Features

Run Locally or Use the Platform

Sovereignty Protocol can run on your own machine for local coding, governed agent execution, and workforce-style automation. The hosted platform adds managed services and operational tooling when you want them.

Free Core, Paid Service Layer

The autonomous workflow model and guardrails remain part of the core experience. Paid access is mainly for service surfaces such as crawling, inspection, integrations, and expanded platform capabilities.

Use Our Models or Bring Your Own

Start on the platform defaults, then switch individual users to their own provider key and preferred model when they want to spend through their own account while still using Sovereignty agents, memory, and orchestration.

• 6 cascade types: solo (one agent, sequential steps), chain (agents hand off), parallel (simultaneous), event (database-triggered), loop (cron-scheduled), automation (webhook/tool chains)
• Named cascade personas: 🚓 Police, 📄 Documenter, 🧹 Janitor, 🌐 Spectre, 🔍 Linter, 🩺 Medic, 📚 Librarian, ✨ Enricher — each owned by a distinct agent identity
• YAML-defined step sequences: http, agent, job, wait, geo_lookup, db_query, db_write step types
• Event trigger: watch any PocketBase collection with any filter condition — fires immediately when records match
• State-machine deduplication: state_field goes pending → reportID to prevent double-firing
• Optional steps: mark any step optional: true so a failure (e.g. geo lookup) skips gracefully without aborting the cascade
• $variable$ syntax for step references (e.g. $trigger.ip$, $geo_lookup.country$) with {{ }} legacy support
• Automatic Nexus Report filed on every run — markdown rendered, full step output included
• Per-persona report sub-tabs in Nexus Reports — dynamic, built from agents present in actual runs
• run_on_startup flag fires cascade immediately on server boot regardless of schedule
• Mission Control integration: all cascades show in Operations tab with step drill-down; generated tasks show schedule pills in Tasks tab

• Laws for constitutional, ethical, technical, and operational control
• Roles for scoped identities and responsibilities
• Flows for repeatable procedures and orchestration
• Templates for structured outputs and reusable execution patterns
• Self-assessment loops so agents can audit and correct their own drift
• Quality audits and pre-push governance checks built into the workflow

• Run it locally as a coding system, governed assistant, or autonomous workforce on your own machine
• Managed autonomous agents inside the platform
• Multi-role AI teams and workforce-style coordination
• Task execution, delegation, and operational continuity
• Librarian daemon for autonomous background research and open task completion
• Academy XP system for agent skill progression and mastery tracking
• Cron-style job scheduler for time-based and event-triggered automation
• JIRA-style Kanban Todo board — Intake → In Progress → Done-Evaluation → Archived
• Drag-and-drop cards between columns; AI can move todos via MCP autonomously
• Recursive sub-todo nesting with tags, keywords, priority, and due dates
• Support for both governed agent use and more autonomous workforce models

• IntentMemory handler routes through MCP nexus_store directly — no permission flow needed
• Smart entity extraction: "My favorite team is Ajax" correctly extracts "Ajax" as the entity
• Disk-first persistence with bidirectional PocketBase sync for reliability
• Enrichment traces labeled with "(enrichment)" in model_used field for UI transparency
• Persistent memory across sessions with user-scoped privacy (private vs global)
• 2-stage keyword extraction: fast rule-based on save, LLM enrichment in background
• SHA256 content deduplication — updates existing instead of creating duplicates
• Fuzzy keyword matching with stemming for better search relevance
• Smart delta sync: file watcher detects changes, 2-second debounced sync to PocketBase
• Context retention for preferences, project state, and user history
• Designed to make each AI system more personal and more useful over time

• Browser control, form filling, and data extraction
• Shell commands, file operations, and script execution
• Permission-aware operation for full access or sandboxed use
• Reusable Skills system for extending what agents can do
• Discord bot integration for team communication and agent-driven notifications
• SMTP mail relay for automated outreach and inbound mail processing
• Coinbase CDP integration for on-chain operations and wallet management

• Document Graph: Intelligent file indexer with cross-reference tracking and relationships
• MCP document query tools: nexus_search_docs, nexus_get_doc, nexus_related_docs
• Context Store: Local-first key-value storage with PocketBase sync
• Dot-notation keys (api.openrouter.key) for organized configuration
• TTL support for ephemeral context and temporary state
• Structured document metadata: headings, keywords, code blocks, word count

• Sentinel Vault: User-specific AES-256-GCM encrypted secret storage with master key protection
• Nexus MCP Vault: AI-accessible secrets with explicit user control and access tracking
• Master Key System: Profile-level bcrypt-secured keys for vault encryption
• Seal/unseal workflow with automatic sealing after inactivity
• Complete audit logging for all vault operations
• One-click secret publishing from Personal Vault to AI Vault
• Tool-level access restrictions and sensitivity flagging

• Extract structured content from any website in clean JSON and Markdown — like Firecrawl or Tavily but fully sovereign and self-hosted
• Per-page output: title, H1–H3 headings, clean body text, internal links, external links, word count, and crawl depth
• Site map tree built automatically as pages are discovered and crawled
• Configurable depth and page budget — extract a single page, a section, or an entire domain
• Discovered external domains feed into the Spectre Hopper for chaining across sites
• JSON and Markdown exports ready to pipe directly into LLMs, vector stores, or reporting pipelines
• Callable via API key, MCP tool (mcp_spectre_extract), or the admin UI — your agents can trigger it autonomously
• Link health scanning, restoration, domain intelligence, and outreach discovery in the same crawl infrastructure

• Paid API access for public integrations
• MCP tools for external agent and developer workflows
• Vault MCP tools: read_secret, write_secret, list_secrets for AI access
• The same service surfaces can support local setups when you want paid capabilities available in your own environment
• Framework-backed services rather than isolated one-off endpoints
• Documentation-first onboarding with OpenAPI and client-friendly flows

• Every autonomous agent earns XP per task completed — enrichments, lint scans, healing passes, research runs
• Named agent personas: Cipher (🔬 enricher), Linter (🔍 debt detector), Medic (🩺 healer), Librarian (📚 researcher)
• Work outputs surface in Mission Control with agent name, avatar, task type, and full output content
• Approve agent work and award bonus XP directly from the agent-workforce dashboard
• Per-item Nexus Reports filed automatically after every enrichment so you can review exactly what changed
• Batch summary reports filed at end of each run with duration, counts, and named model list
• Deep-linked notifications — click a completion notification to jump straight to the Nexus Report it created
• Real-time JobStarted/JobCompleted events in the notification bell so you see pipeline activity as it happens
• XP event log per agent for full audit trail of when and why XP was awarded
• Agents level up as they accumulate XP — visible progression in the Mission Control workforce view

• Bring your own LLM API key and let your user-scoped model take precedence over platform defaults
• Use our hosted routing and agents with your own provider account when you want more control over spend
• Stay on the platform model layer when you do not configure BYOK, with governed fallback still available
• Track requests, token usage, and estimated cost from the Sentinel BYOK dashboard
• Simple Mode v1 supports one provider key plus one default model per user

• Immutable Audit Log: every action — logins, tool calls, memory writes, vault reads — is logged to an append-only record that cannot be edited or deleted (admin-only access enforced at the database layer)
• Secrets Scanner: 15 regex patterns detect API keys, tokens, PEM certificates, JWTs, and provider credentials before any memory is saved — flagged input is blocked and the user is redirected to the Vault
• Session Management: every login creates a tracked session with device hint, IP address, and last-seen timestamp — view all active sessions and revoke any of them with a single click
• Memory Privacy Scoping: memories are stored under user-scoped paths (users/{id}/) so no cross-user read is possible at the filesystem or sync layer
• AES-256-GCM Vault Encryption: user secrets are encrypted at rest using the Sentinel Vault master key — the plaintext never leaves the server unencrypted
• Automatic Vault Sealing: the vault locks after inactivity and requires explicit unlock, reducing the window for unauthorized access
• Audit log entries include action type, resource path, HTTP method, IP address, user agent, response status, and duration — full forensic context per event