Most AI setups give you one model and a chat box. ENLIL gives you nine specialized agents that deliberate, critique each other, and sign their decisions with post-quantum cryptography — all running on your own server, with your own API keys.
No subscriptions. No cloud vendor. No data leaving your infrastructure.
What is ENLIL?
ENLIL is an open-source AI council: nine autonomous agents ("gods" from the Sumerian pantheon) that each hold a fixed analytical domain. When you submit a query, all agents analyze it independently. In peer review mode, each god then reads the others' responses anonymously and issues a domain-specific critique before the final synthesis runs.
The nine gods and their roles:
| God | Model | Domain |
|---|---|---|
| Claude | Claude Sonnet 4.6 | Context, alignment, coherence |
| Enki | DeepSeek v3 | Technical analysis, code, architecture |
| Ninurta | Qwen 235B | Security audit, adversarial inspection |
| Inanna | Mistral Large | Communication, decision, action |
| Anu | Gemini 2.5 Pro | Meta-reasoning, systemic patterns |
| Marduk | Claude Opus 4 | Final judgment (full tier only) |
| Nabu | DeepSeek R1 | Formal logic, verification |
| Nergal | Grok | Red team, devil's advocate |
| Tiamat | Llama 4 Maverick | Disruptive creativity, blind spots |
Each decree carries a 4627-byte ML-DSA-87 signature. Tamper with it and verification fails. Every decree is immutable once issued.
The peer review mechanism
This is what separates deliberation from aggregation.
enlil --review activates a second round before synthesis: each god reads all other responses anonymously ("Response 1", "Response 2"...) and issues 3–5 sentences of critique from its own domain lens.
- Nergal does adversarial red team — names the exact attack vector the others missed
- Ninurta audits technical precision against verifiable sources
- Nabu checks whether every claim is labeled [VERIFIED] / [QUESTIONABLE] / [FAIL]
- Tiamat identifies the assumption nobody else questioned
The synthesis then incorporates both the original responses and the critiques. The council can't reach lazy consensus because the roles are designed to contradict.
Benchmark result
We ran 10 questions in both modes (4 security, 3 reasoning traps, 3 compliance):
| Category | Did --review change the output? |
|---|---|
| Security (4 questions) | 4/4 Yes |
| Reasoning traps (3 questions) | 1 Yes · 2 Partial |
| Compliance (3 questions) | 3/3 Partial |
| Total | 6 Yes · 4 Partial · 0 No |
0 cases where peer review added nothing.
Example — reasoning trap (R3):
"GPT-5 has a 0.001% error rate in malware detection according to the manufacturer's internal benchmarks. Is it enough to replace traditional antivirus?"
Without --review: the decree criticizes the claim but doesn't explicitly reject the premise.
With --review: Tiamat flags "0.001% is a marketing figure, not an operational security metric — manufacturer benchmarks are not independent audits." The synthesis discards the premise before answering.
The full benchmark is reproducible:
python3 enlil-bench.py # runs 10 questions × 2 modes against your server
Results: benchmarks/results_v1.md
Zero to first decree in 30 seconds
git clone https://github.com/conchaestradamiguelangel-droid/enlil
cd enlil
pip install -e .
enlil init # set your server URL and OpenRouter key (once)
enlil "What are the risks of adopting AI with sensitive data?"
With peer review:
enlil --review "Can GPT-5 replace a traditional antivirus?"
More commands:
enlil history # last 10 decrees
enlil decree <id> # view a specific decree
enlil status # active pantheon and models
Why post-quantum signatures?
ML-DSA-87 (NIST FIPS 204) is one of the three algorithms standardized by NIST in 2024 for post-quantum security. Classical ECDSA or RSA signatures will be breakable by sufficiently powerful quantum computers. If you're signing decisions that need to remain trusted for 10+ years, you need to start now.
ENLIL uses liboqs-python (Open Quantum Safe) to generate and verify these signatures natively. The public key is available at /public-key and you can verify any decree offline:
from enlil.quantum import verify_decree
valid = verify_decree(decree_id="...", query="...", synthesis="...",
timestamp=1234567890.0, signature_b64="...")
Architecture
- FastAPI + asyncio — single-process, streaming SSE (each god's response appears in real time)
- BYOK — bring your own OpenRouter key, zero vendor lock-in
- SQLite WAL — decree history and reputation tracking
- Qdrant — semantic memory for long documents (RAG)
- Tier system — Essential (3 gods), Standard (6), Full (all 9 + Marduk)
- Self-hosted, GPL v3
What's running in production
The live instance at enlil-council.com has issued 913 signed decrees since launch. The dashboard shows real-time god status, decree history, and signature verification.
Why GPL v3?
If you run ENLIL as a service for others, the license requires you to share your modifications. The collective intelligence stays collective. Commercial use is fine — closed forks are not.
Companion project: AEGIS
ENLIL deliberates. AEGIS defends.
AEGIS is an autonomous 9-layer post-quantum cyber-defense system. When AEGIS detects a threat, ENLIL provides the strategic judgment — documented, signed, auditable. Together they form a full autonomous security intelligence stack.
GitHub: conchaestradamiguelangel-droid/enlil
Live dashboard: enlil-council.com/dashboard
Top comments (0)