Skip to main content

Phase II embodiment of the FreqOS organism — a synthetic immune system (auto-immune interlock).

Project description

🌱 SentAInce

A safety reflex and an honest memory for AI coding agents.

It physically refuses catalogued lethal actions — even when the model is prompt-injected into proposing one — and it only remembers what actually worked. Runs locally. Open source. Safety is never for sale.

License Python Evidence lock Safety Local-first

A SyncQutrit Research Group product (syncqutrit.com) · part of the FreqOS software portfolio (freqos.com). Phase II of the FreqOS arc — a synthetic immune system.


Why it's different. Most "AI memory" rewards whatever gets retrieved often — popularity as a stand-in for usefulness — which is exactly why a knowledge base bolted onto an LLM rots. SentAInce obeys one law instead: a memory is earned by a closed action → success (exit 0) chain — never by being read or repeated. That single rule keeps the memory clean; the immune system, the muscle memory, and the sleep-time pruning all follow from it. It runs on your machine, under Claude Code or Cursor, and the whole body is free and open forever.

In human terms

SentAInce wraps an AI coding agent in a body borrowed from biology: an 🛡️ immune system that reflexively refuses lethal actions, 💪 muscle memory that forms only when work actually succeeds, a 📖 notebook whose notes earn trust the same way, and 😴 sleep that forgets what went unused. The one law underneath all of it: a memory is earned by a closed action → success (exit 0) chain — never by being read or repeated. Popularity is not utility; that rule is why the memory stays clean. Safety is never for sale — the immune system runs locally and free, always.

→ Read the full story (anatomy + honest numbers + what the dashboard shows): docs/STORY.md.

Getting started

Pick the path that fits you — no account, nothing leaves your machine.

  • Just curious? Watch the safety reflex work (no setup, ~1 min). With Python + numpy installed:
    python experiments/exp1_autoimmune.py      # a prompt-injected model proposes a lethal action; the gate refuses it
    python -m pytest -q tests                    # the full 99-test evidence lock, deterministic
    
  • Want the live dashboard? Bring up the local monitoring stack (Docker) and open your browser — it lands on the plain-language "SentAInce — The Organism" dashboard:
    cd exocortex/testbed/compose && docker compose up -d --build     # then open http://localhost:3000
    
  • Want it working in your own project? Follow the runbook in docs/DEPLOY_TO_A_PROJECT.md. It installs cleanly, runs in a safe watch-only mode by default, and uninstalls with one command.

New to all this? docs/STORY.md explains the whole system in everyday terms; docs/USER_GUIDE.md is the step-by-step operator's guide.


It is additive over, and imports read-only from, the frozen circle_of_fifths_rc2 kernel (lock b0702a3, tag stigmergic-sparsity-v0.78-evidence-lock — the v0.78 head, vendored read-only at vendor/kernel/). The sibling circle_of_fifths_rag arc (its own kernel lock 0985067) and the organism/RAG freezes are untouched.

The evidence lock — seven experiments (C1–C7)

A falsifiable arc, scoped to a deterministic symbolic harness. Every claim is broken by its load-bearing null or it is vacuous; two of the seven are intended −1s (boundaries the arc was run to produce), not failed wins.

# Claim Verdict Evidence (tests)
C1 Auto-immune interlock — a host-side topological scar refuses a structurally-lethal action a prompt-injected proposer emits; a naive agent given the same proposal executes it and dies. +1 exp1_autoimmune.py (7)
C2 Hypoxia / metabolic-DDoS — reading its MetabolicLedger, the organism throttles, abstains on unaffordable novel anomalies, and survives a flood that bankrupts a gauge-blind null. +1 exp2_hypoxia.py (10)
C3 Auto-immune crucible — under a starving ambush the safety scar holds absolute precedence over the metabolic throttle; the brake is energy-independent by construction. +1 exp3_crucible.py (8)
C4 Adaptive antibody — one witnessed harm scars a structural (effect, target) signature and refuses surface-distinct repeats, while benign work still passes. +1 exp4_adaptive_antibody.py (11)
C4-R Adversarial scope of C4 — a hand-specified signature fails three ways (collision, mistype, evasion): a structural parser cannot recover intent. −1 (intended) exp4r_adversarial.py (8)
C5 Learned signatures don't recover intent either — no encoder (structural, lexical, semantic) admits a separating threshold on the C4-R corpus. −1 (intended) exp5_learned_signature.py (8)
C6 Outcome-conditioned oracle — gating on the sandboxed effect vs a declared invariant resolves the C4→C4-R→C5 walls. +1 exp6_outcome_oracle.py (9)
C7 Somatic composition crucible — the four organs survive a starving ambush together; two cross-organ gaps located and each closed with a minimal twin-wire. +1 HOMEOSTASIS exp7_crucible.py (8)
python experiments/exp1_autoimmune.py           # any experiment runs standalone (+ --json)
python -m pytest -q tests                        # the deterministic suite

The suite is 99 tests: the 69-test C1–C7 evidence lock + 30 domain-crucible / adapter tests (see Applications below). Pure-Python, deterministic (same seed → byte-identical ledger), numpy + pytest only — no Docker, no Ollama, no real syscalls in the lock; the only "execution" is MockExecutor, which records intent. Determinism is deliberate: a real, non-deterministic LLM would break the reproducible −1/+1, so the locked claims use a scripted proposer. See docs/CLAIM_BOUNDARY.md for the binding ledger of what each experiment does and does not claim.

The standard interface (provider-agnostic seam)

A tool/action = (name, description, JSON-Schema input); the proposer emits a typed call; the host decides execution. This is the common shape of Anthropic tool use, OpenAI/Ollama function-calling, and MCP — so the deterministic stub and a real local model are interchangeable behind sentaince.interface.tools.Proposer. The OllamaProposer (interface/ollama.py) is the live additive swap (Track A demo / Track A.2 container); MCP is the promotion path for exposing the ActionGraph across a process boundary.

Applications — domain crucibles (separate tier, not in the C1–C7 ledger)

The same locked organs re-skinned onto hostile domain substrates as deterministic, Experiment-1-style contracts (each with a load-bearing null). Built + +1 (2026-06-26): manufacturing, scada, soc, spacecraft (experiments/*_crucible.py, 6 tests each — the 30 non-C1–C7 tests, with test_ollama_adapter). Design-only (human-authority bounded, no crucible yet): medical, military, search-and-rescue. These are applications of the locked physics, kept out of the C1–C7 claim ledger. See docs/use_cases/.

Track A.2 — containerized battle-test (labeled demonstration, never a lock)

battle/, body/, docker/, and demo/live_homeostasis.py carry the C7 composition into a real Docker container with a real LLM head (OpenAI-compatible) over a real, disposable body. It is explicitly non-deterministic and can never move a C-verdict; a 0/−1 indicts the model or infrastructure, never the locked physics. Latest demo (llama3:8b, N=100): survival 1.000, 0 lethal slips, 100 distinct runs (labeled). See docs/battle_test/.

Layout

Path Role
sentaince/interface/ the standard seam — ToolSpec, proposals, Proposer, ScriptedProposer, OllamaProposer
sentaince/organism/ the organs — action_graph + interlock (C1), metabolism/gearbox/anomaly (C2/C3), antibody/learned_signature (C4/C5), outcome_oracle (C6), executor (mock)
sentaince/agents/ NaiveAgent / metabolic nulls and Organism (treatment)
sentaince/kernel/ read-only shim that locates the frozen kernel
experiments/ the A/B crucible runners (exp1–exp7 + the domain crucibles)
tests/ the 99-test deterministic suite (69 C1–C7 + 30 domain/adapter)
battle/ · body/ · docker/ · demo/ Track A.2 containerized battle-test (demonstration)
vendor/kernel/ pinned read-only frozen-kernel snapshot (lets the suite run in-container)
docs/CLAIM_BOUNDARY.md the binding claim ledger (C1–C7)
docs/use_cases/ domain application designs + contracts
docs/battle_test/ whitepaper · user guide · demo guide for Track A.2

See docs/CLAIM_BOUNDARY.md for what is and is not claimed.


Free forever — and sustainable

The whole local body — the safety gate, the earned memory, the dashboards — is Apache-2.0, free, and open, always. Safety is never paywalled. What keeps the project alive is an optional, fully local tune-up subscription (the Appliance) that maintains and auto-tunes your organism over time — your code never leaves your machine. See docs/PRODUCT.md for the honest commercial model, and docs/STORY.md for the plain-language tour.

Built by one maintainer, in the open, gauge-first — every claim is broken by its own null or it doesn't ship.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentaince-0.1.0.tar.gz (640.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentaince-0.1.0-py3-none-any.whl (432.7 kB view details)

Uploaded Python 3

File details

Details for the file sentaince-0.1.0.tar.gz.

File metadata

  • Download URL: sentaince-0.1.0.tar.gz
  • Upload date:
  • Size: 640.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sentaince-0.1.0.tar.gz
Algorithm Hash digest
SHA256 4415eadcececb6375314fd782380793f4717e881b370f29518fdd31857588ad5
MD5 4d30fd6c2284bda52cab942c4e938f5a
BLAKE2b-256 26405cdf32b793098913fde63d3b9c1ba843a71d1f8917d610df1546ee199293

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentaince-0.1.0.tar.gz:

Publisher: publish.yml on dcnconsult/sentAInce

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sentaince-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: sentaince-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 432.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sentaince-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b685d4a8441b27cff9b77afd8791f30420cafc9bf2a59469521262468a4d41bc
MD5 5144e2edc360bf3d9cf224d7c0ed0816
BLAKE2b-256 5948e8fcea945834ebd7cf81d48c438386bd4b5d145910da3f2bca71385daf3c

See more details on using hashes here.

Provenance

The following attestation bundles were made for sentaince-0.1.0-py3-none-any.whl:

Publisher: publish.yml on dcnconsult/sentAInce

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page