APP · 04 — THE ORCHESTRATOR
Nexus — the orchestrator.
Nexus is the MCP Host of the cognitive server. It carries the approved Skill Catalog, four granular RBAC roles — admin, director, operator, viewer — and the compliance posture surface that turns every reasoning step into evidence. Bridge transports the JSON-RPC traffic, Shield evaluates the scope, Chain seals the result, and a Firebase mirror keeps the live posture visible across the operator's regulators, auditors and lines of business. Where Vault remembers and Hub connects, Nexus decides who is allowed to do what — and proves it.
Modules
What ships inside Nexus
MOD-01
MCP Host
The sovereign Model Context Protocol host of the appliance. Routes every Tool, Resource and Prompt call through scope evaluation, tenant binding and Chain sealing before the model touches the result.
MOD-02
Skill Catalog
Registry of approved, versioned skills — incident triage, conformity assessment, vendor due diligence, KPI extraction. Each skill is signed by Shield, replayable from Chain and graduates from experimental in Vault to corporate in Nexus.
MOD-03
RBAC & Compliance
Four granular roles (admin, director, operator, viewer) with scope-by-scope policy bindings. Every ALLOWED and DENIED call is appended to the compliance log with regulator-aligned tags (NIS2, DORA, EU AI Act).
MOD-04
Firebase Posture Mirror
Live, read-only mirror of the appliance's compliance posture into a Firebase project the operator owns. Multi-device dashboards, regulator views and incident channels — without a raw byte of operator data leaving the perimeter.
Hooks
Programmatic surface
useMcpHost
useMcpHost() => { invokeTool, readResource, runPrompt, lastTrace }- Programmatic surface for the sovereign MCP Host. Every call is scope-checked by Shield, signed by Chain, and returns alongside the trace identifier it generated.
useSkillCatalog
useSkillCatalog(status?: SkillStatus) => { skills, promote, deprecate }- Reads the approved Skill Catalog. promote() graduates an experimental skill from Vault into the corporate catalog after policy review; deprecate() retires one with a regulatory reason code.
useRbac
useRbac() => { role, scopes, can(action), evaluateBatch(actions) }- Reads the current operator's role and active scope set, and offers a can() predicate that mirrors the server-side policy without round-tripping for every UI decision.
useComplianceLog
useComplianceLog(filters?: ComplianceFilters) => { entries, export, regulatorView }- Streams ALLOWED/DENIED entries from the compliance ledger with regulator-aligned filtering (NIS2, DORA, EU AI Act). export() produces a signed, replayable evidence pack.
Integration example
Drop Nexus into a tenant app
// Run an EU AI Act conformity assessment through the sovereign MCP host
import {
useMcpHost,
useRbac,
} from "@cognitivserver/nexus";
export function ConformityRunner({ systemId }: { systemId: string }) {
const { runPrompt, lastTrace } = useMcpHost();
const { can } = useRbac();
async function run() {
if (!can("compliance:run")) throw new Error("Scope denied by Shield");
const result = await runPrompt({
name: "ai_act_conformity",
args: { systemId, regime: "EU_AI_ACT" },
});
// The Chain trace is the evidence — keep it next to the result.
return { result, traceId: lastTrace?.id };
}
return <RunButton onRun={run} />;
}Language · ts
Related applications
The rest of the stack
APP · 01
Core
Core is the cognitive heart of the server. It runs the chat experience, drives the Audit Chain, and owns the SSO and design system that every other application inherits. Llama 3 served by Ollama runs in-situ on the local GPU — every prompt, retrieval and tool call is traced by Chain before it leaves the request boundary.
Open core
APP · 02
Vault
Vault is the cognitive server's memory under European jurisdiction. A Vector Data Space built on Qdrant, with every asset sealed by an HMAC SHA-256 fingerprint and surfaced through a Compute-to-Data execution boundary. Skills, regulatory texts, embeddings and generated artefacts live inside the perimeter — Vault returns the answer, never the raw bytes. Aligned with GAIA-X and Pontus-X federation contracts so that what stays sovereign on the appliance can still be discovered, attested and exchanged across trusted European nodes.
Open vault
APP · 03
Hub
Hub is where the cognitive server learns the operator's landscape. A live catalog of every connected ERP, CRM, MES, WMS and TMS, with a Fleet Manager that probes each connector continuously and an Ecosystem Dashboard that surfaces the entire posture in one screen. Built for the reality of European mid-market: SAP next to Odoo, Salesforce next to a homegrown WMS — all addressable through a single sovereign perimeter so Core can reason across them and Nexus can orchestrate them.
Open hub
Engage