Control plane for Logos. Manages the module lifecycle across logos-workspace: snapshots submodule state, verifies modules load in a sandbox, detects available upgrades, generates proposals as patches, and gates activation through a governance layer.
Built on Agentix, a safety-first agent control layer for NixOS. λ OS extends Agentix with Logos-specific primitives: module verification via logoscore/logos_host, policy enforcement for the Logos module system, and a governance pipeline that scales from human approval to lez-multisig to LEZ programs.
Runs as a daemon on NixOS. Sends Telegram alerts. Rolls back failed modules automatically.
Recorded live on a NixOS machine running the daemon against a real logos-workspace with 55 submodules.
- Daemon runs as a systemd service, survives reboots
- Source snapshot of 55 submodules in <1 second
- Module verification via
logos_hostin sandbox (tested with capability_module, package_manager, package_downloader) - Self-healing: auto-rollback on module regression between cycles
- Upgrade detection: compares local pins against remote master
- Dependency-ordered proposal generation (leaves first via topological sort of
flake.nix) - Human governance: approve/reject/apply via CLI
- Telegram notifications on health checks, proposals, rollbacks
- Desktop notifications via
notify-send - Tamper-evident audit chain with
sha256CID linking - Policy enforcement: RLN, forbidden flake overrides, submodule drift, signed metadata (with stub keys)
- Health dashboard with uptime stats and event timeline
- 200 unit tests, 19 integration tests
logos-workspacemaster doesn't build. Requires thebump-gazillion-thingsbranch (PR #60)logos-liblogosandlogos-logoscore-clineedautoPatchelfHookremoved (PRs #125, #23)logoscoreCLI doesn't build due to the sameautoPatchelfHookissue — usinglogos_hostas the verification backend instead
- lez-multisig governance — interface exists, falls back to human. Needs a running LEZ instance to connect to
- LEZ program governance — interface exists, falls back to human. Needs LEZ program deployment tools
- Codex audit publishing — local hash chain works, sidecar file generated. Needs a Codex node to publish to
- Auto-apply after governance approval — deliberate: currently requires manual
git apply. Could be automated but the safety contract says activation is external - Web dashboard — CLI only right now. Terminal
watchworks for live display - C++ Qt plugin — skeleton compiles against
logos-cpp-sdk, MOC runs, but not yet loading inlogoscorenatively
- Audit verification via Codex (fetch by CID, replay, verify)
- Policy as a LEZ program (provable refusal)
- Cross-node governance (shared multisig across operators)
- Mix-layer coordination between nodes
The daemon (agentix-daemon) runs a loop every N seconds:
- Snapshot — captures all 55 submodule SHAs, tracked diffs, untracked file hashes
- Verify — loads each module via
logos_hostwithLOGOS_USER_DIRredirected to a temp dir - Self-heal — compares module health against previous cycle; if a module regressed, rolls back to the last known good commit
- Policy — checks workspace against configurable rules (RLN for messaging modules, forbidden flake overrides, submodule drift)
- Detect upgrades — compares local submodule SHAs against
origin/master - Order by dependency — parses
flake.nixfollows declarations, proposes leaves first - Generate proposals — creates a git worktree per upgrade, pins the submodule, saves the diff as a
.patch - Submit to governance — proposals wait in a queue until approved
- Notify — Telegram message with cycle summary
- Audit — appends JSONL event with full context
Proposals are never applied automatically. A human (or in the future, a lez-multisig) reviews and applies.
imports = [ ./path/to/lambda-os/nixos/agentix-logos.nix ];
services.agentix-logos = {
enable = true;
workspacePath = "/home/user/projects/logos-workspace";
user = "user";
checkIntervalSec = 300;
telegramToken = "your-bot-token";
telegramChatId = "your-chat-id";
};nixos-rebuild switch starts the daemon. It survives reboots.
LOGOS_WORKSPACE=~/projects/logos-workspace agentix-daemon# Node status
agentix-logos dashboard --path <workspace>
# Source integrity
agentix-logos snapshot --path <workspace>
# Module verification
agentix-logos verify-logoscore --workspace <ws> \
--modules capability_module \
--call "capability_module.load()" \
--backend auto
# Policy
agentix-logos policy-check --path <workspace>
# Dependency graph
agentix-logos upgrade-plan --path <workspace>
# Governance
agentix-logos governance status --path <workspace>
agentix-logos governance list --path <workspace> --state pending
agentix-logos governance approve <proposal-id> --path <workspace>
agentix-logos governance reject <proposal-id> --reason "..." --path <workspace>
agentix-logos governance apply <proposal-id> --path <workspace>
# Audit trail
agentix-logos audit tail --path <workspace> --lines 20
agentix-logos audit verify --path <workspace>
agentix-logos audit chain --path <workspace># Install
git clone https://github.com/Beach-Bum/lambda-os.git
cd lambda-os
uv tool install --editable .
# You also need the Agentix base CLI
git clone https://github.com/Beach-Bum/Agentix.git
cd Agentix && uv tool install --editable .
# Clone logos-workspace
git clone --recurse-submodules git@github.com:logos-co/logos-workspace.git ~/projects/logos-workspace
# Build (first time ~20-40 min)
cd ~/projects/logos-workspace
export PATH="$PWD/scripts:$PATH"
ws build logos-basecamp
# Install policy
mkdir -p .agentix
cp /path/to/lambda-os/examples/policy.json .agentix/policy.json
# Run integration test
cd /path/to/lambda-os
./scripts/integration-test.sh ~/projects/logos-workspace
# Start the daemon
LOGOS_WORKSPACE=~/projects/logos-workspace agentix-daemonlogos-workspace master has build issues. Use the bump-gazillion-things branch. autoPatchelfHook in logos-liblogos and logos-logoscore-cli segfaults with pyelftools 0.32 — remove the hook from nix/bin.nix. PRs filed:
Three backends, same interface:
| Backend | Status | Description |
|---|---|---|
| Human | Working | Proposals saved to .agentix/proposals/. Approved via CLI. |
| lez-multisig | Stubbed | N-of-M signatures. Falls back to human. |
| LEZ program | Stubbed | On-chain policy. Falls back to human. |
If a module was healthy last cycle and fails this cycle, the daemon:
- Finds the last good commit from audit trail / git reflog
- Creates a worktree, reverse-pins the module, applies the patch
- Sends a Telegram alert
- Logs the rollback to the audit trail
No human intervention.
Events appended to .agentix/audit.jsonl. Each line linked to the previous via sha256 CID. audit verify checks integrity. audit chain builds a sidecar for Codex.
agentix_logos/
daemon.py — main loop
selfheal.py — auto-rollback
depgraph.py — dependency ordering from flake.nix
dashboard.py — health history and stats
proposals.py — proposal generation
governance.py — approval pipeline
notify.py — Telegram + desktop alerts
verify_logoscore.py — sandbox verification
workspace.py — snapshot and drift detection
policy.py — rule enforcement
audit.py — event writer
audit_chain.py — hash chain
cli.py — CLI commands
modules.py — module registry
keys.py — ed25519 signing
lez.py — LEZ program tracking
mix.py — Mix node config
profiles.py — basecamp profiles
nixos/ — NixOS systemd service
tests/ — 200 tests
scripts/ — integration test + demo
uv run pytest -q # 200 tests
uv run mypy agentix_logos/ # 0 errors
ruff check . # 0 issuesMIT