikerawsonnz/authenticated-llm-agent
labforgedev/copilot-memory-mcp
csoai-org/agent-prompt-injection-firewall-mcp
io.github.mikerawsonnz/authenticated-multi-llm-agent