you're exactly right. budget enforcement has to live in the runtime, or the agent will just hallucinate its way around a spend limit.
we actually shipped a 'financial fuse' for this in v1.0.9 (beta). it's two local primitives:
1. BudgetGuard: a physical wrapper around mcp tool capabilities. you define a max_budget_usd for the session, and the system physically unmounts the tool if that limit is breached. the agent literally cannot call it anymore.
2. BudgetMonitor: tracks spend velocity. if it sees a recursive loop driving up the usd/hour, it triggers a global circuit breaker and fires an alert (we use telegram for ours).
all of this is logged to a local budget_ledger.json on-disk. no cloud orchestration, just local provenance. pip install nucleus-mcp if you want to stress-test the fuses.
Great point. Currently, Nucleus focuses on Sovereign Execution Governance--specifically tool sandboxing and forensic audits. While we don't have native 'financial circuit breakers' in the core protocol today, the Hypervisor layer is designed to mediate exactly these types of tool-level interactions.
We’re mapping out a 'Budget Proxy' capability for v1.1 where you can define hard spending caps per-agent. For now, the Audit Trail provides real-time forensic proof of tool-spend, which is the foundational telemetry needed for manual or automated circuit breaking.
Correction: The repository link in the original post is currently restricted (private). For open access to the codebase, documentation, and installation guides, please use the public project here:
Q: Why not just use a local SQLite DB for memory?
Nucleus isn't just a database; it's a Governance Layer. While engrams are stored locally, the value is in the Hypervisor that mediates agent access to that data based on the current task's context.
Q: How is the Audit Trail "Tamper-Proof"?
Every decision and tool invocation is cryptographically signed at the protocol level. If an agent (or an attacker) tries to alter the narrative ledger, the signature check fails.
Q: Does this require a specific LLM?
No. Nucleus is model-agnostic. It works with Claude (via Windsurf/Cursor), GPT-4, or local Llama instances via Ollama. It sits at the MCP (Model Context Protocol) layer.
Q: Is this really "Local-First"?
Yes. No telemetry, no default cloud syncing. The "Agentic Brain" lives in your ~/.nucleus directory. You own the engrams; you own the audits.
we actually shipped a 'financial fuse' for this in v1.0.9 (beta). it's two local primitives:
1. BudgetGuard: a physical wrapper around mcp tool capabilities. you define a max_budget_usd for the session, and the system physically unmounts the tool if that limit is breached. the agent literally cannot call it anymore. 2. BudgetMonitor: tracks spend velocity. if it sees a recursive loop driving up the usd/hour, it triggers a global circuit breaker and fires an alert (we use telegram for ours).
all of this is logged to a local budget_ledger.json on-disk. no cloud orchestration, just local provenance. pip install nucleus-mcp if you want to stress-test the fuses.