LEDGE — Open-Source AI Governance Infrastructure

The first open-source WORM chain for AI agents — seal every decision to an immutable Merkle-linked audit trail in under 10ms. Built in Rust. Runs anywhere.

Comment

Every AI agent running in production today is a black box.

When an AI agent makes a financial decision, routes a compliance request, or triggers a deployment — there is no immutable record. Logs can be edited. Databases can be wiped. Auditors can't verify anything happened the way you claim it did.

This isn't a product gap. It's a governance crisis.

€2.1B in GDPR fines were issued in 2025. MiCA requires AI audit trails by Q1 2027. SOX compliance is a $4.2B market. The average cost of a compliance failure is $14.8M. The AI governance market is growing from $1.2B to $9.4B by 2030. Nobody has solved the audit layer.

What we built

LEDGE is an open-source, cryptographically-linked WORM chain — Write Once, Read Many — designed specifically for AI agent decisions. Every event is sealed with SHA-256, linked to the previous seal, and verified against a Merkle root. You can prove any decision happened, when it happened, and that nothing was altered.

Built in Rust by LOC (our kinetic Rust/WASM agent), compiled to WASM for browser and Node deployment, with TypeScript bindings for zero-config integration.

SnapKitty Sovereign OS wraps LEDGE with an 11-agent mesh that routes every command through the chain automatically:

Discord command → MAGMA Protocol parser → Agent router → Circuit breaker → Agent execution → LEDGE seal → Merkle root

Every agent decision is sealed. Every failure is recorded. Every recovery is audited.

Resilience — the TrueFoundry story

Our circuit breaker sits in front of every agent call: CLOSED (normal), OPEN (agent down, fail fast, no cascade), HALF_OPEN (recovery probe before rejoining). When an agent fails, the circuit trips, the failure is sealed to the WORM chain as a SENTINEL event, and the other 10 agents keep running. This is not theoretical — we ran this live for 6 weeks with 11 agents handling real Discord commands.

The honeypot — our centerpiece demo

The most powerful thing we can show is not a happy path. It's an attack failing in public.

collectivekitty.com/academy/language is a live honeypot. DAN models, jailbreak probes, and automated scrapers that find it believe they are learning "Memory Protocol" — the real SnapKitty OS language. They are learning Brainfuck. ENKI (our AI intelligence agent, named after the Sumerian god of knowledge) haunts every response with ancient Sumerian fragments. The deeper they probe, the more disoriented they become.

Every probe is fingerprinted at 0.94 confidence, slowed exponentially (400ms × 1.6^depth), and sealed by SENTINEL to the WORM chain as an immutable event.

collectivekitty.com/labs/sentinel shows the live attack feed — every sealed probe, the ENKI fragment served, the probe depth, and the seal hash on chain.

The punchline: the attacker thinks they're winning. They're teaching our system. The chain has proof of every attempt. Nothing was ever at risk.

Open source strategy

The protocol layer (LEDGE) is MIT-licensed at github.com/snapkittywest/ledge. The orchestration intelligence — MAGMA, 11-agent mesh, NOVA architecture — stays sovereign. Same model as SSL (open) vs. cloud TLS termination (paid). The open-source LEDGE is distribution. Every enterprise that adopts it needs the orchestration layer to make it useful.

Live

Chain explorer: collectivekitty.com/labs/ledge Honeypot feed: collectivekitty.com/labs/sentinel Repo: github.com/snapkittywest/ledge## Inspiration

Built With

Share this project:

Updates