Bulla
The open reference implementation for portable answerability and bounded semantic-composition diagnosis.
Bulla makes one consequential action recomputable after the agent and runtime are gone. It also retains its original composition-diagnostic layer: locate conventions hidden at tool seams, disclose or translate them, and bind the scoped result into a receipt when useful.
published package
Bulla 0.43.0
Install from PyPI and use only the command surface captured from that accepted artifact.
boundary · Commands labelled published must come from the accepted PyPI artifact, not the unreleased source candidate.
repository candidate
Bulla 0.44.0
Authority-binding, delegation, and reliance additions remain source-candidate behavior until publication.
boundary · The source-candidate version is not a PyPI release and has no contemporaneous release receipt until publication succeeds.
plane 01
Answerability
Create a durable action record, verify exactly how far its evidence reaches, measure omissions, and preserve bindings across delegation and reliance.
ActionReceipt
Create and verify a portable record of one consequential action, its authority, bounds, evidence grounding, and recourse envelope.
Receipt verification establishes only the reported verification depth; it does not prove that the underlying process occurred as described.
Inspect capability →Receipt coverage
Compare receipts with an external action denominator so omissions remain visible instead of disappearing behind successful verification.
Coverage is relative to the selected anchor; it is not a universal measure of every action that occurred.
Inspect capability →Authority and delegation
Bind a signer to an issuer-authorized mandate and preserve delegated scope across an agent chain.
This is unreleased v0.3-draft behavior in the 0.44 source candidate, not part of the currently published package contract.
Inspect capability →Explicit reliance
Record a relying party's explicit policy and recomputable decision without collapsing the report into a truthy pass/fail object.
Reliance verification authenticates the decision record and recomputes its policy result; it does not make the relied-on process true.
Inspect capability →Routed inference profile
Conserve answerability across one harness, one router, one provider, one delivery assertion, and one reliance decision.
The profile is full-disclosure, single-router/single-provider, locally reproduced, and has no live provider, settlement adapter, or independent implementation.
Inspect capability →boundary · Verification establishes only the reported digest, identity, or inclusion depth; it does not establish the truth of the underlying process.
The routed-inference profile is the current end-to-end stress case: 14 local traces over inference.order → inference.route → inference.accept → inference.delivery → bulla.rely.
boundary · The routed profile is a local, full-disclosure, single-router/single-provider draft with no live provider, settlement adapter, or independent implementation.
plane 02
Semantic composition
Diagnose conventions left undisclosed at tool seams, localize the fields that carry them, and apply explicit bridges or translations inside a pinned model.
Seam diagnostics
Audit tool compositions for conventions that their public schemas leave undisclosed and localize the fields that carry the deficit.
The coherence fee is a disclosure diagnostic, not a safety proof or an execution-failure predictor.
Inspect capability →Bridge and translate
Expose hidden conventions in manifests or apply typed, receipted value translations across registered convention vocabularies.
A structural bridge or typed translation repairs only the pinned convention mismatch; it does not certify downstream execution.
Inspect capability →Convention packs
Pin the standards and vocabularies under which a composition was classified, including open and metadata-only restricted registries.
Restricted registries remain consumer-supplied; a metadata pointer is not licensed access to the referenced values.
Inspect capability →Deeds, registry, and gate
Sign a diagnostic deed, append it to an RFC 6962-style log, verify inclusion against an independently obtained root, and enforce a policy decision.
The default gate checks authenticity and independently grounded inclusion; the diagnostic fee is reported unless a relying party explicitly selects a disclosure policy.
Inspect capability →Proxy and replay
Expose advisory and deed tools to an MCP agent at runtime, or replay a captured trace against pinned manifests.
The proxy's current demonstrated mode is observe/advice; it does not silently rewrite agent traffic or prove execution correctness.
Inspect capability →Hosts and frameworks
Normalize MCP host configurations and framework-native tool declarations into a common composition manifest.
Static adapters cannot discover dynamically registered tools unless the integration supplies a runtime capture path.
Inspect capability →boundary · The coherence fee measures undisclosed conventions in a pinned composition model; it is not Bulla's safety foundation or an execution-failure predictor.
Runtime participation stays explicit: the demonstrated proxy exposes advisory and deed tools to the agent and records the trace; it does not silently turn the diagnostic into an execution guarantee.
boundary · The demonstrated proxy advises and records; it does not silently modify traffic or verify underlying tool execution.
plane 03
Evidence and exit
The format and fixture checker are usable without Bulla, and the license permits another implementation or operator to replace every service boundary.
Independent checker
Recompute the normative ActionReceipt vectors without importing Bulla source.
Running the supplied checker reproduces published fixtures; it is not an independently written implementation.
Inspect capability →Independent ActionReceipt witnessing
Retain verified ActionReceipts outside their issuer and return inclusion and consistency evidence.
There are currently zero independent ActionReceipt witnesses; the operated composition-deed log is not this service.
Inspect capability →Choose by task
Instrument an action
Create or verify an ActionReceipt using the published package.
Audit a composition
Run the seam, gate, proxy, and routed demonstrations with their boundaries visible.
Connect your stack
Inspect supported MCP hosts, framework adapters, and their static-analysis limits.
Attack the profile
Reproduce the finite corpus or return an independently written conformance report.