Sovereign Autonomous Agent Server

Autonomy
under governance.

A server where AI agents act on their own, but never outside your rules, and never without proof.

Scroll

What it is

Zarqivon is a governed runtime for autonomous AI agents. They plan, act and use tools, but only within the rules you set, and every action leaves an unforgeable record.

It is not a chatbot and not a framework. It is the server an agent runs inside, the layer that decides what an agent may do, and then proves what it did.

How it works

The model proposes. Governance disposes.

A task runs as a closed loop. The model can plan freely, but nothing executes until it has passed every gate, and everything that happens is written to a tamper-evident chain.

Plan

The model (or a deterministic planner) decomposes the task into concrete steps, limited to the agent's allowed capabilities.

Act, under governance

Each step passes policy evaluation, risk scoring, approval gates and autonomy limits before it runs in a sandbox.

Evaluate

The agent assesses its own result against the objective, a signed, hash-chained self-assessment, evidence not a gate.

Re-plan, bounded

If the result falls short, the agent proposes more steps and loops again, capped, and still fully governed.

What makes it different

Not just governed, provably so.

Verifiable governance

Every run produces a portable proof bundle, a signed attestation, a Merkle commitment and the hash-chained events, verifiable by anyone with no server, no database, no network. Change one byte and verification fails.

Sovereign by design

Runs fully offline on your own hardware with local models, no cloud, no vendor lock-in, no token cost. Your agents, your machine, your proof.

Model-agnostic

Anthropic, OpenAI, Google or local Ollama / LM Studio, swap the model without touching the governance. The deterministic mock keeps everything offline by default.

Zero-dependency core

The core is pure Python standard library, auditable, portable, with nothing to trust but the code itself. The whole governed server starts from a single command.

Capabilities

Everything an agent needs, and the governance around it.

Governed agent runs Policy engine Human approval gates Autonomy levels L0-L5 Append-only hash-chained audit Signed attestations Merkle proofs Portable proof bundles Deterministic replay LLM planning Self-reflection Adaptive re-planning Capability sandbox Multi-tenant RBAC

How you connect

A server your system talks to over a clean API.

Zarqivon is not a screen you log into. It is a server your own application drives over plain HTTP: create an agent, run a task, fetch a verifiable proof. Run your own instance, or point your app at a hosted one.

# start the whole governed server
./start.sh                              # serves http://127.0.0.1:8799

# your system connects over REST
curl  $ZARQ/health
curl -X POST $ZARQ/api/agents   -d '{"name":"Scout","allowed_capabilities":["text_generate"]}'
curl -X POST $ZARQ/api/tasks    -d '{"agent_id":"...","objective":"summarise this"}'
curl -X POST $ZARQ/api/tasks/<id>/run            # run it, fully governed
curl  $ZARQ/api/runs/<id>/proof-bundle           # take the proof anywhere

Open and self-hostable. Hosted access for testing is available on request.

See it for yourself

A tamper-evident chain, in your browser.

This is the idea at the heart of Zarqivon. Each action is hashed together with the one before it. The whole chain verifies, until a single character changes. Computed live with SHA-256, right here.

Chain verified

An illustration of the audit spine. In the real server the same property is signed and bundled into a proof anyone can verify offline.

Honest by design

What it is, and what it isn't.

Zarqivon is an open, self-hostable alpha. It is security-aligned by design, not a certified or audited product, and its sandbox is defense-in-depth, not full OS isolation. Everything claimed here is real and runs today; nothing is marketing fiction. Trust the proof, not the promise.

Autonomyunder governance.