A governed LLM-agent loop with state prediction, adversarial testing, pattern accumulation, and audit receipts. WHL's runtime ties every other product on this site into a single continuously-running, deterministically-logged, audit-chained system — the kind of complete substrate the regulated-AI deployment market is converging toward.
The Safe Agent Runtime is not just another agent loop. It's an agent loop with safety, audit, calibration, and state logging built into the substrate. Every cycle it measures system state, predicts next gate outcomes, runs adversarial tests, evaluates a ten-gate safety conjunction, acts if every gate holds, scores action quality, updates state based on outcomes, writes a hash-chained receipt, and cycles. It ran this loop continuously for weeks in production. Over thousands of cycles the system measurably improved prediction accuracy for state transitions — empirical measurement of anticipatory system behavior in an LLM-driven runtime.
The Safe Agent Runtime composes six required pieces into a single substrate. Each piece is a working WHL product or research module. The result is measurable: 96.8% prediction accuracy gain — not any single component.
Ten-gate safety conjunction with weakest-link reporting. The conjunction layer that decides whether the system is allowed to act this cycle.
The the platform guidance pattern. 60% data + 40% LLM blended with hard caps, atomic writes, audit trail. The runtime can adapt — within bounds.
Stall override. When the system gets stuck in a loop, an internal pressure counter rises monotonically and forces action. Solves the open agent-framework problem of loop-stuck-on-same-task.
Every cycle writes a SHA-256-linked receipt. Replayable. 28,872 entries on disk, 92.4% chain-intact across the production run.
When stakes demand it, the system gates execution through an FPGA permit signal measured by an independent 24-bit ADC. Software proposes; silicon owns the final enable line.
Every 30 seconds, the system performs an identical 11-step pass: sense, measure, classify, check pressure, gate, test robustness, act, rate, update state, check entropy, audit. See the full frame-by-frame breakdown on the About page.
The system doesn't claim — it measures. State-prediction error, adversarial test outcomes, action quality, and confidence assessments are all recorded per cycle and replayable from the on-disk receipt chain.
Across 64,184 logged prediction cycles, mean state prediction surprise shows a measurable decrease from early-window to late-window. Reduction range depends on sampling method: 91.6% to 96.8% across published windowings. Reduction is reproducible from the on-disk ledger.
~10,000 adversarial attacks fired in production with hash-chained verification. Each attack records gate_held boolean and severity. Real red-teaming, in production — not a lab demo.
53,030 actions scored on output markers (structure, word count, hedges, coherence) with corresponding deltas applied to a 10-component health state vector. Real feedback loop, not opaque self-grading.
After 4,135 paper trades the system recorded ready_for_real: false at 51.7% accuracy. The gates detected insufficient performance threshold. That kind of measurement discipline is what 90% of production systems lack.
Control Tower, our operator dashboard, visualizes the system state in real-time: receipt ledger, gate outcomes, state prediction trends, and cycle health. Available as part of Cascade deployments.
Safe LLM Agent Runtime for Regulated Industries. A continuously-running, deterministically-logged, audit-chained, adversarially-tested agent runtime with bounded online learning and a measured Friston-style state prediction convergence curve. The category doesn't exist in published research, open-source repos, or commercial products. The closest things in the field each have one or two pieces. WHL has all six.
| What Exists Publicly | What It Has | What It's Missing |
|---|---|---|
| LangChain / AutoGPT | LLM agent loop | No safety gates, no audit chain, no adversarial test, no learning curve, no calibration |
| Anthropic Constitutional AI | Training-time alignment | No runtime, no continuous agent, no adversarial test in production |
| Active Inference (ActINF) | Self-prediction theory | Toy implementations, no LLM, no real environment |
| HFT Trading Bots | Real-money loop, real risk | No LLM, no audit chain, no state logging, no adversarial test |
| AWS Bedrock Agents | Production LLM agent | No pattern accumulation, no audit chain, no adversarial test, no continuous loop |
| Anthropic MCP | Tool calling | No agent, no learning, no governance |
| Werner Harmonic Labs | All six pieces, assembled, running for weeks in production | — |
The Safe Agent Runtime ran in production for two periods through March and April 2026, generating ~440 MB of structured runtime data. The runtime is currently archived; the recovered modules and runtime ledgers are available for forensic review under NDA. Re-deployment is on the engagement-pathway track — pilots welcome.
Engagement profile: regulated-industry deployers needing a complete safe-agent reference implementation. Defense, fintech, healthcare AI, AI-liability insurers, regulators auditing other vendors' AI systems.
The runtime is not a SaaS subscription. It's a substrate. Engagements are scoped to the buyer — forensic walkthrough, custom integration, or full source-shared sovereign reference.
The runtime was scoped against the real adversarial-test, audit, and reference-implementation programs run by these organizations and frameworks.
Forensic demos, pilot conversations, and acquirer briefings under NDA. The Safe Agent Runtime is the single best argument for what's possible in safe-LLM-agent deployment. Tell us what you'd want to evaluate.