DEV Community

Alexander Zuber-Jatzke
Alexander Zuber-Jatzke

Posted on

I built an AI that predicts its own collapse

1. It predicts its own collapse

This is the part I'm proudest of and least certain about, so let's lead with
it.

NEOTH keeps an internal event stream (every tool call, model request, agent
dispatch, fallback, retry). A background observer scores every rolling window
of that stream with seven variables — coupling between tools and agents,
semantic convergence pressure, resource/context pressure, agent density,
throughput headroom, and two "buffer" variables for diversity and fallback
redundancy. Amplifiers over buffers gives a collapse score.

When the score crosses a threshold, you get a warning. The failure definitions
(agent loop, retry storm, context-limit failure, semantic degradation, …) are
deterministic functions of the event stream, and they're pre-registered
frozen before data collection, so this isn't hindsight curve-fitting. The
predictor even self-calibrates: it tunes its threshold against its own hits and
misses and reports a Brier score, so the accuracy claim is measurable instead
of asserted.

neoth babel status     # threshold, calibration, latest scores
neoth babel windows    # the actual measurements, window by window
Enter fullscreen mode Exit fullscreen mode

The model behind it comes from an open research framework called
delta-kosmologie, which
asks a genuinely falsifiable question: can one scalar family predict collapse
across very different complex systems? NEOTH is its first production instrument.
If you opt in (it's off by default, consent- and autonomy-gated), your instance
can federate anonymised, content-free, cryptographically-signed measurements
into a shared pool that tests the theory. If the math doesn't hold, that's a
result too — and I'd rather find out before 1.0.

2. Memory with receipts

An assistant that remembers you is only trustworthy if you can see what it
remembered and prove it wasn't quietly changed.

In NEOTH, every sensitive action — a profile write, a provider call, a channel
send, a plugin capability use — lands in an append-only, HMAC-chained
write-ahead log. The SQLite views you query are just rebuildable projections
over that log; the log is the source of truth.

neoth verify              # recompute the whole chain — tamper and it fails
neoth wal show --last 20  # every sensitive frame, in order
neoth profile pending     # nothing enters your profile without approval
Enter fullscreen mode Exit fullscreen mode

The trust anchor is a key on your disk, not a sentence in a README. That's the
difference between "we take privacy seriously" and something you can actually
falsify.

3. Fail-closed by default

The last idea is a posture, not a feature. Crossing a trust boundary — a cloud
call, extracting your profile to a cloud model, sending to a channel, raising
autonomy, a plugin using a capability — is denied by default until you
grant it once, on purpose. Both the grant and the refusal are logged.

neoth preset activate fully-local
neoth privacy audit --last 30d   # exactly what left the device — zero, locally
Enter fullscreen mode Exit fullscreen mode

For plugins specifically, this is a real sandbox: NEOTH runs WASM plugins
(wasmtime) with fuel and memory caps, and a plugin can only use the hostcalls
its manifest declared and you approved. An over-level call is refused at
runtime and written to the audit log as a 0xC7 PLUGIN_CAP_DENIED frame — never
silent.

Why Rust, and who it's for

NEOTH is a single Rust daemon. That bought me a few things that matter for this
kind of project: a WASM host with hard resource caps, a sealed typestate
PermissionToken<T> that enforces plugin capabilities at compile time, and the
general property that the audit-critical paths don't have a garbage collector or
a runtime surprising me.

It's deliberately built for two audiences at once, which is the hard bet:

  • Normal users get a GUI wizard that asks plain questions. No YAML required.
  • Operators get the CLI, local models, the WAL, policies, a plugin sandbox, n8n automation, and a private mesh over Tailscale/Hysteria.

That "both at once" goal is the single thing I most want held accountable, and
the comparison table is
honest about it: unfinished things are marked Partial or Goal, not Yes.

Try it, then try to break it

git clone https://github.com/The-Geek-Freaks/NEOTH
cd NEOTH/SRC && cargo install --path neothd
neoth doctor
Enter fullscreen mode Exit fullscreen mode

It's pre-1.0, dual-licensed MIT/Apache. The most valuable thing you can do is
run the verify-it-yourself path
and file an issue for any claim that doesn't reproduce — especially on the
collapse-prediction model, which is the part I'm least sure generalises.

Repo: https://github.com/The-Geek-Freaks/NEOTH

Top comments (0)