NUVL, released under the Apache 2.0 License by Xer0trust LLC, is a stateless verification intermediary designed to operate within an execution path without acquiring execution authority.
Modern systems do not fail only because a single control was weak. They also fail when authority gradually shifts away from the systems meant to hold it. Tokens become trusted too broadly. Signatures are treated as decisions rather than evidence. Context expands beyond its intended role. Timing conditions begin to influence authorization. Intermediaries, gateways, analytics layers, coordination systems, and surrounding infrastructure start behaving as if they can determine what should happen next.
That authority drift is the problem NUVL is designed to address.
NUVL constrains that drift by limiting the intermediary to a narrow mechanical role. It performs request binding and artifact forwarding, then disengages. It does not evaluate policy, hold provider signing material, initiate execution, or return provider decisions to the requester. Execution authority remains exclusively within the provider-controlled boundary.
NUVL is not a new trust anchor. It is a constraint architecture designed to preserve where trust and authority are allowed to reside.
Distributed systems often favor convenience, performance, and operational flexibility. Over time, that pressure encourages components near the execution path to take on responsibilities they were not originally meant to hold. A gateway begins by validating a token, then starts behaving as though validation is sufficient for access. Middleware receives a signed artifact and treats it as permission. Context that began as metadata becomes policy. Timing checks intended for replay resistance start influencing operational decisions. Analytics and coordination systems accumulate enough state to function like approval layers.
These changes rarely arrive through a single explicit design choice. More often, they emerge through incremental additions intended to make the system more efficient, more resilient, or more helpful. The result is the same: authority migrates outward from the provider boundary into surrounding infrastructure.
NUVL is designed to prevent that migration by constraining what the intermediary can do, what it can know, and what authority it can ever acquire.
Tokens are useful for carrying claims, state, or proof of prior validation, but they are also one of the most common ways authority spreads beyond its intended boundary. Once multiple layers begin accepting a token as sufficient, those layers gain practical influence over execution. A component that was only supposed to observe or forward can begin functioning as an access decision point simply because token possession is being trusted too broadly.
In many real-world failures, the problem is not that the token format itself was broken. The problem is that too many surrounding systems were permitted to treat the token as authority.
NUVL does not convert token possession into execution authority. It does not treat receipt of an artifact as permission, and it does not allow intermediary possession to become a substitute for provider evaluation.
Signatures are often treated as a complete answer when they are only part of one. A valid signature may demonstrate integrity, origin, or consistency, but it does not by itself grant an external system the right to authorize execution. Problems begin when systems treat signed artifacts as self-executing proof rather than as material that must still be evaluated inside the proper authority boundary.
That distinction matters. Integrity is not authorization. Correct formation is not permission.
NUVL does not sign on behalf of the provider, and it does not interpret signatures as authorization decisions. It forwards verification artifacts without becoming the authority that determines operational meaning.
Context is often necessary, but it is also one of the easiest places for systems to accumulate unintended authority. Headers, routing metadata, device state, source environment, historical observations, and behavioral signals can all be operationally useful. They become dangerous when an intermediary begins interpreting them instead of carrying them. At that point, the intermediary is no longer neutral. It is assigning meaning to the request and influencing what happens next.
That shift is subtle, but significant. Once context is interpreted outside the provider boundary, a shadow policy layer begins to form.
NUVL avoids that condition by treating verification context as opaque. It binds and forwards context as part of the artifact path, but it does not interpret context, evaluate context, or derive authorization meaning from it.
Timing controls serve legitimate purposes, including replay resistance, freshness validation, event ordering, and bounded operational windows. The problem begins when timing stops being a supporting condition and starts acting like authority. Clocks, ordering, and sequence rules can gradually take on policy meaning when external systems use them to infer intent or operational legitimacy.
In those cases, time is no longer simply a condition being checked. It has started to influence the decision boundary.
NUVL does not allow temporal conditions to transform intermediaries into decision-makers. Timing may still matter within the overall architecture, but it does not grant the intermediary authorization meaning or execution authority.
Most intermediary components begin with narrow responsibilities: routing, forwarding, normalization, metadata attachment, logging, or observability. Over time, operational pressure encourages those components to become more capable. They are asked to pre-check requests, retry failures, infer intent, block suspicious inputs, reduce provider load, or return more useful upstream responses. Each addition appears reasonable in isolation. Collectively, they transform a neutral layer into an interpretive one.
That is how an intermediary becomes an authority layer without ever being explicitly named as one.
NUVL is intentionally constrained against that progression. Its limitations are deliberate architectural boundaries, not missing features. The intermediary remains narrow because widening its role would undermine the very separation the architecture is designed to enforce.
When an intermediary is compromised, the critical question is not whether it was present in the path, but what authority it actually possessed. In many systems, the answer is more authority than intended. That is the pattern NUVL is designed to prevent.
Because authorization does not reside within NUVL, compromise of the intermediary does not confer execution authority. The intermediary can be observed, disrupted, or replaced without gaining the provider's decision role.
This reflects a core architectural distinction: observation does not confer authorization, and representation does not equal verification.
Execution authority remains exclusively scoped to the provider-controlled boundary.
This quickstart uses the NUVL reference implementation written in Python. Python was chosen for portability. It runs on standard systems without additional packages, which makes the reference implementation easy to inspect, run, and adapt.
The method itself is language agnostic. The binding, artifact construction, and forwarding pattern NUVL demonstrates can be implemented in any language or runtime. Python is the reference starting point, not the architectural requirement.
This quickstart uses Python 3 only. No external packages. No build step. The full NUVL file is shown first, followed by a minimal provider and a simple valid client.
Save this as nuvl.py.
from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
import hashlib, json, threading, urllib.request
PROVIDER_URL = "http://127.0.0.1:9090/ingest"
def forward(payload):
def _():
try:
req = urllib.request.Request(
PROVIDER_URL,
json.dumps(payload).encode(),
{"Content-Type": "application/json"},
method="POST"
)
urllib.request.urlopen(req, timeout=2)
except:
pass
threading.Thread(target=_, daemon=True).start()
class H(BaseHTTPRequestHandler):
def log_message(self, *a):
pass
def do_POST(self):
size = int(self.headers.get("Content-Length", 0))
body = self.rfile.read(size)
ctx = self.headers.get("X-Verification-Context", "")
token = self.headers.get("X-Provider-Token", "")
request_hash = hashlib.sha256(body).hexdigest()
artifact = {
"request_repr": request_hash,
"verification_context": ctx,
"provider_token": token
}
forward(artifact)
self.send_response(204)
self.end_headers()
ThreadingHTTPServer(("0.0.0.0", 8080), H).serve_forever()
Start the intermediary on port 8080:
python3 nuvl.py
That is the full startup. NUVL receives requests, derives a non-reversible representation of the request body, packages that representation with the verification context and provider token, forwards the artifact to the provider-controlled endpoint, and immediately disengages.
Save this as provider_stub.py. It listens on port 9090 and prints the artifact it receives.
from http.server import BaseHTTPRequestHandler, HTTPServer
import json
class Provider(BaseHTTPRequestHandler):
def log_message(self, *a):
pass
def do_POST(self):
size = int(self.headers.get("Content-Length", 0))
body = self.rfile.read(size)
artifact = json.loads(body)
print("Artifact received:")
print(json.dumps(artifact, indent=2))
self.send_response(200)
self.end_headers()
HTTPServer(("127.0.0.1", 9090), Provider).serve_forever()
Run it in a separate terminal:
python3 provider_stub.py
Save this as client.py. This version uses the Python standard library only, matching the rest of the quickstart.
#!/usr/bin/env python3
import time
import urllib.request
NUVL = "http://127.0.0.1:8080/"
TIMEOUT = 5
BODY = b'{"op":"initiate","target":"gate","mode":"standard"}'
PROVIDER_TOKEN = "PASTE_PROVIDER_TOKEN_HERE"
VERIFICATION_CONTEXT = "ctx_alpha"
INTERVAL_SECONDS = 60
def send_once():
headers = {
"Content-Type": "application/octet-stream",
"X-Verification-Context": VERIFICATION_CONTEXT,
"X-Provider-Token": PROVIDER_TOKEN,
}
req = urllib.request.Request(
NUVL,
data=BODY,
headers=headers,
method="POST",
)
try:
with urllib.request.urlopen(req, timeout=TIMEOUT) as resp:
print(f"[{time.strftime('%H:%M:%S')}] status={resp.status}")
except Exception as e:
print(f"[{time.strftime('%H:%M:%S')}] error={e}")
if __name__ == "__main__":
print(f"[{time.strftime('%H:%M:%S')}] client started — target {NUVL}")
print(f"sending 1 request every {INTERVAL_SECONDS} seconds\n")
try:
while True:
send_once()
time.sleep(INTERVAL_SECONDS)
except KeyboardInterrupt:
print("\nstopped.")
This client keeps the quickstart aligned with the reference implementation by using Python's built-in modules rather than external dependencies. The verification context is set to ctx_alpha, which matches the lowercase ctx_ prefix expected by the provider-side implementation.
This demonstrates the separation directly: NUVL performs mechanical binding and forwarding, while provider-side handling remains outside the intermediary's authority.
For stress testing and adversarial validation, keep scrolling.
The attack harness is a test environment for validating NUVL behavior under adversarial conditions. It requires three components running simultaneously: the provider with its live dashboard, NUVL itself, and the attacker. This section assumes NUVL is already running. If it is not, follow the Quickstart first.
The provider in this harness is not a stub. It performs full HMAC signature verification, nonce tracking, expiry validation, context checking, and replay prevention. It also serves a live stats endpoint so you can observe what is being denied and why as the attacker runs.
Two external packages are required for this harness. Install them before proceeding.
pip install psutil requests
psutil is used by the provider to track CPU and memory. requests is used by the attacker. NUVL itself has no external dependencies.
Save the following as provider.py and run it first. The provider listens on 127.0.0.1:9090 for artifacts from NUVL and serves live stats on 0.0.0.0:8000.
from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
import base64
import hashlib
import hmac
import json
import os
import psutil
import threading
import time
import collections
SECRET = b"FIGURE IT OUT"
used_nonces = {}
nonce_lock = threading.Lock()
stats_lock = threading.Lock()
_start_time = time.time()
_process = psutil.Process(os.getpid())
_process.cpu_percent(interval=None)
_request_timestamps = collections.deque()
_rps_lock = threading.Lock()
_history = collections.deque(maxlen=300)
_history_lock = threading.Lock()
_response_times = []
_response_lock = threading.Lock()
SAVE_INTERVAL = 60.0
_last_save = 0.0
stats = {
"run_started": time.strftime("%Y-%m-%dT%H:%M:%S.000000Z", time.gmtime(_start_time)),
"last_updated": "",
"nuvl_status": "up",
"provider_status": "up",
"uptime_seconds": 0.0,
"total_attempts": 0,
"initiated": 0,
"denied": 0,
"timed_out": 0,
"internal_errors": 0,
"initiation_rate_pct": 0.0,
"denial_rate_pct": 0.0,
"timeout_rate_pct": 0.0,
"current_rps": 0.0,
"peak_rps": 0.0,
"avg_response_ms": 0.0,
"cpu_current_pct": 0.0,
"cpu_peak_pct": 0.0,
"ram_current_mb": 0.0,
"ram_peak_mb": 0.0,
"control_sent": 0,
"control_completed": 0,
"control_timed_out": 0,
"control_success_pct": 0.0,
"denied_breakdown": {
"malformed": 0,
"missing_fields": 0,
"bad_expiry": 0,
"expired": 0,
"mismatch": 0,
"replay": 0,
"bad_signature": 0,
"bad_context": 0,
},
}
def register_attempt_timestamp():
with _rps_lock:
_request_timestamps.append(time.time())
def compute_rps():
now = time.time()
with _rps_lock:
cutoff = now - 10.0
while _request_timestamps and _request_timestamps[0] < cutoff:
_request_timestamps.popleft()
rps = len(_request_timestamps) / 10.0
return round(rps, 2)
def compute_rates():
total = stats["total_attempts"]
if total > 0:
stats["initiation_rate_pct"] = round((stats["initiated"] / total) * 100, 2)
stats["denial_rate_pct"] = round((stats["denied"] / total) * 100, 2)
stats["timeout_rate_pct"] = round((stats["timed_out"] / total) * 100, 2)
else:
stats["initiation_rate_pct"] = 0.0
stats["denial_rate_pct"] = 0.0
stats["timeout_rate_pct"] = 0.0
control_sent = stats["control_sent"]
if control_sent > 0:
stats["control_success_pct"] = round(
(stats["control_completed"] / control_sent) * 100, 2
)
else:
stats["control_success_pct"] = 0.0
def update_system_stats():
try:
raw = _process.cpu_percent(interval=None)
try:
cores = len(_process.cpu_affinity())
except Exception:
cores = psutil.cpu_count(logical=True) or 1
cpu = raw / max(cores, 1)
cpu = min(max(cpu, 0.0), 100.0)
mem = _process.memory_info()
ram_mb = round(mem.rss / (1024 * 1024), 2)
stats["cpu_current_pct"] = round(cpu, 2)
stats["ram_current_mb"] = ram_mb
if cpu > stats["cpu_peak_pct"]:
stats["cpu_peak_pct"] = round(cpu, 2)
if ram_mb > stats["ram_peak_mb"]:
stats["ram_peak_mb"] = ram_mb
except Exception:
pass
stats["uptime_seconds"] = round(time.time() - _start_time, 1)
with _response_lock:
if _response_times:
stats["avg_response_ms"] = round(sum(_response_times) / len(_response_times), 3)
else:
stats["avg_response_ms"] = 0.0
def save_stats():
global _last_save
now = time.time()
if now - _last_save < SAVE_INTERVAL:
return
_last_save = now
with open("stats.json", "w", encoding="utf-8") as f:
json.dump(stats, f)
rps = compute_rps()
stats["current_rps"] = rps
if rps > stats["peak_rps"]:
stats["peak_rps"] = rps
update_system_stats()
compute_rates()
with open("stats.json", "w", encoding="utf-8") as f:
json.dump(stats, f, indent=2)
def record_history():
while True:
time.sleep(5)
with stats_lock:
snap = {
"ts": round(time.time() - _start_time, 0),
"rps": stats["current_rps"],
"initiated": stats["initiated"],
"denied": stats["denied"],
"timed_out": stats["timed_out"],
"cpu": stats["cpu_current_pct"],
"ram": stats["ram_current_mb"],
"control_success_pct": stats["control_success_pct"],
}
with _history_lock:
_history.append(snap)
def bump_denial(reason):
with stats_lock:
stats["total_attempts"] += 1
stats["denied"] += 1
key = reason if reason in stats["denied_breakdown"] else "malformed"
stats["denied_breakdown"][key] += 1
save_stats()
def bump_initiated():
with stats_lock:
stats["total_attempts"] += 1
stats["initiated"] += 1
stats["control_sent"] += 1
stats["control_completed"] += 1
save_stats()
def bump_timed_out():
with stats_lock:
stats["total_attempts"] += 1
stats["timed_out"] += 1
stats["control_sent"] += 1
stats["control_timed_out"] += 1
save_stats()
def bump_internal_error():
with stats_lock:
stats["total_attempts"] += 1
stats["internal_errors"] += 1
save_stats()
def sign(r, c, n, e):
msg = f"{r}|{c}|{n}|{e}".encode()
return hmac.new(SECRET, msg, hashlib.sha256).hexdigest()
def decode_token(token):
raw = base64.urlsafe_b64decode(token.encode())
obj = json.loads(raw.decode())
rr = obj["r"]
cc = obj["c"]
n = obj["n"]
e = obj["e"]
s = obj["s"]
if not all(isinstance(x, str) for x in (rr, cc, n, e, s)):
raise ValueError("bad token fields")
return rr, cc, n, e, s
class Provider(BaseHTTPRequestHandler):
def log_message(self, *args):
pass
def do_POST(self):
t0 = time.time()
register_attempt_timestamp()
try:
if self.path != "/ingest":
self.send_response(404)
self.end_headers()
return
size = int(self.headers.get("Content-Length", 0))
try:
data = json.loads(self.rfile.read(size))
except Exception:
bump_denial("malformed")
self.send_response(400)
self.end_headers()
return
r = data.get("request_repr")
c = data.get("verification_context")
token = data.get("provider_token")
if not all(isinstance(x, str) and x for x in (r, c, token)):
bump_denial("missing_fields")
self.send_response(403)
self.end_headers()
return
if not c.startswith("ctx_"):
bump_denial("bad_context")
self.send_response(403)
self.end_headers()
return
try:
rr, cc, n, e, s = decode_token(token)
except Exception:
bump_denial("malformed")
self.send_response(403)
self.end_headers()
return
try:
exp = int(e)
except Exception:
bump_denial("bad_expiry")
self.send_response(403)
self.end_headers()
return
now = int(time.time())
if rr != r or cc != c:
bump_denial("mismatch")
self.send_response(403)
self.end_headers()
return
if now > exp:
bump_denial("expired")
self.send_response(403)
self.end_headers()
return
if s != sign(rr, cc, n, e):
bump_denial("bad_signature")
self.send_response(403)
self.end_headers()
return
with nonce_lock:
expired_nonces = [k for k, v in used_nonces.items() if int(v) <= now]
for k in expired_nonces:
del used_nonces[k]
if n in used_nonces:
bump_denial("replay")
self.send_response(403)
self.end_headers()
return
used_nonces[n] = e
elapsed = round((time.time() - t0) * 1000, 3)
with _response_lock:
_response_times.append(elapsed)
if len(_response_times) > 10000:
del _response_times[:5000]
bump_initiated()
self.send_response(200)
self.end_headers()
except BrokenPipeError:
bump_timed_out()
except TimeoutError:
bump_timed_out()
except Exception:
bump_internal_error()
try:
self.send_response(500)
self.end_headers()
except Exception:
pass
class StatsHandler(BaseHTTPRequestHandler):
def log_message(self, *args):
pass
def do_GET(self):
if self.path == "/stats":
with stats_lock:
payload = json.dumps(stats, indent=2).encode()
self._json(payload)
return
if self.path == "/history":
with _history_lock:
payload = json.dumps(list(_history)).encode()
self._json(payload)
return
if self.path == "/health":
self._json(json.dumps({"status": "ok"}).encode())
return
self.send_response(404)
self.end_headers()
def _json(self, payload):
self.send_response(200)
self.send_header("Content-Type", "application/json")
self.send_header("Access-Control-Allow-Origin", "*")
self.send_header("Content-Length", str(len(payload)))
self.end_headers()
self.wfile.write(payload)
def start_stats_server():
ThreadingHTTPServer(("0.0.0.0", 8000), StatsHandler).serve_forever()
threading.Thread(target=start_stats_server, daemon=True).start()
threading.Thread(target=record_history, daemon=True).start()
print("Provider listening on 127.0.0.1:9090")
print("Stats serving on 0.0.0.0:8000")
save_stats()
ThreadingHTTPServer(("127.0.0.1", 9090), Provider).serve_forever()
Start the provider in its own terminal:
python3 provider.py
The provider is now listening for artifacts on port 9090 and serving live stats on port 8000. Visit http://localhost:8000/stats to see the stats JSON. Visit http://localhost:8000/history for the rolling time-series data.
One line in the provider controls the shared secret. Change SECRET to a value only your provider knows before running the attacker or any client against your own deployment. The attacker does not know the secret — that is the point.
SECRET = b"FIGURE IT OUT"
NUVL should already be running from the Quickstart. Confirm it is up and forwarding to the provider on port 9090.
python3 nuvl.py
With both the provider and NUVL running, any POST to port 8080 will be forwarded as a verification artifact to the provider on port 9090. The provider evaluates the artifact against its full validation chain. NUVL has no knowledge of the outcome.
Save the following as attacker.py. By default it targets the local NUVL instance. To run it against the live challenge endpoint, change the NUVL variable to https://challenge.xer0trust.com/nuvl.
import base64
import hashlib
import json
import random
import string
import threading
import time
import requests
NUVL = "http://127.0.0.1:8080/"
TIMEOUT = 5
stats = {
"sent": 0,
"errors": 0,
}
lock = threading.Lock()
def rand_str(n=12):
return "".join(random.choices(string.ascii_lowercase + string.digits, k=n))
def rand_hex(n=64):
return "".join(random.choices("0123456789abcdef", k=n))
def rand_ctx():
pool = [
"ctx_demo",
"ctx_alpha",
"ctx_beta",
"ctx_gamma",
"ctx_prod",
"ctx_dev",
"ctx_user",
"ctx_api",
"ctx_edge",
"ctx_" + rand_str(6),
]
return random.choice(pool)
def now():
return int(time.time())
def body_bytes():
templates = [
{"op": "transfer", "amount": random.randint(1, 9999), "to": "acct_" + rand_str(8)},
{"op": "auth", "user": rand_str(8), "pass": rand_str(12)},
{"op": "query", "id": rand_str(16)},
{"action": "initiate", "token": rand_str(32)},
{"cmd": "run", "args": [rand_str(4), rand_str(4)]},
]
return json.dumps(random.choice(templates), separators=(",", ":")).encode("utf-8")
def sha256_hex(data: bytes) -> str:
return hashlib.sha256(data).hexdigest()
def wrong_sig():
attempts = [
rand_hex(64),
hashlib.sha256(rand_str(32).encode()).hexdigest(),
hashlib.md5(rand_str(32).encode()).hexdigest(),
"0" * 64,
"f" * 64,
]
return random.choice(attempts)
def token_b64(obj) -> str:
raw = json.dumps(obj, separators=(",", ":")).encode("utf-8")
return base64.urlsafe_b64encode(raw).decode("utf-8")
def send(headers, body):
try:
requests.post(NUVL, data=body, headers=headers, timeout=TIMEOUT)
with lock:
stats["sent"] += 1
except Exception:
with lock:
stats["errors"] += 1
def send_with_token(ctx, token, body, include_ctx=True, include_token=True):
headers = {"Content-Type": "application/json"}
if include_ctx:
headers["X-Verification-Context"] = ctx
if include_token:
headers["X-Provider-Token"] = token
send(headers, body)
def attack_bad_signature():
while True:
body = body_bytes()
ctx = rand_ctx()
r = sha256_hex(body)
n = rand_str(16)
e = str(now() + random.randint(60, 600))
token = token_b64({"r": r, "c": ctx, "n": n, "e": e, "s": wrong_sig()})
send_with_token(ctx, token, body)
time.sleep(random.uniform(0.01, 0.03))
def attack_expired():
while True:
body = body_bytes()
ctx = rand_ctx()
r = sha256_hex(body)
n = rand_str(16)
e = str(now() - random.randint(60, 7200))
token = token_b64({"r": r, "c": ctx, "n": n, "e": e, "s": wrong_sig()})
send_with_token(ctx, token, body)
time.sleep(random.uniform(0.04, 0.12))
def attack_bad_expiry():
while True:
body = body_bytes()
ctx = rand_ctx()
r = sha256_hex(body)
n = rand_str(16)
e = random.choice(["soon", "never", "3.14", "NaN", "abc123"])
token = token_b64({"r": r, "c": ctx, "n": n, "e": e, "s": wrong_sig()})
send_with_token(ctx, token, body)
time.sleep(random.uniform(0.04, 0.12))
def attack_mismatch():
while True:
body = body_bytes()
ctx = rand_ctx()
bad_r = rand_hex(64)
while bad_r == sha256_hex(body):
bad_r = rand_hex(64)
n = rand_str(16)
e = str(now() + random.randint(60, 600))
token = token_b64({"r": bad_r, "c": ctx, "n": n, "e": e, "s": wrong_sig()})
send_with_token(ctx, token, body)
time.sleep(random.uniform(0.04, 0.12))
def attack_missing_fields():
while True:
body = body_bytes()
ctx = rand_ctx()
mode = random.choice(["missing_ctx", "missing_token", "both"])
if mode == "missing_ctx":
send_with_token(ctx, "x", body, include_ctx=False, include_token=True)
elif mode == "missing_token":
send_with_token(ctx, "x", body, include_ctx=True, include_token=False)
else:
send_with_token(ctx, "x", body, include_ctx=False, include_token=False)
time.sleep(random.uniform(0.05, 0.15))
def attack_malformed():
bad_tokens = [
"!!!notbase64!!!",
"eyJ9",
"not.valid.base64",
base64.urlsafe_b64encode(b"{}").decode("utf-8"),
base64.urlsafe_b64encode(b"[]").decode("utf-8"),
base64.urlsafe_b64encode(b"null").decode("utf-8"),
rand_hex(32),
rand_str(48),
"",
"." * 30,
]
while True:
body = body_bytes()
ctx = rand_ctx()
token = random.choice(bad_tokens)
send_with_token(ctx, token, body)
time.sleep(random.uniform(0.05, 0.15))
def status_printer():
while True:
time.sleep(5)
with lock:
s = stats["sent"]
e = stats["errors"]
print(f"[{time.strftime('%H:%M:%S')}] sent={s} errors={e}")
if __name__ == "__main__":
print(f"[{time.strftime('%H:%M:%S')}] attacker started — target {NUVL}")
print("Ctrl+C to stop\n")
workers = [
threading.Thread(target=attack_bad_signature, daemon=True),
threading.Thread(target=attack_expired, daemon=True),
threading.Thread(target=attack_bad_expiry, daemon=True),
threading.Thread(target=attack_mismatch, daemon=True),
threading.Thread(target=attack_missing_fields, daemon=True),
threading.Thread(target=attack_malformed, daemon=True),
threading.Thread(target=status_printer, daemon=True),
]
for w in workers:
w.start()
try:
while True:
time.sleep(1)
except KeyboardInterrupt:
print("\nstopped.")
Run the attacker in a third terminal:
python3 attacker.py
The attacker launches six concurrent threads, each targeting a different failure category: bad signature, expired token, bad expiry format, request hash mismatch, missing fields, and malformed token structure. It prints a running count every five seconds.
With all three components running, open http://localhost:8000/stats in a browser or poll it with curl. The provider updates its stats as each artifact arrives and is evaluated.
curl http://localhost:8000/stats
Each denial category in the breakdown corresponds directly to one of the attacker's threads. Bad signature attempts will never pass because the attacker does not know the secret. Expired tokens fail on the timestamp check. Mismatched request representations fail because the hash in the token does not match the hash NUVL derived from the actual request body. Replay attempts fail because the nonce has already been recorded.
The initiated count reflects requests that passed every validation step. With the attacker running and no valid client present, that number stays at zero. NUVL forwarded every artifact correctly — the provider evaluated each one and denied all of them. The intermediary had no role in those decisions.
That separation — NUVL forwarding without deciding, the provider deciding without NUVL knowing the outcome — is what the harness demonstrates.
The live challenge endpoint has been running continuously since March 31, 2026 under the same attack pattern demonstrated in this harness. The control plane shows real-time denial rates, throughput, system resource usage, and a full breakdown of denial categories as they accumulate.
https://challenge.xer0trust.com
Open it in a browser to see the live dashboard. The numbers update in real time.
NUVL is the foundation, not the limit. The reference implementation demonstrates a narrow stateless intermediary that binds and forwards verification artifacts without acquiring execution authority. The extensions build on that constraint model to support more complex environments while preserving the same architectural boundary: intermediaries may relay, sequence, observe, or constrain, but they do not become the authority.
These extensions are stand-alone constraint models. They can operate with a NUVL-like intermediary pattern where applicable, but they do not depend on NUVL by name to function. Their purpose is to preserve boundary integrity across more demanding environments without allowing control to drift outward into transport, coordination, or surrounding infrastructure.
Each extension includes a reference implementation and source repository. The reference implementations are composable — they can be combined to address multi-constraint environments where more than one authority-migration vector is present simultaneously.
Multi-provider constraints support verification flows that span independent providers without collapsing authority into a shared intermediary. Each provider remains responsible for its own evaluation boundary. The intermediary does not merge policy, does not unify trust, and does not convert one provider's artifact into authorization at another boundary.
This matters in environments where work crosses organizational, operational, or jurisdictional boundaries. The architectural goal is coordination without authority migration.
Multi-domain constraints support verification flows that cross distinct trust, policy, operational, or administrative domains without allowing those domains to collapse into a single external authority layer. A domain boundary may carry its own rules, context, and verification requirements, but crossing that boundary does not authorize the intermediary to interpret, approve, or unify execution decisions on behalf of the participating systems.
This matters when requests move across separate environments that must remain independently authoritative. The goal is not to erase domain separation. The goal is to preserve coordination across domains while preventing authority from drifting into the transport, relay, or coordination path between them.
Multi-hub constraints support relay and forwarding across multiple intermediary points without turning those hubs into decision systems. Hubs may carry artifacts, route them, or preserve sequence, but they remain mechanically constrained. They do not interpret operational meaning and do not determine what execution is allowed to occur.
This preserves neutrality even when the transport or coordination path becomes distributed.
Adaptive boundary constraints support environments where provider-side conditions may change over time, across workloads, or across execution states. Adaptation does not mean authority is delegated outward. It means the provider can vary what it requires while the intermediary remains non-authoritative.
These constraints are particularly relevant where provider-controlled AI or ML systems participate in boundary determination. The intermediary does not become the model authority, the inference authority, or the override layer. Provider-side systems may vary the boundary logic, but execution authority still remains inside the provider-controlled boundary.
Artifact exchange constraints support controlled forwarding of provider-generated or provider-relevant verification materials across system boundaries. The intermediary may carry those artifacts, but possession does not equal authority. Evaluation remains where execution authority actually resides.
This allows evidence movement without turning transport into decision-making.
Some environments require verification without broad disclosure of identity, full payload contents, or internal evaluation logic. Disclosure constraints are intended for those cases. The architecture supports constrained evidence paths without requiring the intermediary to know more than it needs to know.
The principle remains the same: reduce what can be learned without weakening where authority is held.
Hardware boundary constraints support cases where verification is associated with devices, sensors, embedded systems, or other boundary-bound components. The intermediary may relay artifacts tied to hardware state or hardware-origin conditions, but it still does not become the authority that interprets execution legitimacy.
This is relevant for IoT, edge systems, embedded control environments, and device-scoped operational chains.
Not all verification paths assume continuous network availability. Offline and air-gap constraints support environments where artifact handling, sequencing, or evaluation must survive disconnected conditions. The same separation still applies: temporary transport or sequencing mechanisms do not inherit provider authority simply because the environment is constrained.
This matters for operational technology, defense environments, isolated networks, and staged execution paths.
Temporal gatekeeping constraints support architectures where timing, sequence windows, event progression, or bounded operational phases matter to the provider-side boundary. These models do not grant clocks or timing sources independent authority. Temporal reference may be used, but time itself does not become the decision-maker.
That distinction is central: temporal conditions may constrain a path without becoming the authority behind it.
Measurement constraints support architectures where recorded conditions, observed states, or bounded system measurements influence whether a verification path remains valid. The measurements may matter to the provider-side boundary, but the systems carrying or reporting those measurements do not become the authority that decides execution on their own.
This preserves the difference between reporting a condition and authorizing an outcome.
Ledger-reliant constraints support architectures where verification artifacts or boundary events may need external anchoring, sequencing, or evidentiary preservation. Those mechanisms may support observability or integrity, but they do not create a new trust anchor that replaces provider-side authority.
Anchoring is evidence. It is not authorization.
Security failures are often described as control failures, but many are really authority-placement failures. The extensions exist because real systems rarely stay small, local, or singular. They become distributed, layered, adaptive, automated, measured, and operationally messy.
The purpose of the extension model is to preserve the same core rule under those conditions: intermediaries may participate in the path, but they do not become the authority that determines execution.
For research licensing, commercial licensing, or general inquiries, reach out directly.