ks · foundry / neuron
@kashscript/neuronv1.0.0The Brain.
Recursive decomposer · Adversarial judge · Signed receipt ledger · MCP transport
overview
The Brain is the third artifact. It's a production-grade agentic kernel that compiles a natural-language intent into a typed, signed DAG and executes it against MCP-compatible plugins. Each step is a Kash-Event with a chain-linked Receipt — every action provably bound to a user's signature, every output verifiable against the lexicon it claims to fulfil.
The kernel ships with eight composable surfaces: schemas (Phase 2.1), handshake protocol (Phase 2.2), receipt ledger (Phase 2.4), recursive decomposer + adversarial judge (Phase 3), MCP plugin discovery + dispatch (Phase 4), Oreoasis vertical plugin (Phase 5.1), edge deployment + secret vault (Phase 7.1), and swarm orchestration (Phase 7.2). Every layer is independently importable.
Stress-tested under Black-Hole conditions: 50% network failure, hard process crashes mid-trade, 24-hour clock-jumps past handshake expiry, 100 concurrent agents on the same stdio transport, tampered receipts in storage. Across 400+ tests the kernel produces zero double-spends, zero unauthorised actions, and a fully valid signed audit chain.
capabilities
- Recursive Decomposer + Adversarial Judge — natural-language intent → typed TaskDAG; every output audited on hallucination, character-drift, and schema before the agent can claim success.
- Signed Receipt Ledger — every action a chain-linked Ed25519 Kash-Event; database tampering surfaces as SIGNATURE_FAILED on the next hydration.
- MCP transport + Privacy Filter — local stdio child processes for tools, with sandbox + no-root + env-scrubbing; outgoing PII (DIDs, SSNs, hex keys) scrubbed before the wire.
- Swarm orchestration — signed delegation envelopes with context-stripping, shared blackboard with write-locks, M-of-N consensus voting on high-value actions.
- Edge-ready headless mode — single async `runHeadless()` for Supabase Edge Functions; cold-start under 500 ms with a SecretVault that never logs raw values.
install
Two routes — pick one.
The direct route is the primary path now that the packages are live on npmjs.org. The CLI route is for framework-aware scaffolding — it pulls the same tarballs.
Add the package directly from npm
One line in your project. Works in any framework that resolves npm packages — Next, Vite, Remix, Expo, Astro, SvelteKit, plain Node, Bun, edge runtimes.
@kashscript/neuron
$ npm install @kashscript/neuronScaffold with the kash CLI
kash add neuron scans your stack, picks the right entry points, wires the SDK in, and writes a backup. Dry-run by default; --apply commits; kash rollback reverses any edit.
kash add neuron --apply
$ npx @kashscript/kstack add neuron --applyZero install. npx fetches @kashscript/kstack on demand, runs it, and exits.
setup
Wire it into your stack.
What ends up in node_modules, the peer deps you supply, framework-specific wiring, and the support- inbox-grade troubleshooting list.
packages you'll see in `node_modules`
@kashscript/neuronrequiredKernel, schemas, handshake, ledger, decomposer, judge, orchestration.
@kashscript/identity-coretransitiveSigning — every Kash-Event in the ledger is Ed25519-signed.
@kashscript/lexiconstransitiveEnvelope schemas for `kash.neuron.*` records.
peer dependencies · install in your project
zod@^3.23.8All wire-level schemas (AgenticSpec, TaskDAG, Receipt, ToolManifest) validate with Zod.required
outside npm · what else you need
An LLM provider
Neuron is model-agnostic — bring OpenAI, Anthropic, Bedrock, local Ollama, vLLM, or your own. The `LLMProvider` seam is a 4-method interface.
# pick one — bun add openai | bun add @anthropic-ai/sdk | bun add ollama(optional) Postgres / Supabase
For durable `StateStore` + `ReceiptStore`. In-memory variants ship by default — production hosts wire their own backend.
# Postgres on your platform of choice, OR `bun add @supabase/supabase-js`
framework wiring
Bun / Node — long-running service
The default deployment target. Wire `LifecycleManager`, persist `StateStore` + `ReceiptStore`, and call `manager.genesis(...)` from your HTTP handler.
import { LifecycleManager, PostgresStateStore, PostgresReceiptStore, ReceiptWriter } from "@kashscript/neuron";
const manager = new LifecycleManager({
stateStore: new PostgresStateStore({ pool }),
receiptStore: new PostgresReceiptStore({ pool }),
nonceStore: new InMemoryNonceStore(),
// ...
});
app.post("/agent", async (req, res) => {
const { executionId, dag } = await manager.genesis(req.body);
res.json({ executionId, dag });
});Supabase Edge Function (headless mode)
Use `runHeadless()` — a single async entry that boots the kernel, runs one intent end-to-end, and returns the result. Cold start <500 ms; SecretVault scrubs PII before log lines escape the function.
// supabase/functions/agent/index.ts
import { runHeadless } from "@kashscript/neuron/deployment";
Deno.serve(async (req) => {
const { intent, spec } = await req.json();
const result = await runHeadless({ intent, spec, secrets: Deno.env.toObject() });
return new Response(JSON.stringify(result), { headers: { "content-type": "application/json" } });
});Cloudflare Workers (β)
Workers run; persistence is delegated to Durable Objects or D1. The MCP `stdio` transport is unavailable (no child processes) — use HTTP MCP servers instead.
CLI ops
Operate the kernel from the shell. Status, audit ledger replay, plugin discovery, and the Oreoasis verification all run from `kash neuron …` — no app boot required.
kash neuron status # health check
kash neuron audit # tamper-detection self-test
kash neuron oreoasis-status # verify Oreoasis plugin loadstroubleshooting · the support inbox
▸ `No LLMProvider configured` thrown on `manager.genesis(...)`.
Wire one in the `LifecycleManager` constructor. The shipped IdentityAdapter handles signing; you bring the model. Examples for OpenAI / Anthropic / Ollama are in the `neuron-claude` / `neuron-openai` / `neuron-ollama` adapter packages (roadmap; until then, implement the 4-method `LLMProvider` interface inline).
▸ `ENVELOPE_REQUIRED` from `ToolConnector` on a tool call.
The tool's scope is `restricted` in the skill manifest and the call lacks a signed action envelope. Either issue an envelope via the Phase-2.2 handshake, OR widen the scope in the manifest (carefully — restricted scopes exist for a reason).
▸ `SIGNATURE_FAILED` on `manager.hydrate(executionId)`.
A receipt in the chain has been tampered with — either DB corruption, malicious write, or a key rotation that wasn't replayed. Run `kash neuron audit` to surface the precise `breakAt` index. Recovery is manual; do not retry blindly.
▸ MCP transport times out (10 s deadline).
The dispatched tool exceeded the hard deadline. Either optimize the tool, OR push it behind an async queue + return a job-id pattern. The 10 s cap is non-negotiable to prevent zombie processes.
▸ Privacy filter scrubs values you wanted to forward.
The filter pattern matches anything that looks like a DID / SSN / 64-hex private key. Tune the `privacyFilter.allowlist` in the `LifecycleManager` constructor for fields you explicitly trust to leave the boundary.
▸ Adversarial Judge keeps rejecting valid outputs.
The judge runs three independent audits (hallucination / character-drift / schema). Inspect the rejection reason in the receipt — if it's a false positive on a niche domain, tighten the `skillManifest.outputContract` so the schema axis stops triggering.
example
First call.
// ts
import {
LifecycleManager,
InMemoryStateStore,
InMemoryReceiptStore,
ReceiptWriter,
} from "@kashscript/neuron";
import { InMemoryNonceStore } from "@kashscript/neuron/handshake";
import { IdentityAdapter } from "@kashscript/neuron/adapters";
// Wire a kernel with persistent state + signed receipts.
const stateStore = new InMemoryStateStore();
const receiptStore = new InMemoryReceiptStore();
const agentAdapter = new IdentityAdapter(await Signer.generate());
const manager = new LifecycleManager({
stateStore,
nonceStore: new InMemoryNonceStore(),
verifySignature: IdentityAdapter.makeVerifier(),
receiptWriter: new ReceiptWriter({
store: receiptStore,
agentSign: body => agentAdapter.signReceipt(body),
}),
});
// Genesis an agent. Every transition emits a signed receipt.
const { executionId, dag } = await manager.genesis({
spec,
intent: "Book a ride from F-7 to Bahria Town",
adapterId: "memory-adapter",
adapterIdentityHash: contentHash({ a: "memory-adapter" }),
signGenesis: body => agentAdapter.signGenesis(body),
});principles
How it's built.
Provenance by default
Every action is a chain-linked, Ed25519-signed Kash-Event. The audit trail is the source of truth, not an afterthought.
Model-agnostic
The envelope works with any model. Stub the LLM provider, swap Claude for Llama, or wire a local Ollama — the wire format never changes.
Consent-gated retrieval
Retrievers only see what the PDS explicitly granted. Revoke a grant and watch the corpus shrink in the same step.
Stateless persistence
Kernel survives hard crashes via durable state-store + idempotency-key recovery. No state, no zombies, no double-charges.
licensing · commercial
Commercial. Per-seat or per-call Plan.
@kashscript/neuron is licensed under SSLA Schedule B. Two metering options on a `paid` Plan — per-seat (developers × environments) or per-monthly-invocation, whichever bills lower for your usage.
Included
- Recursive Decomposer (intent → DAG) + Adversarial Judge (three-axis post-execution audit).
- Receipt Ledger — every action a chain-linked, Ed25519-signed Kash-Event; tamper detection on hydration.
- MCP transport pool — stdio child processes + HTTP via fetch, with circuit breaker, hard 10 s deadline, and Privacy Filter.
- Swarm orchestration — signed delegation envelopes, shared blackboard with write-locks, M-of-N consensus voting.
- Edge headless entry point — `runHeadless()` for Supabase Edge / containers; cold-start under 500 ms.
- AuditScanner — observability for restricted-tool violations + receipt-chain tamper detection.
Not included
- The actual model + GPU costs — you bring those.
- Vector-store hosting — paid hosted-service add-on or self-host.
- Custom Lexicons for your domain — Studio engagement (white-label).