The platform · phionyx-core runtime

How the runtime governs an AI decision.

phionyx-core is a deterministic governance runtime. An AI decision enters as a sensor reading — a measurement, not an instruction — and passes policy gates, a kill switch, a human-in-the-loop queue, ethics and safety gates, and a signed audit chain. The runtime decides what, if anything, becomes action.

The model stays probabilistic. The path through the gates is reproducible.

The governed runtime path

Where Phionyx sits between model output and real action

Click any step to inspect what runs there. The path is deterministic; the model is not.

AI Outputstep 1 of 10

The model returns a candidate response or tool call. Treated as a noisy measurement, not authority.

The engine

phionyx-core — the deterministic runtime

The gates above are not a wrapper around a model. They run inside phionyx-core, a deterministic governed runtime. phionyx-core defines a canonical 46-block pipeline; a governed decision runs through it in a fixed order, and given identical inputs the path through that pipeline is reproducible.

But you do not have to deploy all 46 blocks. The highest-value piece — the signed, replayable evidence record — lives in the evidence layer and can be deployed on its own, without the full pipeline, when your application only needs the record rather than the gates.

The model never has the last word. LLM output enters the runtime as a sensor reading — a measurement, not an instruction — and the kill switch, human-in-the-loop queue, ethics and safety gates, and signed audit chain decide what, if anything, becomes action. Nothing reaches your system before it has passed those gates.

The runtime treats safety as structure, not policy text: gates are pipeline blocks, never deleted, only policy-bypassed with an audit-trail entry naming who, when, and why.

What runs at each gate

The primitives behind bounded authority

Kill switch

Four-trigger emergency shutdown — operator command, anomaly threshold, audit-integrity break, or upstream signal. Fail-closed by default. Cannot be policy-bypassed without an audit-trail entry naming who, when, and why.

Human-in-the-loop queue

Priority + expiry + audit. High-stakes or low-confidence decisions route to a responsible human; low-stakes paths auto-approve deterministically. Items that expire un-approved drop to the default-deny outcome.

Deliberative ethics

Four-framework reasoning gate. Consequentialist, deontological, virtue, and care perspectives evaluate the proposed action. Conflicts surface for human review rather than silent over-ride.

RBAC + scope

Role-based access control plus declared capability scope. Every action is checked against the agent's allowed surface before it touches the world.

Audit chain

Ed25519-signed, hash-chained AuditRecord. Append-only. Record-bound replay: any past decision can be re-walked from the signed record — inputs through gates to output. The recorded gate path is reproducible; the model output itself is not re-generated.

Compliance evidence mappings

Evidence-grade mappings onto EU AI Act, NIST AI RMF, ISO/IEC 42001, OWASP Agentic Top 10. Mappings, not legal certifications — they make audit work easier, not optional.

Where this becomes critical

Five workflows where model output cannot be allowed to become action by default

  • Safety-first agentic systemsAgents acting in environments where wrong action has real-world cost.
  • Family AIHousehold decisions proposed by AI; the responsible adult decides — see the HearthOS worked example below.
  • Education systemsAI tutors with bounded persona and content scope; coherence checking across long sessions.
  • Regulated workflowsHealthcare, finance, public sector — wherever audit trail, deliberation, and human approval are non-negotiable.
  • Agentic tool-callingCode-acting and tool-using agents where every tool call is a real-world action.
  • Narrative systemsAI characters and storyworlds where consequential action affects the player.

Standards & compliance

Evidence mappings onto established frameworks

Phionyx is not a replacement for established AI governance frameworks — it is a runtime layer that produces the evidence those frameworks expect. Each gate maps onto specific clauses of the frameworks below.

EU AI Act

High-risk AI system obligations: risk management, data governance, transparency, human oversight, accuracy.

NIST AI RMF

Map / Measure / Manage / Govern functions; evidence produced at each gate feeds the Manage and Govern tiers.

ISO/IEC 42001

AI management system controls; audit chain and HITL queue produce the artefacts ISO/IEC 42001 audits expect.

OWASP Agentic Top 10

Agent-specific risks (tool abuse, scope creep, prompt injection); bounded-authority pattern addresses several directly.

The mappings above are evidence-grade, not legal certifications. They make audit work easier; they don't replace it.

Deploy what you need

Three runtime modes

You do not have to run the whole pipeline. The runtime ships in three composable modes — a signed evidence record, calibrated abstention, and a fail-closed safety gate — each deployable on its own.

See the three runtime modes →

Current maturity

What this is — and what it is not

Phionyx is cooperative-grade governance with a capability boundary: it makes the governance path deterministic and the evidence replayable. It does not make the model correct, it does not claim to contain a model, and it does not prevent hallucination — it constrains, records, and makes the decision accountable.

The limits are shown, not hidden — see the Trust page for what holds today, what remains a documented gap, and how to reproduce every claim. See the runtime applied to real workflows under Use Cases.

Verify

Reproduce it

Every primitive above is in phionyx-core on PyPI, deposited under Zenodo concept DOI 10.5281/zenodo.20027534, and tested on the public CI (1,131 tests). The full claim-by-claim proof is on the Trust page.

Platform — the Phionyx deterministic governance runtime