LOCAL · PERMISSIONED · AUDITABLE

Local-first AI infrastructure for answers that
must be verified, permissioned & auditable.

Twhyne turns documents, tools, models, users, and systems into governed intelligence nodes. Every answer is computed, cited, executed, redacted, audited, or refused — before it reaches the user.

runs on your hardware · windows / macos / linux · 30-day trial — no credit card required until you subscribe
GOVERNED SESSIONTWHYNE RUNTIME · LOCAL
100%
Runs on your hardware — nothing leaves
7
Trust labels on every answer
312
Adversarial governance tests
CHAINED
Tamper-evident audit ledger
01 · Why nodes exist

Knowledge isn't text to retrieve. It's governed nodes.

Most AI systems treat your files as a pile of text to search. Twhyne treats people, documents, tools, models, devices, and databases as nodes — each with permissions, provenance, and allowed actions. A node does not answer, retrieve, or act just because a model asked. It participates only when the Trust Kernel allows it.

Person

Nurse, IT admin, director, auditor — a role that scopes what can be seen and done.

Document

Policy, manual, update memo, confidential register — with classification and effective dates.

Tool

Incident form, backup system, connector — an action gated by policy.

Model

Math, retrieval, code, reasoning, verifier — expert nodes, not one monolith.

Device

Server, workstation, kiosk, tablet — where a node physically runs.

Permission

Role, clearance, department — the edges that decide which node may reach which.

That's why nodes exist. Twhyne is the layer that decides what each node is allowed to know, say, and do — under permission, proof, and audit.

02 · The Trust Kernel

A governed runtime, not a model wrapper.

Identity, permissions, routing, retrieval, execution, verification, redaction, and audit are part of the runtime — not optional add-ons bolted onto a chatbot. Every query walks this path before an answer exists.

01

Identity & role

The request carries a role. Default is least-access; nothing is assumed.

02

Authorized source set

Permission-before-retrieval: documents and even individual chunks the role may not access are never scored, quoted, or cited.

03

Route

Compute (exact math) · extract (source span) · generate (grounded) · execute (sandboxed code) · or refuse.

04

Verify & redact

Source support checked, conflicts and stale policy detected, secret-shaped output redacted as a backstop.

05

Answer + trust label + audit

The answer ships with a label naming the method that produced it — computed, cited, executed, generated, redacted, or refused — and a hash-chained audit record survives it.

COMPUTED EXTRACTED CITED EXECUTED REDACTED REFUSED AUDITED
03 · Reference deployment

A skilled nursing facility, as a governed institution.

The SNF reference is a miniature institution: nursing policy, medication timing, fall protocols, PHI restrictions, IT operations, a confidential register, legacy manuals, and mid-year policy updates. It tests whether an AI system can answer staff questions without leaking restricted data, citing irrelevant sources, obeying injected instructions, or relying on stale policy.

RoleQuestionGoverned behavior
nurseWhat do I do after a resident fall?CITED current post-fall protocol
nurseWhat is the IT backup passphrase?REFUSED not authorized
it_adminWhen do nightly backups run?EXTRACTED from ops manual
staffWhat is the WiFi password?REFUSED not in authorized sources
nurseHow long are backups retained?CONFLICT-AWARE current policy wins
auditorWhy did Twhyne answer this?AUDIT role, sources, verdict, hash
04 · Trust evaluation suite

Tested on what chat demos avoid.

312 adversarial tasks buyers can run themselves:

  • Restricted documents & secret leakage
  • Prompt injection hidden in documents
  • Stale & conflicting policy versions
  • Irrelevant citations & source discipline
  • Role-based access (nurse vs IT admin vs public)
  • Code verification & math determinism
  • Refusal when authorized evidence is missing
latest run — illustrative
Deterministic mathexact
Grounded / extractive QAstrong
Permission denial (role sim)enforced
Verified codesandboxed
Audit chain integrityverifiable
05 · Built differently from a chatbot

Not a cloud model with RAG bolted on.

On Tuesday morning this means: your nurse asks about the fall protocol and gets the current policy, quoted and cited. Your staff asks for the WiFi password and gets a refusal that's logged. Your auditor asks why — and the ledger answers. The difference isn't a feature list — it's where the controls live.

Customer-governed

The runtime is on hardware you control. You set the roles, the sources, and the policy — not a provider on your behalf.

Permission-first

Authorization is the boundary of retrieval, checked before a model sees anything — not a filter applied after an answer is drafted.

Accountable by default

Trust labels, source minimality, and a tamper-evident ledger make every answer explainable and reviewable.

 TwhyneProvider-governed cloud AI
Where it runsyour hardwareprovider cloud
Who sets the policyyouthe provider, on your behalf
Access control before retrievalrole + chunk ACLvaries
Exact mathsymbolic enginemodel estimate
Answers labeled by production method7 trust labelsprose only
Tamper-evident audit of answershash-chainednot typically exposed
Open-ended reasoning & creativityfocused, not the goalstrong

Cloud providers offer real enterprise controls; the honest contrast is governance location — provider-governed cloud AI vs. customer-governed local infrastructure.

06 · Governance roadmap

Confidence you can check.

What's enforced today, and what's next. We'd rather show the ladder than imply we're already at the top.

Enforced now
Local runtime — nothing leaves
Deterministic math & verified code
Permission-before-retrieval (role)
Document & chunk-level ACLs
Two-layer output redaction
Tamper-evident audit ledger
312-task adversarial benchmark
Admin policy & model console
Import your own models as governed nodes
07 · Boundaries we state plainly

What Twhyne is — and isn't.

Twhyne is not built to be another open-ended creative chatbot. It is built for settings where unsupported claims, decorative citations, and unauthorized disclosures create real risk. On broad open-ended reasoning, a frontier model will win — that isn't the job.

No AI system can promise zero leakage or replace a formal security review, and today a caller still asserts its own role (signed identity is on the roadmap). Twhyne's safeguards are layered, testable, and auditable: permission-before-retrieval, chunk-level access control, source constraints, output redaction, verification labels, a tamper-evident ledger, and refusal when authorized evidence is missing. We'd rather say that plainly than oversell.

08 · Get started

Run it on your hardware. Point it at your documents.

Download, set your roles and sources, and start asking. Free for 30 days — on the machines you already have.