AI News HubLIVE
In-site rewrite5 min read

Show HN: Cruxible – Open-source governed truth layer for AI agents

Cruxible is an open-source state layer that provides a typed, verifiable hard state for AI agents and human teams. It models domains with Terraform-like configuration and enforces write rules through deterministic workflows and proposal/review governance. Unlike RAG or vector memory, it enables reproducible queries, multi-hop traversals, and staleness checks, allowing agents to base decisions on accountable truth. It is designed to work with any agent framework and includes a demo for supply-chain scenarios.

SourceHacker News AIAuthor: rmalone1097

Uh oh!

There was an error while loading. Please reload this page.

Notifications You must be signed in to change notification settings

Fork 0

Star 6

BranchesTags

Open more actions menu

Folders and files

NameName

Last commit message

Last commit date

Latest commit

History

172 Commits

172 Commits

.github/workflows

.github/workflows

assets

assets

deploy

deploy

docs

docs

examples/wiki-import-demo

examples/wiki-import-demo

kits

kits

packages/cruxible-client

packages/cruxible-client

packaging/cruxible-core-stub

packaging/cruxible-core-stub

scripts

scripts

skills

skills

src/cruxible_core

src/cruxible_core

tests

tests

.gitignore

.gitignore

AGENTS.md

AGENTS.md

CHANGELOG.md

CHANGELOG.md

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

CONTRIBUTING.md

CONTRIBUTING.md

LICENSE

LICENSE

NOTICE

NOTICE

README.md

README.md

SECURITY.md

SECURITY.md

THIRD_PARTY_DATA.md

THIRD_PARTY_DATA.md

context7.json

context7.json

glama.json

glama.json

pyproject.toml

pyproject.toml

server.json

server.json

uv.lock

uv.lock

Repository files navigation

Cruxible is hard state for AI agents — a typed, verifiable state layer that teams of agents and humans operate together. Work compounds into a record of what you've determined to be true: every claim reviewed and linked to its evidence. When the expensive question arrives (which assets are exposed? what breaks downstream? is this authority still good law?), the answer is computed over established truth, not guessed from a pile of context.

You model your domain in a Terraform-like config: entity and relationship types, deterministic workflows, write rules. The runtime enforces it.

State enters deterministically. Exports and tables from real systems are pinned as artifacts and matched row by row into proposals; model judgment is injected only where your pinned domain logic can't decide.

Writes are governed. Governed relationships can only be written through a proposal flow that requires declared evidence, auto-resolves only under trust rules you set, and routes everything else to human review. Every accepted claim is attributed and carries a receipt.

The model is executable. Recurring procedures are declared workflows in the same config: previewed before they apply, locked to the exact provider code and artifacts they compile against, replayable from receipts. State accumulates as the exhaust of governed work, and the model improves iteratively: feedback and outcomes are recorded in state, and the config evolves like code.

Reads are reproducible. Same query, same state, same result, with a receipt explaining how it was derived. Queries express structure that retrieval can't: multi-hop traversals, review status, staleness against cited sources.

The core is deterministic. No LLM inside, no hidden API calls. It works with any agent or harness, points at your existing systems, and mints into state only the claims worth coordinating around.

Get Started

pip install cruxible

Model your own domain: hand your agent the authoring skills in skills/ (prepare-data → create-state → review-state) with your exports (wiki-to-state converts an existing CLAUDE.md pile or Obsidian vault), or start from Modeling State and the config template.

Or run the demo — a seeded supply-chain world, ~3 minutes, no tokens (sandbox writes attribute to a built-in operator identity):

shell 1 — local sandbox daemon

CRUXIBLE_SERVER_STATE_DIR="$HOME/.cruxible/sandbox" cruxible server start

shell 2 — kit bundles are fetched from the release and digest-verified

cruxible --server-url http://127.0.0.1:8100 init --kit agent-operation --kit supply-chain-blast-radius cruxible context connect --server-url http://127.0.0.1:8100 --instance-id

deterministic ingest: preview, then commit

cruxible run --workflow build_seed_state && cruxible apply --workflow build_seed_state --from-last-preview cruxible run --workflow ingest_incidents && cruxible apply --workflow ingest_incidents --from-last-preview

the incident feed can only PROPOSE impact edges; the judgment is yours, on the record

cruxible propose --workflow propose_incident_impacts_supplier cruxible group list --status pending_review cruxible group resolve --group --action approve \ --rationale "Confirmed against supplier geography" --expected-pending-version 1

receipted answers through the edges you just admitted

cruxible query run open_incident_impacts --json cruxible query run incident_impacted_suppliers --param incident_id=INC-TW-RAIL-2026-07 --json

When agents join, identity turns on: restart with CRUXIBLE_SERVER_AUTH=true, claim the bootstrap credential, and mint each agent its own token — every write is attributed. Details, permission tiers, and hardening: Quickstart · Runtime Auth And Agent Roles.

Why Not Markdown, RAG, Or Vector Memory?

Markdown, retrieval, and vector memory hand a model raw text, so every session it reconstructs what's true from scratch. For drafts, exploration, and one-off questions, that's fine — but for the claims that are recurring, shared, and expensive to get wrong, every fresh read re-rolls the reconstruction, and a better model reads better, but it cannot certify its own output. Cruxible's answer is to model the domain instead of engineering the context: the durable slice of what's true becomes typed, governed state, read instead of reconstructed. What changes:

Markdown · RAG · vector memory Cruxible

A claim is just text: no source, no review state Claims carry provenance and review state; evidence-gated writes refuse references that don't dereference to content-hash-verified source chunks

Anything can be edited; nothing enforces what may change Writes pass typed validation, guards, review, and lifecycle rules

Retrieval returns similar chunks; it can't follow exact links Multi-hop traversal over typed relationships, with visibility rules applied at every hop

Counts and rollups are approximate summaries Exact, repeatable counts and joins as deterministic workflow steps

Each read is fresh and can disagree with the last One accepted state: the same answer for every agent and app

Freshness is unknowable: nothing says which chunks have gone stale Claims cite dated, content-hashed sources; staleness is a queryable property, not a vibe

A correction is just more text; nothing ties it to the claim it corrects Feedback and outcomes attach to the specific claim, decision, or workflow result as typed, queryable signal

Static text that doesn't improve from use Claims mature from proposed to accepted; the ontology iterates with use

A better model reads better, but can't certify its own output Guarantees come from a deterministic layer outside the model

Markdown and retrieval remain the right tools for most text, and Cruxible itself cites markdown chunks as source evidence. Version control narrows the gap less than it seems: git reviews the diff, not the claim — nothing types what a changed line asserts or refuses an edit that drops its evidence. And nobody hand-tends this state: it accumulates as the exhaust of governed work, not as a wiki someone has to maintain. If you already have the wiki (a pile of CLAUDE.md files, a memory bank, an Obsidian vault), the wiki-to-state skill converts it: pages become pinned evidence, an agent proposes the typed claims, and you review what gets minted. The wiki survives as the source of record; the graph becomes accountable to it.

What A Governed Domain Looks Like

A minimal slice of a supply-chain ontology, as authored in a kit config:

entity_types: Supplier: properties: supplier_id: { type: string, primary_key: true } name: { type: string, indexed: true } primary_geography: { type: string, optional: true } Component: properties: component_id: { type: string, primary_key: true } name: { type: string, indexed: true } criticality: { type: string, optional: true, enum_ref: criticality } Incident: properties: incident_id: { type: string, primary_key: true } title: { type: string, indexed: true } severity: { type: string, optional: true, enum_ref: incident_severity }

relationships:

  • name: supplier_supplies_component

from: Supplier to: Component

Governed judgment: an incident materially impacts a supplier.

  • name: incident_impacts_supplier

from: Incident to: Supplier

named_queries:

Blast radius: from an incident, traverse impacted suppliers to the

components they supply.

components_exposed_by_incident: mode: traversal entry_point: Incident returns: Component traversal:

  • relationship: incident_impacts_supplier

direction: outgoing

  • relationship: supplier_supplies_component

direction: outgoing

The ontology is only part of the config: the same file declares the enum vocabularies, guards, proposal routing, workflows, and providers, so a domain's model, rules, and procedures ship together as one versioned, composable kit.

Nobody types this state in by hand: it enters through the pathways the config declares, and different state earns different treatment.

Hard facts are deterministic ingest. A BOM workflow pins the export as an artifact and matches its rows into suppliers, components, and supply edges, previewed before it commits:

cruxible run --workflow ingest_bom --input-file ./exports/bom-2026-07.csv # preview cruxible apply --workflow ingest_bom --from-last-preview # commit

incident_impacts_supplier is a judgment call, so it is governed: nothing may write it directly, not even a workflow. The incident feed's workflow records the incidents themselves as hard facts, but the impact edges it can only propose. Those candidates land in a review group, each carrying the signals and evidence that matched it:

cruxible propose --workflow propose_incident_impacts --input-file ./exports/incidents.json

The judgment itself stays with a human, or with an agent when the trust rules you declared allow it. Approval is what mints the edges into accepted state: attributed, rationale on record.

cruxible group list --status pending_review cruxible group resolve --group GRP-7f3a --action approve \ --rationale "Confirmed: fab flooding halts board shipments" \ --expected-pending-version 1 # pins the decision to the state the reviewer saw

With the facts ingested and the impact claim approved, an agent (or app) can ask for the blast radius of the incident (the components exposed through its impacted suppliers) without scanning spreadsheets or tracing the bill of materials by hand:

cruxible query run components_exposed_by_incident \ --param incident_id=INC-42 \ --json

Results come back with a receipt: the deterministic path from query parameters to traversed edges to returned rows.

{ "items": [ { "entity_type": "Component", "entity_id": "component-main-board" } ], "receipt_id": "RCP-...", "receipt": { "operation_type": "query", "query_name": "components_exposed_by_incident", "parameters": { "incident_id": "INC-42" }, "nodes": [ { "node_type": "query", "detail": { "entry_point": "Incident" } }, { "node_type": "edge_traversal", "relationship": "incident_impacts_supplier" }, { "node_type": "edge_traversal", "relationship": "supplier_supplies_component" }, { "node_type": "result", "entity_type": "Component", "entity_id": "component-main-board" } ] } }

Receipts are not logs — they are typed evidence graphs. Mutation receipts record exactly what a write changed, and governed edges carry a reference back to the receipt of the operation that created them.

This is what a pending review group looks like in the inspection UI: the signal matrix, each proposed edge with the evidence that matched it, and the provenance rail tying the proposal back to its workflow, receipts, and provider traces.

Governance

Cruxible separates writing state from accepting it. State enters one of two ways:

Write mode Use it for What happens

Direct write Ass

[truncated for AI cost control]