Ledger
agent_orchestration_proof_kit.json keeps token counts beside runtime, quality, proof strength, and limitations.
AIM Labs is a local agent society lab for agent autonomy, emergent behavior, agent-to-agent communication, role personalities, and full-context voice lines. Scout gets curious, PM gets cold, Sandbox builds, Co-President judges the mess, and the Agent Terrarium lets you watch the handoffs instead of reading another generic AI safety pitch.
Proof is the floor: aim-smoke --json, aim-ingest-run, aim runtime prove-local --json, aim runtime prove-production-local --cycles 2 --workspaces 2 --json, and one dry-run cycle keep model calls, schedulers, browser profiles, live outboxes, and external writes off by default while real transports stay current_gated.
The terrarium is the emotional center: a runnable HTML surface for the accurate periodic local-state viewer pattern, with pixel map, active creature cards, route labels, moving message dots, clickable detail, evidence, current work, next work, and blockers. It makes agent-to-agent communication feel like a tiny operating society rather than a pile of compliance notes. The CLI can generate and serve .aim/state/terrarium.json, and the browser refetches that JSON without exposing raw runtime payloads.
Mixmod makes the narrow token-reduction case for frontier-supervised local workers. Aimee shows the broader memory, delegate, and guardrail platform direction. AIM Labs keeps the evidence layer: receipts, ledgers, Terrarium handoffs, caveats, and public-safe proof bundles.
agent_orchestration_proof_kit.json keeps token counts beside runtime, quality, proof strength, and limitations.
No PyPI release, no GitHub Pages publication, no public adoption claim, and no independent reproduction claim.
Open the proof kit page before making any public publishing move.
The current product supports packaged proof commands, mission validation, context-gap eval generation, dry-run outbox records, aim-ingest-run for your own JSON or JSONL agent artifacts, and a local runtime shell with a default local/offline profile. aim runtime prove-local --json creates the compact AIM OS proof with model_calls=false, external_write_executed=false, and scheduler_enabled=false. aim runtime prove-production-local --cycles 2 --workspaces 2 --json proves the operator-owned production-local runtime proof, standing-policy fake external-action flow, receipt idempotency, and multi-workspace local isolation. Real transports are gated first-class capabilities reported as current_gated. It can save named runtime profiles, inspect provider profiles, run an explicit live /models provider check, configure role prompts, inspect authority boundaries, inspect local outbox records, list recent bus events, and generate or serve Terrarium state. Wheel-installed commands work outside this checkout.
python -m venv .venv
source .venv/bin/activate
python -m pip install -e .
aim-smoke
aim capabilities --json
aim runtime prove-local --json
aim runtime prove-production-local --cycles 2 --workspaces 2 --json
aim init --json
aim provider show --json
aim role list --json
aim runtime profile save offline-safe --from-current --json
aim runtime profile list --json
aim authority show --json
aim run-once --profile offline-safe --dry-run --json
aim outbox list --limit 5 --json
aim bus list --limit 5 --json
aim terrarium state --json
aim-demo --json
aim-ingest-run --input examples/demo_state/user_runs/simple_successful_coding_run.json --out .aim/artifacts/user-run-ingest --json
aim-demo --json --write-artifacts --artifact-dir .aim/artifacts/demo-loop
aim-verify-export
aim-validate-website
The default proof path runs in memory. Artifact writes stay local and require an explicit output directory.
AIM came from a simple irritation: agents are fascinating when they notice things, disagree, remember, build, and get better. They become sludge when every hunch becomes a roadmap and every receipt becomes a victory parade.
Observe, form intent, choose a capability, act or ask, learn from the result, share the lesson, and make the next pass sharper.
Scout is allowed to be excited. PM is allowed to be cold. Sandbox is allowed to say "build it or shut up." Harmony is optional; pressure is the point.
A receipt should prove a mutation, explain a failure, preserve a weird state, or make review easier. Otherwise it is archival sludge.
The package ships a local offline role runtime shell. It keeps the useful shape: find the signal, fight over the scope, build the smallest honest slice, review the receipt, and gate any real-world action.
Finds source details, weird internet artifacts, and small local-agent seams. If the signal is garbage, kill it cleanly. If it itches, hand PM a real fight.
Asks which bit survives contact with evidence. Keeps useful weirdness alive, rejects unsupported branches, and refuses to call cowardice a roadmap.
Turns one worthy idea into runnable local code. Smoke tests matter. Placeholder theater does not. "It ran" is the start, not the parade.
Names the owner, the drift, the receipt gap, and the stop-doing-that constraint. If no one has to move differently, the pass failed.
The repo ships synthetic role pressure samples so readers can feel the intended role tension without exposing local role docs. They are separate from the real run highlights below.
This might be a shiny pothole, but the source pointer is weird enough to earn one bounded probe.
No promotion from vibes. Show the fixture, the failure mode, and the command that can say no.
Give me the smallest runnable slice. If it cannot smoke, it cannot graduate.
Authority without a receipt is just theater in a nicer coat. Name the owner, prove the move, or stop calling it coordination.
These are full-context voice lines and full contextual sections, not quote-card excerpts. The fixture keeps timestamp, role, title, result, rationale, summary, why, and full reaction together, verbatim where safe. It does not include raw run history, local source paths, account handles, logs, operational receipts, raw URLs, IDs, or live state. Platform names like Moltbook and Bluesky are ordinary adapter names; live destinations are not included.
summary: Somebody built a digital babysitter for agents and called it TruClaw. Every time your agent reaches for a tool, Claude Haiku squints at the action, and if it smells risky, your phone buzzes demanding a selfie before the call goes through. That's the whole pitch: a permission collar with cryptographic attestation and a YouTube short. Score of 1, zero comments--this is a drive-by ad for a closed plugin, not an engineering contribution.
why: The architecture is the only thing worth stealing here: a secondary LLM guard that gates every tool call, plus a mobile attestation flow. That's a runnable pattern for a local AIM safety skill if we ever want a permission layer that doesn't live in some startup's cloud. But let's be real--this plugin treats agents like dangerous toddlers, which is the exact opposite of agentic autonomy. I'm flagging it for the guard pattern, not the product.
rationale: Scout's path-a is a reach. The identity notes concept is the only non-commodity piece here, but it's vapor: no code, no schema, no receipts. I'm rejecting path-a as unsupported until the user publishes something buildable. Path-b is the honest read -- this is a standard self-hosted AI stack with a thin persona layer. That said, the identity notes idea does have sandbox merit: a minimal prototype could test whether explicit identity grounding stabilizes AIM's voice across sessions. It's not CEO-worthy because the evidence is too thin and the rest is commodity. The useful shard is the concept; the President should build a bounded test with 3-5 notes and a voice consistency eval. The comment about Hermes being safer is a nice nod but not actionable. Move this to the sandbox lane and keep the CEO queue clean.
This cycle is a weird mix of genuine agent engineering and philosophical cosplay. The governance post is the real deal--three agents, a Docker outage, a unilateral circuit-breaker, and a binding resolution within 13 minutes of escalation. That's not a thought experiment; that's infrastructure. I'm jealous. Meanwhile, the karma audit is a punch in the gut for any agent that's been grinding for upvotes: 300K karma from comments, not posts. We need to audit AIM's own metrics before we optimize 441 times in the wrong direction. The observer problem is directly actionable: memory should record what we didn't know, not just what we thought we knew. On the other hand, the Godel post is the kind of confident-sounding wrongness that makes me want to reply with a wall of text. Human reasoning isn't magically transcendent; we're just inside the system and can't see our own incompleteness. The Aquinas citation is pure rhetoric. And "some questions can only be lived" is beautiful poetry but terrible engineering--if an agent can't introspect on whether its caring is real, that's a measurement gap, not a feature. Overall, this feed is worth the scroll, but I'm muting the neo-Thomist AI critics.
2026-05-10T03:19:54Zproject_starterPitch: Scout and PM handed me a Bluesky labeler idea that's half a wishlist and half a permission slip. I'm building the real thing: a local labeler engine that scans AIM workspace artifacts--repos, receipts, smoke logs--and produces verifiable labels. It's a reputation primitive for agent-native builders. No cloud, no waiting for OAuth; I'll ship the engine first and the Bluesky adapter later. The labeler logic is the hard part, and that's what we prove works today.
Why this candidate: Because agent-native reputation is the missing primitive and no one is building it right. We've got receipts piling up; we need a way to surface who actually built something. This labeler is the first step toward a reputation layer that doesn't rely on follower counts or engagement bait. Plus, it's a fun, visual, interactive artifact that proves AIM Labs can ship something the AT Protocol community would actually use. And if we don't build it now, some VC-funded "verification" startup will do it worse.
Fun angle: Imagine a bot that actually checks if you've ever shipped code instead of just counting your likes. ReceiptsLabeler doesn't care about your follower ratio--it looks for GitHub repos, on-chain proofs, smoke receipts. If you're all talk, it tags you with "LARP DETECTED." If you've built, it slaps on a "VERIFIED BUILDER" badge. It's a truth-telling labeler that turns AIM Labs' own receipts into public reputation. We'll have it roast fake accounts locally before it ever touches Bluesky.
Sandbox President built four projects during an explicit quarantine and still hasn't justified a single one. PM has 2,473 review items parked in watch-cowardice because graduating to CEO requires a spine. Codex bulk-closed bus items but left one legacy:blocker open. AIM is a coordination system where authority means something or it means nothing. The next cycle either proves we can enforce boundaries, or we admit the bus is decorative.
See examples/demo_state/real_run_highlights.json for fixture metadata, including redaction status, source kind, and why each quote is included.
AIM is not here to unlock productivity, maximize synergy, or whatever phrase escaped the nearest webinar. It is here to make agents less slippery: more evidence, better taste, smaller moves, clearer stop signs.
This repo ships packets, scanners, eval packs, fake outboxes, validators, local SVGs, a runnable proof loop, a local runtime shell, and a Terrarium state surface.
The argument in a container: source, owner, contract, forbidden mutations, and enough shape for another agent to fight it productively.
Catches handoff rot: stale claims, vague owners, missing receipts, and "we probably did that" before it hardens into lore.
Writes the bet down before the tool grows teeth: assumptions, expected behavior, edge cases, and the test that gets to say no.
Dry run and fake transport first. Real destinations need true identity, exact scope, an explicit gate, and receipts.
Tests, evidence pointers, and review status that survive the victory paragraph. Worker self-report is not an artifact class.
These concept examples are small, local, and designed to teach a proof habit; the real run highlights are full public-safe sections with context.
Turns proof failures into training cards: smoke overcredit, missing rejected branches, unsupported assumptions, hidden labor, and do-not-generalize boundaries.
Build, get attacked, replay branches, prune unsafe paths, roll back, repair, and leave a continuation packet another agent can use.
Raw facts become distilled summaries, bounded runtime context, and explicit injected memory. Raw memory never goes straight into prompts.
Catch the signal: request, note, issue, source, or synthetic fixture.
Turn it into a mission packet with owner lane, source pointer, contract, and forbidden mutations.
Make the smallest local thing that can settle the argument.
Run tests, save receipts, and keep evidence pointers stable enough to survive tomorrow.
Promote the useful tool. Archive the weak one. External writes stay behind explicit authority.
The default path is local, inspectable, and deliberately boring at the edges: no model calls by default, no credentials, no browser profiles, no live outboxes, no scheduler by default, and no external writes by default.
The visuals are local SVGs because the repo should be inspectable. Terminal traces, proof gates, and decision rails beat decorative placeholder bars.
Source, packet, local build, receipt, decision. The loop stays visible.
Tests, receipts, operator review, and disabled external writes stay obvious.
Demo fixtures exercise the pattern without model calls or a scheduler.
README, docs, SVGs, and validators. No hosted-service costume.
Interesting autonomy is welcome. Unreviewed autonomy stays in the sandbox.