MAYROS — Your AI Agent, Everywhere

The world's first semantic agent framework with verifiable intelligence.

MAYROS is a personal AI agent that runs on your devices, answers on your messaging channels, and proves what it knows. Built on AIngle's cryptographic semantic layer, MAYROS doesn't just generate text — it stores, reasons over, and cryptographically proves facts. It is the natural evolution of AI assistants: from black-box chatbots to accountable, multi-device, multi-channel intelligent agents.

Why MAYROS Exists

Every AI assistant today has the same fundamental problem: you can't verify what it knows.

ChatGPT tells you something. You trust it — or you don't. There's no proof, no audit trail, no way to verify that Fact A was derived from Evidence B using Rule C. When AI agents start making real-world decisions — approving transactions, verifying identities, managing infrastructure — "trust me" isn't good enough.

MAYROS solves this with Proof-of-Logic: every fact your agent stores is a cryptographically signed RDF triple in a semantic knowledge graph. Every inference is a verifiable derivation chain. Every sensitive value can be committed and proven in zero knowledge. Your agent doesn't just say things — it proves them.

The Architecture

                         You
                          |
          +-----------+---+---+-----------+
          |           |       |           |
       WhatsApp   Telegram  Slack     Discord    ... 20+ channels
          |           |       |           |
          +-----+-----+-------+-----+-----+
                |                     |
         MAYROS Gateway (Node.js)    AIngle Cortex (Rust)
         WebSocket + HTTP            REST / GraphQL / SPARQL
         Agent Engine                RDF Triple Store
         Tool Registry               Rule Engine
         Plugin System               ZK Proofs
         Session Manager             Neural Memory (STM/LTM)
                |                     |
    +-----------+-----------+---------+---------+
    |           |           |         |         |
  macOS       iOS        Android    Docker    IoT Nodes
  (native)   (native)   (native)   (server)  (aingle_minimal)

MAYROS is a gateway + node architecture. One machine runs the gateway — the brain. Every other device connects as a node, exposing its capabilities (camera, GPS, screen, sensors) to the agent. Messages flow in from any channel, the agent processes them with full tool access, and responses flow back — all in real time.

Runs Everywhere

20+ Messaging Channels

Your agent lives where you already communicate. No new app to install for your users:

Every channel is a first-class plugin. Adding a new channel is implementing one interface. Messages from all channels converge in a single agent session — start a conversation on Telegram, continue it on Slack, approve an action from your Apple Watch.

Native Apps

Server Deployment

IoT / Edge

The IoT Bridge extension connects MAYROS agents to AIngle Minimal edge nodes — lightweight Rust binaries running on embedded hardware. Agents can:

• Query sensor data from a fleet of up to 50 IoT nodes
• Publish structured observations (temperature, humidity, motion, etc.)
• Manage fleet health with per-node circuit breakers and background polling
• Content-address all sensor readings in a DAG store

20+ AI Providers

MAYROS supports the widest range of AI providers of any self-hosted agent framework:

Auth profile rotation: Configure multiple API keys per provider. MAYROS round-robins across them with cooldown-aware failover — if one key hits rate limits, the next one picks up instantly.

Model failover: If Claude is down, fall back to Gemini. If Gemini is down, fall back to a local Ollama model. Configurable fallback chains with automatic recovery.

The Semantic Layer: AIngle

What makes MAYROS fundamentally different from every other AI agent framework is AIngle — a purpose-built Rust semantic computation engine that runs as a sidecar to the gateway.

RDF Knowledge Graph (aingle_graph)

Every fact your agent learns is stored as an (Subject, Predicate, Object) triple with rich metadata:

• Content-addressed: Every triple has a BLAKE3 hash ID. The same fact always has the same ID — globally deduplicated by construction
• Provenance tracking: Who asserted this fact, when, with what confidence, and is it cryptographically signed?
• Triple indexing: SPO, POS, and OSP indexes enable O(log n) queries on any axis
• W3C standard: Import/export Turtle and N-Triples. Query with SPARQL 1.1. Interoperate with any semantic web toolchain
• Storage backends: In-memory, Sled (embedded ACID), RocksDB (high-throughput), SQLite

sparqlCopy
SELECT ?agent ?capability ?confidence WHERE {
  ?agent mayros:hasCapability ?capability .
  ?agent mayros:confidence ?confidence .
  FILTER (?confidence > 0.8)
}

Proof-of-Logic Engine (aingle_logic)

Goes beyond signature verification. The rule engine validates the logical consistency of knowledge:

• Forward chaining: Data-driven inference to fixpoint — derive all possible facts from rules
• Backward chaining: Goal-driven Prolog-style reasoning with proof trees
• Rule types: Integrity constraints, authority rules, temporal constraints, inference rules
• Verifiable derivations: Every inferred fact comes with a ProofStep chain showing exactly which rules and base facts produced it

Rule: "If agent has KYC level >= 2 AND is in approved jurisdiction,
       THEN agent is verified for financial operations"

Result: {
  proven: true,
  proof: [
    { rule: "kyc-level-check",  triple: "agent:alice kyc:level 3" },
    { rule: "jurisdiction-check", triple: "agent:alice geo:jurisdiction US" },
    { rule: "financial-verify",  triple: "agent:alice fin:verified true" }
  ]
}

This is Proof-of-Logic — not just "this was signed" but "this was derived from these rules applied to these verified facts."

Zero-Knowledge Proofs (aingle_zk)

Privacy-preserving cryptography on Curve25519/Ristretto with 128-bit security:

Batch verification: 4x speedup for Schnorr proofs using random linear combination. Verify hundreds of proofs in the time it takes to verify a few dozen individually.

Cognitive Memory (titans_memory)

Inspired by human episodic vs. semantic memory:

• Short-Term Memory (STM): Fast, bounded, attention-weighted with decay. Important facts float to the top; irrelevant ones fade
• Long-Term Memory (LTM): Persistent knowledge graph with entities, typed links, and semantic embeddings for meaning-based recall
• Automatic Consolidation: Importance-scored, similarity-aware transfer from STM to LTM. Your agent doesn't forget — it prioritizes
• Two modes: agent_mode (full capacity for desktop/server) and iot_mode (minimal footprint for edge devices)

AIngle Cortex — The API Surface

Everything above is exposed through one sidecar process with three API surfaces:

• REST API (/api/v1/) — triples CRUD, pattern queries, proof validation, memory operations, skill verification, reputation scoring
• GraphQL (/graphql) — full schema with queries, mutations, and live subscriptions for real-time triple changes
• SPARQL (/sparql) — W3C SPARQL 1.1 compliant endpoint for standard semantic web queries
• WebSocket events — real-time notifications: TripleAdded, TripleDeleted, ValidationCompleted

Cortex includes JWT-based RBAC authentication, IP-based rate limiting, namespace-scoped multi-tenancy, and a tamper-evident JSONL audit log.

The Agent Engine

Multi-Agent Mesh

MAYROS agents don't work alone. The Agent Mesh extension enables:

• Knowledge sharing: Agents push and pull RDF triples across namespaces with ACL enforcement
• Delegation: Parent agents spawn child agents with semantic context — relevant triples and memories are automatically injected
• Knowledge fusion: Merge namespaces using 5 strategies: additive, replace, conflict-flag, newest-wins, majority-wins (voting across multiple agents)
• Conflict detection: Identify contradicting facts between agent namespaces before merging
• Namespace ACL: Read/write/admin access grants stored as content-addressed RDF triples — the ACL itself is tamper-evident

Tool System

50+ built-in tools organized into policy groups:

Tool profiles: minimal, coding, messaging, full — configure exactly what each agent can do.

Exec approval system: Shell commands require human approval before execution. Safe binaries are allowlisted; everything else pops up a native dialog (macOS) or notification (mobile) for the user to approve or deny.

24 Plugin Lifecycle Hooks

Deep integration points at every stage of the message-to-response pipeline:

message_received → before_model_resolve → before_prompt_build → llm_input →
llm_output → before_tool_call → after_tool_call → message_sending → message_sent

Plus: session_start/end, agent_end, subagent_spawning/spawned/ended, before_compaction, gateway_start/stop, and more. Every hook can inspect, modify, or cancel the operation.

Proactive Agent (Heartbeat)

MAYROS agents don't just respond — they act proactively:

• Scheduled tasks: Cron-style heartbeat runner with configurable active hours
• Monitoring: Agents can watch APIs, check sensors, and alert you before you ask
• Ghost reminders: Background prompts that trigger agent actions without user initiation

The Skill Revolution

Semantic Skills

MAYROS skills go beyond simple tool wrappers. A semantic skill:

1. Declares capabilities in a structured YAML frontmatter: what graph operations it needs, what proofs it can request, what memory it accesses
2. Runs verified: Every install passes a 4-stage verification pipeline
3. Proves its work: Assertions are stored as RDF triples with optional Proof-of-Logic and ZK proofs
4. Respects boundaries: Per-skill tool allowlists, query limits, and namespace isolation

yamlCopy
# SKILL.md frontmatter
name: verify-kyc
type: semantic
semantic:
  permissions:
    graph: [read, write]
    proofs: [request, verify]
  assertions:
    - predicate: "kyc:verified"
      requireProof: true
  queries:
    - predicate: "kyc:level"
      scope: agent

5-Stage Verification Pipeline

No skill touches your agent without passing all five gates:

Verify-then-promote: Skills are extracted to a temp directory, verified there, and only moved to the live directory on success. Failure leaves zero residue.

Apilium Hub Marketplace

Publish, discover, and install skills with full supply chain integrity:

• Ed25519 challenge-response auth: Cryptographic identity, not passwords
• Dependency resolution: Semver-aware topological sort with cycle detection
• Author reputation: Trust tiers computed from on-chain assertion consistency — not stars or download counts
• Lockfile pinning: skills.lock ensures deterministic reinstalls
• Hot-reload: Change a SKILL.md or skill.ts and it reloads mid-session — no restart needed

Forge CLI

Build skills in seconds:

bashCopy
mayros forge init my-skill        # Scaffold with SKILL.md + skill.ts
mayros forge test my-skill/       # Run full verification pipeline locally
mayros forge autocomplete "kyc:"  # Discover predicates from your knowledge graph
mayros forge publish my-skill/    # Sign, package, upload to Apilium Hub

Security by Design

MAYROS was built with the assumption that every component — skills, plugins, channels, even the AI model itself — is potentially adversarial.

18 Security Layers

Static Analysis Scanner

16 rules with zero tolerance for critical findings:

• Code execution: exec, spawn, eval, new Function, bracket-notation evasion (obj["exec"])
• Data exfiltration: readFile + fetch combination, process.env + HTTP
• Sandbox escape: globalThis[...] bracket access, dynamic require(), dynamic import()
• Crypto mining: stratum+tcp, coinhive, xmrig patterns
• Obfuscation: hex escape sequences, long base64 + atob/Buffer.from
• Anti-evasion: comment stripping, line-join preprocessing, nested parens tracking

Exec Approval System

Every shell command passes through human approval:

• Safe binary allowlist: git, ls, cat, etc. bypass approval
• Everything else: Native macOS dialog, mobile notification, or Apple Watch prompt
• Dangerous tool denylist: sessions_spawn, gateway, whatsapp_login blocked from HTTP API by default

Circuit Breaker Resilience

All Cortex communication uses a three-state circuit breaker (closed → open → half-open) with exponential backoff retry. When Cortex is down, the agent gracefully degrades to markdown-based memory — never crashes, never hangs.

Token Economy

Track and control AI costs at every level:

• Per-session, daily, and monthly budgets with configurable limits
• Three-tier enforcement: OK → Warn (at 80%) → Exceeded (soft-stop or hard-block)
• LRU prompt cache: SHA-256 memoization of repeated prompts (256 entries, 5-minute TTL)
• Persistence: Atomic file I/O to ~/.mayros/token-budget.json with automatic day/month rollover

bashCopy
mayros budget status              # Current spend vs. limits
mayros budget set session 2.50    # $2.50 per session cap
mayros budget set monthly 100     # $100/month cap
mayros budget cache               # Cache hit stats and estimated savings

Semantic Observability

Full tracing of agent decisions as RDF events:

• Tool calls: What was called, with what arguments, what it returned, how long it took
• LLM calls: Token counts, timing, model used, cost
• Delegations: Which subagent was spawned, why, what context was injected
• Causal chain analysis: "Why did this happen?" — trace back through the decision graph
• Prometheus metrics: Export counters and gauges to Grafana for real-time dashboards

Voice Interface

Swabble

A native Swift speech pipeline that runs entirely on-device — zero network usage for wake-word detection:

• macOS 26: SpeechAnalyzer + SpeechTranscriber from the new Speech framework
• iOS: AVAudioEngine tap → SFSpeechRecognizer pipeline
• Android: Native SpeechRecognizer with three modes (off, foreground, always-on)
• Wake word: Configurable trigger word with gap-based command extraction
• Talk mode: Full bidirectional voice conversation with the agent

Voice Calls

PSTN voice call integration supporting Telnyx, Twilio, and Plivo:

• Inbound and outbound calls
• STT via OpenAI Whisper
• TTS via OpenAI, ElevenLabs, or Edge TTS
• Optional OpenAI Realtime streaming
• Configurable inbound policies (disabled, allowlist, pairing, open)

Browser Automation

Full Playwright-powered browser control:

• Snapshot pages (accessibility tree + screenshots)
• Click, type, navigate, scroll, evaluate JavaScript
• Multiple Chrome profiles
• CDP (Chrome DevTools Protocol) for low-level access
• Sandboxed browser containers with Chromium + VNC for visual debugging
• AI-assisted visual page understanding

Why We're Different

vs. LangChain / CrewAI / AutoGen

These frameworks give tools to agents and trust the tool author. MAYROS adds:

• Verifiable facts: Every assertion is a content-addressed, cryptographically signed triple — not a string in a chat message
• Proof-of-Logic: Derivation chains that any third party can verify
• Zero-knowledge proofs: Prove facts without revealing underlying data
• 4-stage skill verification: Static scan + signature + PoL + sandbox before any code runs
• Multi-channel delivery: 20+ channels vs. API-only

vs. OpenAI Assistants / Claude Projects

Cloud-hosted AI assistants give you a chat interface. MAYROS gives you:

• Self-hosted: Your data never leaves your infrastructure
• Multi-device: Native apps on macOS, iOS, Android, Apple Watch, Docker, IoT
• Multi-provider: Switch between 20+ AI providers with one config change
• Semantic memory: RDF knowledge graph vs. flat conversation history
• Proactive agents: Heartbeat, cron, monitoring — not just request-response

vs. Home Assistant / Node-RED

IoT platforms give you device control. MAYROS gives you:

• Natural language interface: Talk to your devices through any messaging channel
• AI reasoning: Agents make decisions based on semantic context, not just rules
• Verifiable state: Sensor readings are content-addressed DAG entries, not ephemeral MQTT messages
• Cross-domain: Same agent controls IoT devices AND browses the web AND writes code AND manages your calendar

The Numbers

Getting Started

Quick Install

bashCopy
# Install MAYROS
npm install -g @apilium/mayros

# Install AIngle Cortex (semantic layer)
mayros cortex install

# Interactive setup
mayros onboard

# Start the gateway
mayros gateway

Docker

bashCopy
docker compose up -d mayros-gateway

From Source

bashCopy
git clone https://github.com/ApiliumCode/mayros
cd mayros
pnpm install && pnpm build
./mayros.mjs gateway

Configuration

Everything lives in mayros.json:

json5Copy
{
  "$schema": "./mayros.schema.json",
  "channels": {
    "telegram": { "botToken": "${TELEGRAM_BOT_TOKEN}" },
    "slack": { "botToken": "${SLACK_BOT_TOKEN}" }
  },
  "models": {
    "providers": [
      { "type": "anthropic", "apiKey": "${ANTHROPIC_API_KEY}" }
    ]
  },
  "agents": {
    "default": {
      "model": "claude-opus-4-6",
      "tools": "full",
      "skills": ["verify-kyc", "code-review"]
    }
  }
}

Open Source

MAYROS is built in the open:

• MAYROS — github.com/ApiliumCode/mayros (MIT)
• AIngle — github.com/ApiliumCode/aingle (Apache 2.0)
• Skills Hub — github.com/ApiliumCode/skills-hub

Published crates on crates.io:

• aingle_cortex — REST/GraphQL/SPARQL API
• aingle_zome_types — WASM boundary types

The Future Is Verifiable

AI is moving from "text generation" to "autonomous action." When your AI agent signs a contract, verifies an identity, manages your infrastructure, or makes a financial decision — you need more than a chat log. You need proof.

MAYROS is the only agent framework where every fact is content-addressed, every inference has a verifiable proof chain, and every sensitive value can be committed and proven in zero knowledge. This isn't a feature we bolted on — it's the foundation everything else is built on.

Your agent. Your devices. Your proof.

Built by Apilium Technologies — la era de la IA con certezas.