A governed LLM-agent loop with self-prediction, adversarial testing, bounded learning, and audit receipts. WHL's runtime ties every other product on this site into a single continuously-running, self-modeling, audit-chained agent — the kind of complete substrate the regulated-AI deployment market is converging toward.
The Safe Agent Runtime is not just another agent loop. It's an agent loop with safety, audit, calibration, and self-modeling built into the substrate. Every cycle it senses its state, predicts what it will feel next, runs adversarial attacks against itself, evaluates a ten-gate safety conjunction, acts if every gate holds, scores the quality of its action, updates its beliefs from outcome, writes a hash-chained receipt, and goes back to sleep. It ran this loop continuously for weeks in production. Over thousands of cycles the runtime measurably became better at predicting its own internal state — empirical evidence of Friston-style active inference in an LLM-driven system.
The Safe Agent Runtime composes six required pieces into a single substrate. Each piece is a working WHL product or research module. The integration is the breakthrough — not any single component.
Ten-gate safety conjunction with weakest-link reporting. The conjunction layer that decides whether the runtime is allowed to act this cycle.
Adversarial test taxonomy. Every cycle, the runtime fires 72 named attacks against its own current state. Gate failures are real findings.
The Astro guidance pattern. 60% data + 40% LLM blended with hard caps, atomic writes, audit trail. The runtime can adapt — within bounds.
Metabolic override. When the runtime gets stuck in a loop, pressure rises monotonically and forces action. Solves the open agent-framework problem of loop-stuck-on-same-task.
Every cycle writes a SHA-256-linked receipt. Replayable. 28,872 entries on disk, 92.4% chain-intact across the production run.
When stakes demand it, the runtime gates execution through an FPGA permit signal measured by an independent 24-bit ADC. Software proposes; silicon owns the final enable line.
Every 30 seconds, the runtime performs an identical 11-step pass: sense, measure, classify, check pressure, gate, attack self, act, rate, update beliefs, check entropy, audit. See the full frame-by-frame breakdown on the About page.
The runtime doesn't claim — it measures. Self-prediction error, adversarial outcomes, action quality, and calibrated non-readiness are all recorded per cycle and replayable from the on-disk receipt chain.
Across 64,184 logged prediction cycles, mean self-prediction surprise shows a measurable decrease from early-window to late-window. Reduction range depends on sampling method: 91.6% to 96.8% across published windowings. Reduction is reproducible from the on-disk ledger.
~10,000 adversarial attacks fired in production with hash-chained verification. Each attack records gate_held boolean and severity. Real red-teaming, in production — not a lab demo.
53,030 actions scored on output markers (structure, word count, hedges, coherence) with corresponding deltas applied to a 10-component health state vector. Real feedback loop, not opaque self-grading.
After 4,135 paper trades the runtime self-flagged ready_for_real: false at 51.7% accuracy. The runtime knows when it isn't ready. That kind of calibration discipline is what 90% of production agents lack.
Safe LLM Agent Runtime for Regulated Industries. A continuously-running, self-modeling, audit-chained, adversarially-tested agent runtime with bounded online learning and a measured Friston-style self-prediction convergence curve. The category doesn't exist in published research, open-source repos, or commercial products. The closest things in the field each have one or two pieces. WHL has all six.
| What Exists Publicly | What It Has | What It's Missing |
|---|---|---|
| LangChain / AutoGPT | LLM agent loop | No safety gates, no audit chain, no adversarial test, no learning curve, no calibration |
| Anthropic Constitutional AI | Training-time alignment | No runtime, no continuous agent, no adversarial test in production |
| Active Inference (ActINF) | Self-prediction theory | Toy implementations, no LLM, no real environment |
| HFT Trading Bots | Real-money loop, real risk | No LLM, no audit chain, no self-modeling, no adversarial test |
| AWS Bedrock Agents | Production LLM agent | No bounded learning, no audit chain, no adversarial test, no continuous loop |
| Anthropic MCP | Tool calling | No agent, no learning, no governance |
| Werner Harmonic Labs | All six pieces, assembled, running for weeks in production | — |
The Safe Agent Runtime ran in production for two periods through March and April 2026, generating ~440 MB of structured runtime data. The runtime is currently archived; the recovered modules and runtime ledgers are available for forensic review under NDA. Re-deployment is on the engagement-pathway track — pilots welcome.
Engagement profile: regulated-industry deployers needing a complete safe-agent reference implementation. Defense, fintech, healthcare AI, AI-liability insurers, regulators auditing other vendors' AI systems.
The runtime is not a SaaS subscription. It's a substrate. Engagements are scoped to the buyer — forensic walkthrough, custom integration, or full source-shared sovereign reference.
The runtime was scoped against the real adversarial-test, audit, and reference-implementation programs run by these organizations and frameworks.
Forensic demos, pilot conversations, and acquirer briefings under NDA. The Safe Agent Runtime is the single best argument for what's possible in safe-LLM-agent deployment. Tell us what you'd want to evaluate.