OPENTHYMOS

GOVERNED EXECUTION RUNTIME FOR AI AGENTS

Cognition proposes.
The runtime governs.
The ledger records.

An AI agent runtime where the model can never act on its own. Every effect passes through a typed proposal, a signed capability writ, and an append-only ledger you can replay and verify — local-first, your keys never leave your machine.

⬇ Download Desktop → ⌨ Download CLI GitHub

Stable

· release notes

OpenThymos — governing machine authority: intents, proposals, writs, governance, ledger, execution, and replay around the runtime core

Intent → Proposal → Commit · Signed capability writs · Deterministic replay

Governed AI runtime

The model never holds the keys.

Governed

The model proposes. The runtime decides.

Cognition enters the system through one narrow contract: emit intents. Authority, policy, and execution are runtime concerns — not model concerns.

Auditable

Every effect is a ledger event.

Commits, rejections, approvals, delegations, and branches are all written to the same append-only, content-addressed ledger. Nothing is out-of-band.

Replayable

World state is a committed delta projection.

Replay recomputes the world by folding committed deltas in order. It verifies the hash chain, sequence continuity, and compiler version — without calling providers.

Desktop control center

Chat with the agent.
Watch it think in Mind.

The desktop app is a local-first control center: chat drives governed runs, Mind renders the live reasoning graph — every node a real runtime record — and Runs, Audit, and Backups expose the ledger underneath. Connect Claude, OpenAI, Ollama, LM Studio, or any OpenAI-compatible model; keys stay on your machine.

Approve or deny risky actions before they run
Live status: planning, executing, awaiting approval
One-click audit trail and replay verification

⬇ Download Desktop →

OpenThymos Desktop — the Mind view rendering a run's reasoning graph in 3D — Mind — the run's reasoning as a living graph. Every node is inspectable.

CLI + runtime

The same governed runtime,
in your terminal.

thymos drives the identical runtime the desktop uses — same providers, same storage, same governance. Run tasks and watch Intent → Proposal → Commit stream live, approve suspended actions inline, and script everything with --json.

curl -fsSL …/scripts/get.sh | sh   # installs thymos + thymos-server

⌨ Download CLI

The thymos CLI streaming a governed run in the terminal — thymos run "…" --follow — the governance feed, live in the terminal.

Skills · tools · grants

Authority is granted, never assumed.

Skills

Reusable, authority-narrowing templates.

Binding a skill can only shrink what a run may do — tools intersect, ceilings AND, budgets take the minimum. Never widen.

Typed tools

Capabilities are contracts, not blobs.

Every tool declares schema, effect class, and risk before it can execute — built-in Rust tools, JSON manifests, and MCP bridges alike.

Grants & approvals

Dangerous actions pause for you.

High-risk tools like shell suspend for an explicit operator sign-off — in the desktop or inline in the CLI — even when the writ permits them.

Audit & replay

Prove what happened. Replay it.

Every run leaves a hash-chained trail; replay folds it back into the same world state — without calling a provider or re-running a tool.

thymos replay run_847

Download stable release

One official download. Two ways to run it.

Everything ships from the latest stable release — release notes and checksums there. Nightly dev builds are separate and clearly marked.

Desktop · recommended OpenThymos Desktop Chat, Mind graph, audit & replay — bundles the local governed runtime.

macOS · Apple silicon macOS · Intel ⊞ Windows x64 🐧 Linux x64

Unsigned installers — your OS will ask once on first launch.

CLI + runtime · power users thymos · terminal release Contains thymos and thymos-server. Scriptable, server-ready.

macOS · Apple silicon macOS · Intel ⊞ Windows x64 🐧 Linux x64

curl -fsSL https://raw.githubusercontent.com/gryszzz/open-thymos/main/scripts/get.sh | sh

Execution grammar

Intent → Proposal → Commit

Three types. One direction. No shortcuts.

Intent

Emitted by cognition. Carries no authority. Content-addressed by blake3(canonical_json(body)).

Proposal

Compiled by the runtime from (Intent, Writ, World, ToolRegistry, PolicyEngine). Binds tool contract, budget projection, and policy trace.

Commit

The only record that mutates world state. Contains structured delta, observed tool output, writ id, proposal id, and compiler version.

⬢

Capability writ

Ed25519-signed authority document. Bounds tool scopes, budgets, time windows, effect ceilings, and delegation depth.

⟐

Policy engine

Pure function (Intent, Writ, World) → Permit | Deny | RequireApproval. Decision recorded in the proposal trace.

▣

Execution ledger

Append-only, parent-chained trajectory history. Root, commit, rejection, pending approval, delegation, and branch entries.

⎈

Replay verifier

Proves hash chain integrity, sequence continuity, and world projection correctness. Cannot call providers or execute tools.

◎

Provider boundary

Providers emit intents. They cannot execute, authorize, or delegate. Provider identity grants no authority.

Five runtime guarantees

Not conventions. Invariants.

These are checked structurally by the runtime, recorded in the ledger, and verifiable by replay. They are not documented promises.

Deterministic replay

A valid ledger can be folded into the same world projection under the recorded commit sequence.

Runtime isolation

Cognition cannot execute tools or mutate state directly. The provider boundary is enforced at the type level.

III

Execution integrity

Only staged proposals may reach the tool boundary. Only commits may mutate projected world state.

Capability constraints

Tool scopes, budgets, time windows, effect ceilings, tenant boundaries, and delegation bounds are checked before execution.

Policy persistence

Policy decisions are recorded as proposal traces and cannot be erased by a client surface.

Run it locally. Govern everything.

Download the desktop app or the CLI, connect a model, and watch every action pass through Intent → Proposal → Commit.

⬇ Download → Getting started Specification

Cognition proposes. The runtime governs. The ledger records.