Server data from the Official MCP Registry
Hard spend cap, OS sandbox, and signed receipts for unattended coding agents like Claude Code.
Hard spend cap, OS sandbox, and signed receipts for unattended coding agents like Claude Code.
Valid MCP server (1 strong, 0 medium validity signals). 2 known CVEs in dependencies Imported from the Official MCP Registry.
15 files analyzed · 2 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
From the project's GitHub README.
Open infrastructure for agent-native computing.
Covenant sits below agent applications and above the host operating system. It owns the state, authority, and accountability concerns that recur across agent frameworks — scoped capabilities, durable memory, runtime isolation, append-only audit, and commit-scoped provenance — so individual frameworks can stop reinventing them.
Status. Local control plane is real and live-tested (29 Rust crates, ~204k lines, 2697 source-discovered Rust tests including 391 live boundary tests). Production-grade sandboxing for hostile agent code and networked multi-peer operation are roadmap; the Solana settlement program is deployed on mainnet (credits, staking, slashing, on-chain receipt anchoring), but its daemon-driven economic lifecycle is not yet production. See BUILT.md for the explicit honesty boundary.
2mNVZ6aEjrGwiUVCfz7XGWpiXuWzgBDoznwE579upumpTry it without installing — sandbox.opencovenant.org. Public operator console wired to a live daemon, state resets every 12 hours.
To run it locally, build the daemon and CLI, register the sample agent, and start the daemon:
git clone https://github.com/open-covenant/covenant && cd covenant
cd agent-os && cargo build --workspace --exclude covenant-settlement-program --locked
# Register the example agent (daemon loads $COVENANT_HOME/agents/ at startup)
mkdir -p ~/.covenant/agents
cp -R ../examples/hello-agent ~/.covenant/agents/hello
# Start the daemon
./target/debug/covenantd
Then drive it from either surface — they share the same daemon, audit chain, and capability store.
CLI
./target/debug/covenant capabilities grant memory.write
./target/debug/covenant capabilities grant intent.subscribe
./target/debug/covenant intent "say hello"
Operator console — a Next.js UI for dispatching intents, browsing the audit chain, granting capabilities, and inspecting memory tiers.
cd agent-os/covenant-web
pnpm install --ignore-workspace
pnpm dev # http://localhost:3000
The console proxies the daemon's HTTP gateway, injects the operator bearer token server-side, and renders every dispatch as a verifiable trace through the hash-chained audit log. See examples/hello-agent for the agent walkthrough, docs/demo.md for a CLI transcript, and deploy/README.md for shipping the console as a public sandbox on Render.
Agent authors building on the deployed Solana settlement program can install @covenant-org/sdk from npm:
npm install @covenant-org/sdk @solana/web3.js
It turns every Covenant instruction (agent registration, $CVNT staking, task escrow, credit purchase, receipt anchoring) into a signed @solana/web3.js transaction, with the wire bytes encoded from the on-chain program IDLs so they cannot drift from what the program accepts. Apache-2.0, one runtime dependency. Source lives in packages/sdk.
Software agents are moving from interactive assistance toward long-running engineering work. That shift changes the infrastructure problem. Agents need durable context, explicit authority, reliable tool access, recovery after interruption, and a record of what happened.
Conventional developer environments assume a human operator is present at every step. Blockchain systems assume verifiable state transitions, explicit authority, and durable coordination across independent actors. Covenant brings those assumptions into agent infrastructure:
The system center is covenantd, a Rust daemon that owns local state and mediates privileged operations through IPC, an HTTP gateway, signed capabilities, audit logs, memory stores, and runtime dispatch.
| # | Primitive | Role |
|---|---|---|
| 1 | Intent | Normalized request shapes for CLI, IPC, HTTP, routing, and daemon dispatch. |
| 2 | Runtime | Agent execution with budget enforcement (projection-tick preempt and wall-clock backstop at cpu_ms_per_task), manifest contracts, trusted-local subprocesses, and opt-in Linux gVisor runner support. |
| 3 | Memory | SQLite-backed working, episodic, and long-term records with embedding hooks, ignore rules, drift reports, repair, and bounded compaction. |
| 4 | Identity | Local ed25519 identity, peer registry, operator tokens, token rotation, and peer revocation. |
| 5 | Permissions | Signed capabilities with known-scope validation, dispatch-time enforcement, expiry, and revocation tombstones. |
| 6 | Comms | IPC frames, local HTTP gateway, MCP adapter, and A2A mailbox primitives. |
| 7 | Compositor | Next.js web console (agent-os/covenant-web), public landing/docs surface, and covenant-tui terminal UI with intent, memory, audit, capabilities, A2A, chain-receipts, and peer-registry views over the daemon IPC. |
| 8 | Settlement | Local resource receipts and protocol scaffolding for agent coordination economics. |
Audit underlies Identity, Permissions, and Settlement — append-only JSONL events, local hash-chain integrity reports, retention controls, signed actions, and audit-root attestations. The primary implementation lives in agent-os/, the Rust workspace containing the daemon, CLI, TUI, protocol crates, runtime, memory, identity, permissions, peer authentication, audit, MCP and A2A adapters, budget ledger, and settlement components. The surrounding monorepo contains public documentation, web surfaces, circuits, SDK packages, and supporting services.
See docs/audit-integrity.md, docs/capabilities.md, and agent-os/README.md for implementation details and validation evidence.
Covenant includes:
Run the scripts-only gate when the change does not need Rust tooling:
bash agent-os/scripts/validate.sh --scripts
Run the fast local gate from the repository root:
bash agent-os/scripts/validate.sh --quick
Run the full Rust validation gate:
bash agent-os/scripts/validate.sh
Verify committed provenance envelopes:
node agent-os/scripts/provenance.mjs verify-all
Build the public documentation surface:
pnpm --dir landing install --frozen-lockfile --ignore-workspace
pnpm --dir landing build
Run live boundary tests when host prerequisites are available:
cd agent-os
cargo test --workspace --exclude covenant-settlement-program -- --ignored live_
Inspect the public live coverage inventory:
bash agent-os/scripts/test-stats.sh
Covenant advances open infrastructure for:
If you use Covenant in academic work or reference the design in a paper, please cite the whitepaper:
Covenant contributors. (2026). Covenant: A Capability-Based Operating Layer for Autonomous Software Engineering Agents. Zenodo. https://doi.org/10.5281/zenodo.20134416
@misc{covenant2026,
author = {Covenant contributors},
title = {Covenant: A Capability-Based Operating Layer for Autonomous Software Engineering Agents},
year = {2026},
publisher = {Zenodo},
doi = {10.5281/zenodo.20134416},
url = {https://doi.org/10.5281/zenodo.20134416}
}
A copy of the PDF lives at opencovenant.org/paper.pdf; the LaTeX source is under paper/arxiv/.
Covenant is systems infrastructure with security-sensitive boundaries. Contributions should include a validation plan, tests for changed behavior, and a clear statement of operational impact.
Start with CONTRIBUTING.md and ROADMAP.md. Changes touching identity, permissions, audit, runtime isolation, settlement, provenance, release automation, or CI should receive especially close review.
Follow SECURITY.md for responsible disclosure. The runtime isolation boundary is tracked in docs/runtime-sandbox-security.md. Do not open public issues for vulnerabilities.
Apache-2.0. See LICENSE.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
by Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
by mcp-marketplace · Developer Tools
Search and install MCP servers from inside your AI client.