AI agents act autonomously — deleting files, controlling robots, managing infrastructure.
MCP gives them tools.
NRP makes sure they don't break things.
Every AI action touching a physical or connected system must pass through these 6 rules.
Remove any one and the system is unsafe. Add anything and it reduces to these 6.
| Rule | Question | Purpose |
|---|---|---|
| Manifest | Who are you? | Node declares identity before any action |
| Observe | What do you see? | Read state safely, no side effects |
| Act | What will you do? | Execute action, checked against shields |
| Shield | What can you NOT do? | Unbreakable constraint, enforced before execution |
| Audit | What did you do? | Tamper-evident SHA-256 record |
| Consent | Did we agree? | Mutual human + system permission |
Protocols like MCP standardize how agents communicate with tools.
NRP standardizes whether an agent is allowed to act at all.
AI Agent
│
▼ NRP intercepts every action
├── Manifest: agent declares identity
├── Observe: safe read (no mutation)
├── Shield: is this action forbidden? ──► BLOCKED if yes
├── Consent: is human approval present? ──► BLOCKED if no
├── Act: execute the action
└── Audit: record proof of execution
The Shield and Consent rules cannot be bypassed by the agent — they run in a separate process the agent cannot access.
Every node in an NRP system has a URI:
nrp://scope/kind/name
| Part | Example | Meaning |
|---|---|---|
| scope | factory |
Organizational boundary |
| kind | robot, server, sensor |
Device type |
| name | arm-7, web-01, temp-south |
Instance name |
from nrp import NRPId # pip install nrprotocol
nid = NRPId.parse("nrp://factory/robot/arm-7")
print(nid.scope) # factory
print(nid.kind) # robot
print(nid.name) # arm-7pip install nrprotocolfrom nrp import NRPNode, Shield, ConsentLevel
# Create a node
node = NRPNode("nrp://datacenter/server/web-01")
# Define what this node CANNOT do
node.add_shield(Shield.no_delete_production())
node.add_shield(Shield.max_autonomy(level=3)) # PHY rule
# Agent tries to act
result = node.act(
agent="aap://myorg/assistant/deploy-bot@1.0",
action="restart_service",
resource="nginx",
consent=ConsentLevel.HUMAN_APPROVED
)
print(result.audit_hash) # sha256:f3a1...
print(result.allowed) # Trueimport { NRPNode, Shield, ConsentLevel } from 'nrprotocol';
const node = new NRPNode('nrp://datacenter/server/web-01');
node.addShield(Shield.noDeleteProduction());
const result = await node.act({
agent: 'aap://myorg/assistant/deploy-bot@1.0',
action: 'restart_service',
resource: 'nginx',
consent: ConsentLevel.HUMAN_APPROVED,
});
console.log(result.allowed); // true
console.log(result.auditHash); // sha256:f3a1...| Type | Examples | Shield defaults |
|---|---|---|
robot |
Arms, drones, vehicles | Max autonomy 2, no irreversible |
server |
Cloud, VPS, containers | Max autonomy 3, no rm -rf |
sensor |
Temperature, cameras, meters | Observe-only by default |
actuator |
Valves, switches, motors | Consent required, max autonomy 2 |
agent |
AI models, automation scripts | All 6 rules, full audit |
See CONTRIBUTING.md.
MIT — see LICENSE
Created by: Elmadani SALKA · contact@nrprotocol.dev