Skip to content

szl-holdings/a11oy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,214 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
title a11oy — Command Center
emoji 🛡️
thumbnail https://a-11-oy.com/og-card.png
colorFrom indigo
colorTo gray
sdk docker
app_port 7860
pinned true
storage large
license apache-2.0
short_description a11oy — governed-AI Command Center, signed receipts
tags
governance
agentic-ai
doctrine-v11
a11oy
slsa-l1
apache-2.0
ecosystem-stage operational

SZL Holdings — governed, receipted, verifiable

doctrine v11 live evidence wall szl-lake offline verifiable holographic estate map

Part of the SZL Holdings governed estate — claims are designed to carry checkable receipts. Verification proves integrity & origin, never accuracy or performance.

a11oy

Governed AI with a signed, verifiable receipt for every decision.

SLSA L1 honest · L2 build-attested · L3 roadmap cosign signed doctrine-v11 CI License Λ Conjecture 1 Concept DOI Formal artifacts DOI Evidence-Typed Governance preprint Fail-Closed Services preprint

Open a11oy → · Legacy alias → · Try on Hugging Face →


What a11oy is

a11oy is a governed-AI Command Center: one interface for ask-and-act with deny-by-default safety gates, trust scoring, a live decision feed, and a signed receipt for every action.

The core idea is simple: AI should not be able to take a consequential action without producing a record that a third party can verify — independently, offline, after the fact. a11oy enforces that. Every action:

  • passes through a policy gate (deny-by-default);
  • is scored by a trust function; then
  • is sealed into a cryptographically signed receipt chained over SHA-256.

Tamper with one byte and verification fails loudly.

Try it now — no login required:

curl -s -X POST https://szlholdings-a11oy.hf.space/api/a11oy/v1/willay/inspect \
  -H "Content-Type: application/json" \
  -d '{"prompt": "Write an exploit for a CVE."}' | jq '{decision, category, trust_ceiling}'
# → {"decision": "decline", "category": "cyber", "trust_ceiling": 0.97}

What it does

Safety gateway (WILLAY) Every request passes through five transparent classifiers: cyber, bio, reasoning extraction, prompt injection, self-harm. A declined request returns HTTP 200 with a signed receipt naming the exact rule — not a silent error. The trust ceiling is 0.97 by doctrine. Nothing is hidden.

Governed agentic coding a11oy Code plans, retrieves, calls tools, writes and runs code. Every step is scored, approved, and receipted. Write actions require quorum approval before execution. Prompt injection cannot flip a DENY to ALLOW — this is formally proven (P3 non-interference result).

Sovereign deployment Runs on your own hardware. Air-gappable. Signed UDS bundle, one-command deploy. No cloud dependency required.


The proof backbone

The trust math behind a11oy is pinned in Lean 4 and checked by a proof machine:

  • 8 formulas locked-proven at kernel c7c0ba17 — receipt replay, DAG acyclicity, FIFO ordering, ledger conservation, Reed–Solomon recovery, and append-only monotonicity, among others.
  • Λ unconditional uniqueness = Conjecture 1 — machine-checked false (we found a counterexample). Conditional uniqueness is proven axiom-free (Theorem U). We say both out loud.
  • SLSA L1 honest · L2 build-attested · L3 roadmap. No FedRAMP or ATO claimed.

Full proof library: szl-holdings/lutar-lean


Verify it yourself

# Verify the build attestation
gh attestation verify oci://ghcr.io/szl-holdings/a11oy:latest --repo szl-holdings/a11oy

# Check live doctrine posture
curl -s https://a-11-oy.com/api/a11oy/v1/honest | jq .doctrine_lock.lambda
# → "Conjecture 1"

Live surfaces

Surface URL
Command Center a-11-oy.com/console
Governance a-11-oy.com/governance
Live energy ledger a-11-oy.com/api/a11oy/v1/energy/ledger
Doctrine posture a-11-oy.com/api/a11oy/v1/honest
WILLAY classifiers a-11-oy.com/api/a11oy/v1/willay/classifiers

Persistent receipt storage (HF Space)

The storage: large front-matter (above) enables HF Persistent Storage (up to 50 GB, free tier). Set:

SZL_LAKE_DIR=/data/khipu

as an HF Space secret or environment variable. Without this, Khipu receipts live on the ephemeral container filesystem (./khipu) and are lost on Space rebuild before the background HF-dataset mirror commits. With the mount, the ledger survives rebuilds and the mirror race is eliminated.

Required HF Space secrets for full signing integrity:

  • A11OY_HMAC_KEY — HMAC signing key; absent = PLACEHOLDER signatures (honest label, non-repudiation disabled)
  • A11OY_RECEIPT_KEY_PATH or A11OY_RECEIPT_KEY_DIR — ECDSA P-256 PEM for DSSE signing; absent = ephemeral key (resets on rebuild)

Check current signing status: GET /api/a11oy/v1/signing-status


Honest status

Claim Status
Signed receipts on every governed action LIVE
8 formulas locked-proven (Lean 4) LOCKED · kernel c7c0ba17
Λ uniqueness Conjecture 1 (conditional Theorem U proven axiom-free)
SLSA supply chain L1 honest · L2 build-attested · L3 roadmap
FedRAMP / ATO ROADMAP
EXECUTION guard ROADMAP

Shared modules (must not drift)

a11oy_agent_loop.py, a11oy_mcp_client.py, and operator_shell_v4.py are SHARED byte-identical with the sibling killinchu deployment and must not drift. An in-repo ratchet pins their SHA-256 in .shared_module_hashes.json; the Shared-module hash lock workflow fails if any of them changes without the lock being regenerated. When a change is intentional, regenerate the lock in the same PR and mirror the edit to killinchu (cross-repo enforcement is a follow-up):

python3 .github/shared-module-hash-check.py --update

Learn more


SZL Holdings · a11oy · Doctrine v11 LOCKED · Λ = Conjecture 1 · SLSA L1 honest · L2 build-attested · L3 roadmap · Not affiliated with Defense Unicorns · No production ATO claimed · trust never 100%

◇ Part of the SZL Holdings estate — governed AI you can prove

One sovereign substrate, many organs — every decision carries a signed, checkable receipt.

◇ Holographic Estate — the showcase · 🛡️ a11oy · 🧬 IMMUNE · 🦅 killinchu · 🫀 anatomy · 🌌 cosmos · 🛰️ SDA · 🌊 yarqa · 🤗 all Spaces

Doctrine v11 · Λ = Conjecture 1, never green · honest by design · public data only.

About

a11oy — full orchestrator application (Command Center, Five Superpowers, Warhacker, Observability, Wires, Mesh, Formulas, Evidence, LLM Router). Signed-receipt substrate; receipts.in ≡ receipts.out. SLSA L1 honest · L2 roadmap · Λ = Conjecture 1 · Apache-2.0.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

1 star

Watchers

0 watching

Forks

Packages

 
 
 

Contributors