From 99a5a2bffde73a39e60f40a4046bf8f97b5e90c6 Mon Sep 17 00:00:00 2001
From: Arian Gogani <nobulex.dev@gmail.com>
Date: Thu, 18 Jun 2026 23:30:09 +0200
Subject: [PATCH 1/2] =?UTF-8?q?feat:=20add=20Nobulex=20=E2=80=94=20Ed25519?=
 =?UTF-8?q?=20action=20receipts=20as=20external=20execution=20evidence?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Nobulex emits JCS-canonical Ed25519-signed receipts carrying action_ref
= SHA-256(JCS({agent_id, action_type, scope, timestamp_ms})), compatible
with the external execution evidence shape described in trace-spec #34.

- pip install nobulex (PyPI 0.1.0)
- verify() confirmed against released package
- action_ref is content-derived, independently recomputable
---
 integrations/nobulex/README.md        | 41 +++++++++++++++++++++++++++
 integrations/nobulex/integration.yaml | 40 ++++++++++++++++++++++++++
 2 files changed, 81 insertions(+)
 create mode 100644 integrations/nobulex/README.md
 create mode 100644 integrations/nobulex/integration.yaml

diff --git a/integrations/nobulex/README.md b/integrations/nobulex/README.md
new file mode 100644
index 0000000..5c2a996
--- /dev/null
+++ b/integrations/nobulex/README.md
@@ -0,0 +1,41 @@
+# Nobulex integration with TRACE (external execution evidence)
+
+Nobulex is a Python SDK that emits Ed25519-signed receipts for agent actions. Each receipt is JCS-canonical (RFC 8785) and carries `action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))` as a content-derived identifier.
+
+This positions Nobulex receipts as external execution evidence in the sense described in trace-spec #34: signed assertions from a non-gateway authority, bound to a specific call by `action_ref`, independently verifiable against the issuer public key.
+
+**What this integration does:** generates verifiable per-action receipts from Python agents that can be attached as `external_execution_evidence` on cMCP audit entries.
+
+**What it does not claim:** Nobulex receipts are not TRACE Trust Records. They are per-action signed assertions that a verifier can optionally check alongside a Trust Record, as described in trace-spec #34.
+
+## Run it
+
+```bash
+pip install nobulex
+```
+
+```python
+from nobulex import Agent
+
+agent = Agent("my-agent")
+receipt = agent.act("tool_call", scope="resource:read")
+
+assert receipt.verify()          # Ed25519 signature over JCS-canonical fields
+print(receipt.action_ref)        # SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))
+print(receipt.signature)         # hex-encoded Ed25519 signature
+print(receipt.signer_public_key) # hex-encoded Ed25519 public key
+```
+
+## What is verified
+
+Running the above produces a receipt where:
+- `receipt.verify()` returns `True` — signature is valid over the canonical field set
+- `receipt.action_ref` is a 64-character hex string — SHA-256 over JCS-canonical JSON
+- The receipt can be independently verified by any party holding `signer_public_key`
+
+## Links
+
+- PyPI: https://pypi.org/project/nobulex/
+- npm: https://www.npmjs.com/package/@nobulex/core
+- Repo: https://github.com/arian-gogani/nobulex
+- Demo: https://nobulex.com/demo
diff --git a/integrations/nobulex/integration.yaml b/integrations/nobulex/integration.yaml
new file mode 100644
index 0000000..8555375
--- /dev/null
+++ b/integrations/nobulex/integration.yaml
@@ -0,0 +1,40 @@
+apiVersion: integration/v1
+kind: Integration
+metadata:
+  name: nobulex
+  displayName: Nobulex
+  description: Emit Ed25519-signed, JCS-canonical action receipts from Python agents; receipts carry action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms})) as a content-derived identifier compatible with TRACE external execution evidence (trace-spec #34).
+  category: governance
+  maintainer:
+    name: Arian Gogani
+    email: nobulex.dev@gmail.com
+    github: arian-gogani
+  license: MIT
+  version: 0.1.0
+spec:
+  compatibility:
+    - trace-spec: external-execution-evidence (informational, trace-spec #34)
+  files:
+    - README.md
+  usage:
+    command: |
+      pip install nobulex
+      python3 -c "
+      from nobulex import Agent
+      agent = Agent('my-agent')
+      receipt = agent.act('tool_call', scope='resource:read')
+      assert receipt.verify()
+      print(receipt.action_ref)
+      "
+  evidence:
+    - type: verify
+      command: |
+        python3 -c "
+        from nobulex import Agent
+        agent = Agent('my-agent')
+        receipt = agent.act('tool_call', scope='resource:read')
+        assert receipt.verify(), 'signature verification failed'
+        assert len(receipt.action_ref) == 64, 'action_ref not SHA-256 hex'
+        print('PASS')
+        "
+      expected_output: "PASS"

From 31f2f27742a7d2d8f0941c7a4acfac0a5f457ca7 Mon Sep 17 00:00:00 2001
From: Arian Gogani <nobulex.dev@gmail.com>
Date: Thu, 18 Jun 2026 23:37:55 +0200
Subject: [PATCH 2/2] =?UTF-8?q?fix:=20correct=20integration.yaml=20schema?=
 =?UTF-8?q?=20=E2=80=94=20flat=20format,=20description=20under=20200=20cha?=
 =?UTF-8?q?rs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 integrations/nobulex/integration.yaml | 55 ++++++++-------------------
 1 file changed, 15 insertions(+), 40 deletions(-)

diff --git a/integrations/nobulex/integration.yaml b/integrations/nobulex/integration.yaml
index 8555375..3edb66a 100644
--- a/integrations/nobulex/integration.yaml
+++ b/integrations/nobulex/integration.yaml
@@ -1,40 +1,15 @@
-apiVersion: integration/v1
-kind: Integration
-metadata:
-  name: nobulex
-  displayName: Nobulex
-  description: Emit Ed25519-signed, JCS-canonical action receipts from Python agents; receipts carry action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms})) as a content-derived identifier compatible with TRACE external execution evidence (trace-spec #34).
-  category: governance
-  maintainer:
-    name: Arian Gogani
-    email: nobulex.dev@gmail.com
-    github: arian-gogani
-  license: MIT
-  version: 0.1.0
-spec:
-  compatibility:
-    - trace-spec: external-execution-evidence (informational, trace-spec #34)
-  files:
-    - README.md
-  usage:
-    command: |
-      pip install nobulex
-      python3 -c "
-      from nobulex import Agent
-      agent = Agent('my-agent')
-      receipt = agent.act('tool_call', scope='resource:read')
-      assert receipt.verify()
-      print(receipt.action_ref)
-      "
-  evidence:
-    - type: verify
-      command: |
-        python3 -c "
-        from nobulex import Agent
-        agent = Agent('my-agent')
-        receipt = agent.act('tool_call', scope='resource:read')
-        assert receipt.verify(), 'signature verification failed'
-        assert len(receipt.action_ref) == 64, 'action_ref not SHA-256 hex'
-        print('PASS')
-        "
-      expected_output: "PASS"
+name: Nobulex
+vendor: Nobulex
+integrates_with:
+  - trace
+description: >-
+  Emits Ed25519-signed JCS-canonical action receipts; each carries
+  action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))
+  usable as TRACE external execution evidence (trace-spec #34).
+maintainer:
+  github: arian-gogani
+  email: nobulex.dev@gmail.com
+repository: https://github.com/arian-gogani/nobulex
+homepage: https://nobulex.com
+license: MIT
+tier: community