AXIOMA FRAMEWORK v0.4 // PRE-EXTERNAL-REVIEW

Deterministic where possible.
Governed where not.
Provable everywhere.

Axioma is a verifiable execution architecture for regulated AI systems — aerospace, medical devices, automotive, and EU AI Act scope deployments. It is a published open specification, a reference architecture, and a commercial SDK in Rust, TypeScript, and Python. The framework treats determinism as the default, governance as mechanically enforced, and audit trails as cryptographic objects rather than log files.

Read the specifications Contact

SECTION I // THE PROBLEM

Four unsolved problems in regulated AI

  1. 1. The Trust Gap

    AI systems produce outputs. Few systems can show why a particular output was produced, whether the same input will produce the same output tomorrow, or whether the output satisfies a formal requirement of the regulated environment it runs in. "It passed our tests" is not a certification argument.

  2. 2. The Audit Gap

    Regulatory bodies require audit trails. Most AI systems produce logs. Logs are not audit trails. An audit trail is cryptographically verifiable, tamper-evident, semantically typed, and independently reproducible. Few mainstream AI frameworks provide this set of properties together.

  3. 3. The Governance Gap

    AI governance frameworks exist as documents. They describe what should happen. They do not mechanically enforce that it does happen. The gap between a governance policy and a governance proof is where regulated industry AI deployments most often fail.

  4. 4. The Certification Gap

    DO-178C, IEC 62304, ISO 26262, and EU AI Act Article 9 require formal evidence of correctness. The current generation of AI architectures produces demos. Axioma is designed to produce replayable, independently verifiable evidence.

What fails without this

  • The same retrieval pipeline returns different contexts after migration.
  • Governance policies cannot be independently verified.
  • LLM decisions cannot be replayed during incident review.
  • Audit trails degrade into unverifiable logs as systems evolve.
  • Compliance evidence becomes manually assembled after deployment, not produced as a by-product of execution.

SECTION II // WHAT AXIOMA IS

Three things, simultaneously

A specification

An open, formally structured framework defining what a verifiable enterprise AI system must do, prove, and record. Language-agnostic, domain-agnostic, independently implementable. Published under AGPL-3.0-or-later.

A reference architecture

A concrete, layered architecture showing how the specification is satisfied in practice — from data ingestion through inference to monitoring and external verification. Nine production-gold repositories implement the deterministic layers today.

A commercial platform

A production SDK and toolchain implementing the reference architecture, commercially licensed for regulated industry deployment. Entry point is the Axioma Oracle Gateway — a standalone deterministic wrapper for enterprise LLM API calls, designed to support EU AI Act Article 9 compliance obligations.

SECTION III // ARCHITECTURE

Seven layers, three determinism classes

The architecture is layered top to bottom from governance to computation. Each layer declares a determinism class — D1 bit-identical replay across supported conformant platforms, D2 deterministic given a declared dependency set, D3 non-deterministic but fully evidenced. Every layer commits typed evidence to a single total-ordered ledger.

Evidence spine diagram showing seven Axioma layers connected to a central ledger Evidence spine diagram showing seven Axioma layers connected to a central ledger
The ledger is the spine. Every layer contributes; nothing escapes the chain.
  1. L7

    GOVERNANCE LAYER

    [D2]

    Proof-carrying policies; compliance reports; external anchors

    Evidence: AX:POLICY:v1, AX:PROOF:v1

  2. L6

    OBSERVABILITY LAYER

    [D1]

    Total-ordered hash-chain ledger; drift detection; cost governance

    Evidence: All types, strictly ordered chain

  3. L5

    ENTERPRISE INTEGRATION

    [D2]

    Total agent state machines; Time Oracle compliance; RAG

    Evidence: AX:TRANS:v1 per state transition

  4. L4

    KNOWLEDGE LAYER

    [D2]

    pgvector; SHA-256 doc provenance; Q16.16 RRF hybrid search

    Evidence: AX:OBS:v1 per document and retrieval

  5. L3

    INFERENCE LAYER

    • Path A — certifiable-inference [D1]
    • Path B — Oracle Boundary Gateway [D3]

    Evidence: AX:STATE:v1 (Path A), AX:OBS:v1 (Path B)

  6. L2

    DATA LAYER

    [D1]

    certifiable-data, -training, -quant; Merkle provenance

    Evidence: AX:STATE:v1, certifiable-* commitments

  7. L1

    COMPUTATION LAYER

    [D1]

    DVM-SPEC-001; libdvm (C99); Q16.16 fixed-point arithmetic

    Evidence: AX:STATE:v1, DVM commitment chain

A single oracle interaction, end to end

How the seven layers compose in practice when an agent makes one LLM call:

  1. L5 → L4 Agent state transition triggers a retrieval; documents fetched via pgvector with Q16.16 fixed-point RRF ranking; AX:OBS:v1 committed for the retrieval.
  2. L5 → L3 (Path B) Agent builds the prompt; the Oracle Boundary Gateway canonicalises the full input under RFC 8785; model identifier, version, and parameters are pinned.
  3. L3 (Path B) An AX:OBS:v1 evidence record is constructed and committed to the L6 ledger before the LLM response is consumed downstream. Cost fields are part of the canonical payload, not metadata.
  4. L3 → L5 Normalised response returns to the agent. State transition commits as AX:TRANS:v1, referencing the oracle record by hash.
  5. L7 Governance policies (e.g. "no PII in LLM inputs") evaluate over the committed evidence and emit AX:POLICY:v1 with citations. The policy result is itself an audited object.
  6. L6 + L7 Drift metrics (TV, JSD, PSI in fixed point) recompute. Daily external anchor publishes the chain head, GPG-signed.

The full sequence is replayable from the ledger and verifiable by an external party with no access to the original infrastructure.

The architecture is being extended downward with a Layer 0 — Epistemic Containment — specified in the Epistemic Security position paper (originally Zenodo, April 2026, CC BY 4.0). L0 sits orthogonally to L1–L7 and operates under the EC-D1 determinism class.

SECTION IV // THE DETERMINISM ENVELOPE

If behaviour cannot be proven, it is non-conformant.

— DVEC-001 v1.3, §0 (Governing Principle)

A naive claim that Axioma is a deterministic system is false. The Inference Layer's oracle boundary — by which LLM calls reach the system — is observably non-deterministic. The framework's stronger claim is this:

Axioma provides full auditability across deterministic and non-deterministic components by formally classifying, governing, and committing all behaviour — including non-determinism.

The three classes

D1 Strict deterministic
Bit-identical replay across platforms. The Computation, Data, and Observability layers fall here, along with certifiable-inference (Path A).
D2 Constrained deterministic
Deterministic given a complete declared dependency set. Model versions, index state, tool versions, configuration, policy versions. A D2 component is non-conformant if any input influencing its output is omitted from the declared set.
D3 Observed non-deterministic
Not replayable bit-for-bit, but fully captured and committed. The Oracle Boundary Gateway, which mediates every LLM API call, falls here.

From the DVM specification: "Turing completeness is a vulnerability. Totality is a feature." Every Axioma agent is modelled as a total state machine — every input in every state maps to a defined transition; faults are valid states, not exceptions; silent failure is prohibited.

SECTION V // EVIDENCE AND CERTIFICATION

Two certification tracks. One unified evidence package.

TRACK A

Safety-critical certification

D1 components only. LLM API calls explicitly excluded.

  • DO-178C Aerospace
  • IEC 62304 Medical devices
  • ISO 26262 Automotive

Evidence: certifiable-* Merkle provenance chains; certifiable-harness 368-byte golden references; certifiable-quant certificates (ε₀ = 2⁻¹⁷); certifiable-bench correctness-gated performance reports.

TRACK B

Enterprise governance certification

D2 and D3 components. LLM API calls governed as oracle interactions.

  • EU AI Act Art. 9 EU regulated AI
  • ISO/IEC 42001 AI management systems
  • FCA PS22/3 UK financial services AI
  • MHRA AI/ML UK medical AI guidance

Evidence: typed audit ledger; oracle call records (AX:OBS:v1); drift detection reports (TV/JSD/PSI); proof-carrying policy assertions; GPG-signed external anchors.

THE COMBINED TRACK

Track A + Track B = a unified evidence package covering both safety and governance from a single deterministic ledger. The framework is designed to align with all of the above standards as a single audit surface, rather than producing separate compliance artefacts per standard. We are aware of no existing framework that produces this combination.

SECTION VI // COMMERCIAL MODEL AND ROADMAP

An open specification, a commercial platform.

Entry product: the Axioma Oracle Gateway

A deterministic, auditable wrapper for enterprise LLM API calls, designed to support EU AI Act Article 9 compliance obligations. The Gateway's deterministic core is implemented in C99 and tested against twelve conformance suites — including cross-build identity, replay identity, canonical encoding, hash domain separation, and ordering. It applies RFC 8785 prompt canonicalisation, pins model identifier and version, rejects version drift, and commits one AX:OBS:v1 evidence record per oracle call, with cost and provider metadata inside the canonical evidence payload. Provider-side LLM integration is the remaining milestone before end-to-end use.

Open and commercial

OPEN AGPL-3.0-or-later
  • axioma-spec
  • axioma-agent
  • axioma-knowledge
  • axioma-audit
  • axioma-verify
  • certifiable-* (nine repositories, production gold)
COMMERCIAL
  • Axioma Oracle Gateway (standalone entry)
  • Axioma Platform SDK (Rust, TypeScript, Python)
  • axioma-governance (policy engine + reports)
  • libdvm (patented C99 SDK)
  • Certification evidence tooling
  • Enterprise support and SLA

Where Axioma sits

Axioma is execution infrastructure with governance built in — not a governance framework or an observability tool. The orchestration and tracking layers that exist in the market today address single segments of what Axioma covers as a single object.

LangChain / LangGraph Orchestration only
MLflow Tracking only
Weights & Biases Observability only
Pinecone stack Retrieval only
Axioma Execution + evidence + governance + audit

We are aware of no mainstream framework that combines deterministic execution, typed cryptographic evidence, mechanically enforced governance, and certification-oriented auditability within a single replayable architecture.

Build roadmap

  1. PHASE 0 · MONTHS 1–2 axioma-spec published; axioma-knowledge, agent, audit implementations; Oracle Gateway with full audit trail.
  2. PHASE 1 · MONTHS 3–4 certifiable-monitor drift detection; external anchor publication; axioma-verify replay and chain verification.
  3. PHASE 2 · MONTHS 5–7 axioma-governance proof-carrying policy engine; EU AI Act, ISO 42001, FCA PS22/3 report generators.
  4. PHASE 3 · MONTHS 8–10 certifiable-* L2-to-L3 handoff; combined Track A + Track B evidence package.
  5. PHASE 4 · MONTHS 11–12 libdvm C99 reference implementation; Axioma Platform SDK; licensing framework.

SECTION VII // PROVENANCE

What this is built on.

11,840+ test assertions. Nine production repositories. One patent. One published specification. No vapourware.

— AXIOMA-FRAMEWORK-v0.4, Appendix C

Patent
UK GB2521625.0 — Murray Deterministic Computing Platform.
Specification
AXIOMA-FRAMEWORK v0.4, published under AGPL-3.0-or-later in github.com/SpeyTech/axioma-spec. Pre-external-review, final internal audit complete. Governed by DVEC-001 v1.3.
Reference architecture
Nine production-gold repositories implementing the deterministic layers: certifiable-data, certifiable-training, certifiable-quant, certifiable-inference, certifiable-deploy, certifiable-monitor, certifiable-verify, certifiable-harness, certifiable-bench. Production-gold denotes repositories that have completed internal specification conformance, deterministic replay validation, and cross-platform identity gating.
Academic anchor
Epistemic Security: A Missing Assurance Dimension in Frontier AI Deployment (originally Zenodo, April 2026, CC BY 4.0). Introduces the Epistemic Containment Layer (L0) being extended into the framework, and the EC-D1 determinism class that reconciles epistemic containment with deterministic auditability.
Publisher
SpeyTech — the trading name of William Murray, based in the Scottish Highlands. Axioma is published as part of the SpeyTech body of work on deterministic computing for safety-critical systems.
Author
William Murray, founder of SpeyTech and visiting scholar at Heriot-Watt University.

SECTION VIII // READ MORE

Where to go next.

For SDK early access, technical correspondence, or anything else:

axioma@speysystems.com