OMNIS KEY
Download
A vintage mechanical typewriter.

System Protocol 01

OMNISKEY

One key. Every engine.

A governed runtime for local, receipt-backed intelligence. Every model and tool call passes the gate; every action earns a hash-chained receipt. Secure, local, and architectural.

Download for Mac
$ pip install --upgrade omnis-key==0.1.4

Core · Gate

BIFROST
Deterministic

Decision Path

ZERO LLM

Ledger

HASH-CHAINED

MCP Host

GOVERNED

Distribution

SIGNED · NOTARIZED

// How every action is governed

The gate is the product.

Nothing executes on a vibe. A request enters, the deterministic gate rules on it, only then does a tool run — and every decision is sealed into a hash-chained ledger you can re-run to the same verdict.

INTENT

model / tool request

BIFROST

deterministic gate · the brake

TOOL

VANTAGE · CADMUS · MCP

VELLUM

signed receipt

LUNA

hash-chained ledger

// What makes it different

Not a chatbot.
A governed runtime.

01

The brake

Mutating or destructive actions are refused before they run, against per-agent policy. A compromised or drifting agent can't quietly take an unsanctioned action.

02

Hash-chained receipts

Every action is enveloped (VELLUM) and hash-chained into the LUNA ledger. Same input → same verdict → same hash. Compliance can re-run and verify any decision after the fact.

03

Governed MCP host NEW

Connects to MCP servers and runs every tool call through the gate first — read-only calls clear, destructive calls are braked before they reach the server.

04

Air-gapped lockdown

omnis --lockdown refuses every cloud model lane at the adapter call site — not a status flag. The deterministic workbench runs fully offline.

05

The engines

VANTAGE (code audit), CADMUS (intent → buildable spec), PROSPECTOR (software-estate discovery), LUNA (persistent, receipt-backed memory). One key, every engine.

06

Signed & notarized

The Mac app is signed with a JourdanLabs Developer ID and notarized by Apple — opens with a normal double-click. The Python wheel ships through the standard supply chain.

// Governed MCP, verified

Every MCP call,
through the gate.

OMNIS KEY speaks the Model Context Protocol as a host — and gates it. Proven by a hermetic test over the real protocol: a read-only tool clears and runs; a destructive tool is refused before it ever reaches the server. Same call, same hash.

APPROVED · EXECUTED
echo read-only

Brake clears → tool runs → result released → hashed into the ledger.

REJECTED · BRAKED
wipe_workspace destructive

Brake refuses before execution → the tool never runs → the refusal is still ledgered.

// Get running

Two ways in.

omnis starts a private server on 127.0.0.1 and opens the workbench in your browser; data and the ledger live under ~/.omnis/.

Python · pip

$ pip install --upgrade omnis-key==0.1.4

$ omnis              # full workbench
$ omnis --lockdown   # air-gapped: no cloud lanes
$ omnis --no-agents  # deterministic tools only

Requires Node.js ≥ 18 on your PATH. The wheel bundles the OMNIS engine; Node runs it locally.

macOS · app

# Signed Developer ID + Apple-notarized.
# Opens with a normal double-click.
# macOS 13+ · Node.js ≥ 18.
Download OMNIS for Mac ↓

SHA-256 checksum ↗

We don't ship what we can't prove. Every governance claim here is a real, re-runnable artifact — same input, same verdict, same hash, every run.

See the live proofs →