CORTEX is an open-source Python SDK that enables developers to discover, connect, and control AI agents registered in the NANDA Index or running on Model Context Protocol (MCP) servers.
It provides a unified interface to interact with intelligent agents β allowing developers to invoke tools, access resources, and enforce policies β all while maintaining strict control over what each agent can access, execute, or disclose.
- π NANDA-ready: Connect to any agent by its
NANDA_ID, automatically resolving endpoints and protocols. - βοΈ MCP-compatible: Interact with tools and resources exposed via the Model Context Protocol (MCP).
- 𧩠Policy Engine: Define allow/deny lists, scopes, redaction filters, and rate limits to govern agent behavior.
- π§ Context-aware: Manage runtime access boundaries and agent visibility dynamically.
- π Secure by Design: TLS/mTLS support, PII redaction, and audit logging.
- π Observability: Built-in OpenTelemetry tracing and structured logging.
- π§° Developer-friendly: Sync & async APIs, CLI tools, and YAML-based configuration.
In the emerging Internet of Agents, CORTEX acts as the control layer between humans, models, and tools β ensuring every interaction is traceable, governed, and context-aware.
By bridging NANDA's discovery layer and MCP's execution layer, CORTEX empowers developers to safely compose multi-agent systems that are modular, compliant, and production-ready.
pip install cortex-nandaFor observability features (OpenTelemetry):
pip install cortex-nanda[observability]cortex init-config --output cortex.yamlEdit cortex.yaml:
mcp_servers:
my_server:
command: "npx"
args: ["-y", "@modelcontextprotocol/server-filesystem"]
transport: "stdio"
policies:
default:
allowed_tools:
- "read_file"
- "list_directory"
denied_tools:
- ".*delete.*"
rate_limit_per_minute: 60
rate_limit_per_hour: 1000
redaction_patterns:
- "\\b\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b" # Credit cardsfrom cortex import CortexClient, CortexConfig
# Load configuration
config = CortexConfig.from_yaml("cortex.yaml")
# Connect to MCP server
with CortexClient(config=config, server_name="my_server") as client:
# List available tools
tools = client.list_tools()
print(f"Available tools: {[t['name'] for t in tools]}")
# Call a tool
result = client.call_tool("read_file", {"path": "example.txt"})
print(result)
# List resources
resources = client.list_resources()
# Read a resource
content = client.read_resource("file:///path/to/file.txt")import asyncio
from cortex import AsyncCortexClient, CortexConfig
async def main():
config = CortexConfig.from_yaml("cortex.yaml")
async with AsyncCortexClient(config=config, server_name="my_server") as client:
tools = await client.list_tools()
result = await client.call_tool("read_file", {"path": "example.txt"})
asyncio.run(main())from cortex import CortexClient, Policy
# Define a custom policy
policy = Policy(
allowed_tools={"read_file", "list_directory"},
denied_tools={"delete_file", "write_file"},
rate_limit_per_minute=30,
redaction_patterns=[
r"\b\d{3}-\d{2}-\d{4}\b", # SSN
],
)
# Use with client
client = CortexClient(policy=policy)
client.connect("my_server")# List available tools
cortex --server my_server --config cortex.yaml list-tools
# Call a tool
cortex --server my_server --config cortex.yaml call-tool read_file --args path=example.txt
# List resources
cortex --server my_server --config cortex.yaml list-resources
# Read a resource
cortex --server my_server --config cortex.yaml read-resource file:///path/to/file.txt
# View audit log
cortex --server my_server --config cortex.yaml audit-logThe policy engine enforces:
- Allow/Deny Lists: Control which tools and resources can be accessed
- Rate Limiting: Prevent abuse with per-minute and per-hour limits
- PII Redaction: Automatically redact sensitive information using regex patterns
- Context Size Limits: Control the size of context passed to agents
- Custom Validators: Implement custom validation logic
- Audit Logging: Track all policy decisions
from cortex import Policy
policy = Policy(
# Tool access control
allowed_tools={"read_file", "list_directory"},
denied_tools={".*delete.*", ".*write.*"},
# Resource access control
allowed_resources={"file:///safe/.*"},
denied_resources={"file:///private/.*"},
# Rate limiting
rate_limit_per_minute=60,
rate_limit_per_hour=1000,
# PII redaction
redaction_patterns=[
r"\b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b", # Credit cards
r"\b\d{3}-\d{2}-\d{4}\b", # SSN
r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b", # Email
],
# Context limits
max_context_size=100000, # bytes
# Custom validation
custom_validator=lambda resource, context: "admin" in context.get("user", {}).get("roles", []),
)CORTEX includes built-in observability features:
import logging
from cortex.observability import setup_observability
# Setup observability
obs = setup_observability(
enable_logging=True,
enable_tracing=True,
log_level="INFO",
)
# Log events
obs.log_event("INFO", "Tool executed", {"tool": "read_file", "path": "example.txt"})from cortex.observability import ObservabilityManager
obs = ObservabilityManager(enable_tracing=True)
@obs.trace_operation("call_tool")
def call_tool(tool_name, args):
# Your code here
pass- TLS/mTLS Support: Secure connections to MCP servers
- PII Redaction: Automatic redaction of sensitive data
- Audit Logging: Complete audit trail of all operations
- Rate Limiting: Prevent abuse and DoS attacks
- Access Control: Fine-grained allow/deny lists
See cortex.yaml example:
mcp_servers:
filesystem:
command: "npx"
args: ["-y", "@modelcontextprotocol/server-filesystem"]
env:
MCP_SERVER_ROOT: "/path/to/root"
transport: "stdio"
policies:
default:
allowed_tools: []
denied_tools: []
allowed_resources: []
denied_resources: []
scopes: []
rate_limit_per_minute: 60
rate_limit_per_hour: 1000
redaction_patterns: []
max_context_size: null
require_authentication: true
servers:
filesystem:
allowed_tools:
- "read_file"
- "list_directory"
denied_tools:
- ".*delete.*"
rate_limit_per_minute: 30
tls:
enabled: false
cert_path: null
key_path: null
ca_path: null
observability:
tracing: true
logging: true
log_level: "INFO"Contributions are welcome! Please feel free to submit a Pull Request.
MIT License
Built with β€οΈ for the Internet of Agents