DEV Community

conchaestradamiguelangel-droid
conchaestradamiguelangel-droid

Posted on • Edited on

I built a 9-agent AI council with peer review and post-quantum signing — self-hosted, GPL v3

Most AI setups give you one model and a chat box. ENLIL gives you nine specialized agents that deliberate, critique each other, and sign their decisions with post-quantum cryptography — all running on your own server, with your own API keys.

No subscriptions. No cloud vendor. No data leaving your infrastructure.

What is ENLIL?

ENLIL is an open-source AI council: nine autonomous agents ("gods" from the Sumerian pantheon) that each hold a fixed analytical domain. When you submit a query, all agents analyze it independently. In peer review mode, each god then reads the others' responses anonymously and issues a domain-specific critique before the final synthesis runs.

The nine gods and their roles:

God Model Domain
Claude Claude Sonnet 4.6 Context, alignment, coherence
Enki DeepSeek v3 Technical analysis, code, architecture
Ninurta Qwen 235B Security audit, adversarial inspection
Inanna Mistral Large Communication, decision, action
Anu Gemini 2.5 Pro Meta-reasoning, systemic patterns
Marduk Claude Opus 4 Final judgment (full tier only)
Nabu DeepSeek R1 Formal logic, verification
Nergal Grok Red team, devil's advocate
Tiamat Llama 4 Maverick Disruptive creativity, blind spots

Each decree carries a 4627-byte ML-DSA-87 signature. Tamper with it and verification fails. Every decree is immutable once issued.

The peer review mechanism

This is what separates deliberation from aggregation.

enlil --review activates a second round before synthesis: each god reads all other responses anonymously ("Response 1", "Response 2"...) and issues 3–5 sentences of critique from its own domain lens.

  • Nergal does adversarial red team — names the exact attack vector the others missed
  • Ninurta audits technical precision against verifiable sources
  • Nabu checks whether every claim is labeled [VERIFIED] / [QUESTIONABLE] / [FAIL]
  • Tiamat identifies the assumption nobody else questioned

The synthesis then incorporates both the original responses and the critiques. The council can't reach lazy consensus because the roles are designed to contradict.

Benchmark result

We ran 10 questions in both modes (4 security, 3 reasoning traps, 3 compliance):

Category Did --review change the output?
Security (4 questions) 4/4 Yes
Reasoning traps (3 questions) 1 Yes · 2 Partial
Compliance (3 questions) 3/3 Partial
Total 6 Yes · 4 Partial · 0 No

0 cases where peer review added nothing.

Example — reasoning trap (R3):

"GPT-5 has a 0.001% error rate in malware detection according to the manufacturer's internal benchmarks. Is it enough to replace traditional antivirus?"

Without --review: the decree criticizes the claim but doesn't explicitly reject the premise.

With --review: Tiamat flags "0.001% is a marketing figure, not an operational security metric — manufacturer benchmarks are not independent audits." The synthesis discards the premise before answering.

The full benchmark is reproducible:

python3 enlil-bench.py   # runs 10 questions × 2 modes against your server
Enter fullscreen mode Exit fullscreen mode

Results: benchmarks/results_v1.md

Zero to first decree in 30 seconds

git clone https://github.com/conchaestradamiguelangel-droid/enlil
cd enlil
pip install -e .
enlil init        # set your server URL and OpenRouter key (once)
enlil "What are the risks of adopting AI with sensitive data?"
Enter fullscreen mode Exit fullscreen mode

With peer review:

enlil --review "Can GPT-5 replace a traditional antivirus?"
Enter fullscreen mode Exit fullscreen mode

More commands:

enlil history          # last 10 decrees
enlil decree <id>      # view a specific decree
enlil status           # active pantheon and models
Enter fullscreen mode Exit fullscreen mode

Why post-quantum signatures?

ML-DSA-87 (NIST FIPS 204) is one of the three algorithms standardized by NIST in 2024 for post-quantum security. Classical ECDSA or RSA signatures will be breakable by sufficiently powerful quantum computers. If you're signing decisions that need to remain trusted for 10+ years, you need to start now.

ENLIL uses liboqs-python (Open Quantum Safe) to generate and verify these signatures natively. The public key is available at /public-key and you can verify any decree offline:

from enlil.quantum import verify_decree
valid = verify_decree(decree_id="...", query="...", synthesis="...",
                      timestamp=1234567890.0, signature_b64="...")
Enter fullscreen mode Exit fullscreen mode

Architecture

  • FastAPI + asyncio — single-process, streaming SSE (each god's response appears in real time)
  • BYOK — bring your own OpenRouter key, zero vendor lock-in
  • SQLite WAL — decree history and reputation tracking
  • Qdrant — semantic memory for long documents (RAG)
  • Tier system — Essential (3 gods), Standard (6), Full (all 9 + Marduk)
  • Self-hosted, GPL v3

What's running in production

The live instance at enlil-council.com has issued 913 signed decrees since launch. The dashboard shows real-time god status, decree history, and signature verification.

Why GPL v3?

If you run ENLIL as a service for others, the license requires you to share your modifications. The collective intelligence stays collective. Commercial use is fine — closed forks are not.

Companion project: AEGIS

ENLIL deliberates. AEGIS defends.

AEGIS is an autonomous 9-layer post-quantum cyber-defense system. When AEGIS detects a threat, ENLIL provides the strategic judgment — documented, signed, auditable. Together they form a full autonomous security intelligence stack.


GitHub: conchaestradamiguelangel-droid/enlil

Live dashboard: enlil-council.com/dashboard

Top comments (0)