MCP Control Plane

Governed execution with cryptographic proof.

A thin control plane that turns "router can execute" into "org can safely decide to execute" — with approval workflows, policy enforcement, and tamper-evident audit packages.

Get started Read the Handbook

Install

pip install nexus-control

Import

from nexus_control import NexusControlTools

Decide

tools.request(goal="Deploy v2", mode="apply")

Features

Every execution is tied to a decision, a policy, an approval trail, and a cryptographic audit package.

Approval workflows

N-of-M approvals with expiration, revocation, and per-actor deduplication. Policies enforce constraints at execution time.

Cryptographic audit

Tamper-evident audit packages bind what was allowed, what ran, and why — into a single verifiable digest.

Event-sourced

All state is derived by replaying an immutable event log. Decisions are exportable, importable, and fully replayable.

Usage

Install

pip install nexus-control

Create a request

from nexus_control import NexusControlTools
from nexus_control.events import Actor

tools = NexusControlTools(db_path="decisions.db")

result = tools.request(
    goal="Rotate production API keys",
    actor=Actor(type="human", id="alice@acme.com"),
    mode="apply",
    min_approvals=2,
)

MCP Tools

11 tools exposed via Model Context Protocol.

Tool

Description

nexus-control.request

Create an execution request with goal, policy, and approvers

nexus-control.approve

Approve a request (supports N-of-M approvals)

nexus-control.execute

Execute approved request via nexus-router

nexus-control.status

Get request state and linked run status

nexus-control.inspect

Read-only introspection with human-readable output

nexus-control.template.create

Create a named, immutable policy template

nexus-control.template.get

Retrieve a template by name

nexus-control.template.list

List all templates with optional label filtering

nexus-control.export_bundle

Export a decision as a portable, integrity-verified bundle

nexus-control.import_bundle

Import a bundle with conflict modes and replay validation

nexus-control.export_audit_package

Export audit package binding governance to execution

Key Concepts

Core building blocks of the control plane.

`Decision`

A request + policy + approval trail + execution result. The atomic unit of governed execution.

`Policy`

Approval rules, allowed modes, adapter capabilities, max steps, and labels. Enforced at execution time.

`Template`

Named, immutable policy bundle. Reusable across decisions with optional overrides.

`Audit Package`

Cryptographic binding of control bundle + router execution + link digest. Two modes: reference (for CI) and embedded (for regulators).

`Bundle`

Portable, integrity-verified export of a decision. Supports import with conflict modes: reject, new ID, or overwrite.