Metronisys AI Agent Architecture - Local Build
A local multi-agent solution was developed and deployed to showcase Human-First Governed AI Agents.
This page outlines the core building blocks and AI design patterns utilized in the Metronisys solution. The architecture implements a dual-path execution model governed by a real-time Risk & Policy Engine, ensuring all AI actions are ISO 42001/NIST aligned.
System Architect Evaluation
Metronisys provides a clear separation of concerns: Policy → Planning → Execution → Audit. Its ability to run multiple planner formats (JSON/Markdown) while enforcing tool-level authorization makes it a robust solution for solo-operators who cannot afford to compromise on data sovereignty or regulatory compliance.
Learn how we deployed the "fully local" Metronisys Human-First Multi-Agent Solution on the Mac Mini
Agentic Flow from User Prompt
1. Core Building Blocks
Master & Sub-Agents
The Master Agent routes requests based on intent classification. Specialized Sub-Agents are spawned to execute specific tools or RAG tasks in isolated contexts.
State Management (Blackboard)
A centralized Blackboard manages shared state, metadata, and working memory. Every output is treated as a typed artifact with a full lineage kernel to prevent data contamination.
LMs and AI Models
The local models used for the deployment which power the solution.
- Main Decisoning Model: The driving force behind the solution
- Intent Decision Model: Identifies the intent the user is requesting, and coordinates the right method of execution.
- OCR Extaction Models: Several model are used here for data extraction from documents and images
- Browser Navigation Model: Supports auto-browser navigation by an agent.
Local Model Choice
To align with the Manifesto, all models were deployed as local.
Tools, Skills & Workflows
The execution layer supports both granular tool invocation and complex, pre-defined or dynamic workflows.
-
Dynamic Tool Access: On-demand invocation of skills like
web_search,serp_search, or custom RAG folder access, restricted by theget_planner_allowed_toolsfilter. -
Structured Workflows: Support for fixed logic chains such as Article Generation, Deep Research, or Ad Management using standardized templates (e.g.,
article_plan). -
Tool Registry: Centralized management of capabilities via
normalize_plan_tools_to_registry, ensuring deterministic mapping between LLM intent and Python execution.
Policy-Gated Authority
No agent calls tools directly. The PolicyEngine.authorize(ToolCall) acts as the single choke point. Constitutional guardrails (the "Soul") are immutable and cannot be bypassed by sub-agents.
Execution - Agentic Memory
The persistent storage layers and recall mechanisms that allow AgentOS to maintain continuity, learn from past interactions, and exhibit "long-term" intelligence.
- Long-Term Persona Memory (Mem0): The primary engine for persisted behavioral context. It stores "lessons" and user preferences that survive between sessions.
- Persistent Knowledge Base (RAG): Uses local Chroma vector stores to retrieve static information from curated document folders.
- Workflow Continuity (MemoryManager): Handles session snapshots and secure state storage, allowing complex human-in-the-loop workflows to pause and resume.
- Skill Maintenance Layer: A specialized persistence path that updates learned_skills.md upon project closure, distilling new capabilities from the run.
Policy-Gated Authority
Local Persistence Strategy To align with the Manifesto, all memory stores—including vector embeddings and SQLite databases—are stored locally within the {METRONISYS_AGENT_OS_ROOT} to ensure full data sovereignty.
Risk-Policy Engine
A multi-layered gatekeeper that classifies requests into Low, Medium, or High Risk, automatically applying the appropriate control profile (e.g., Regulated vs Baseline).
ISO/NIST Audit Logger
A tamper-evident JSONL pipeline that chains every event with cryptographic hashes, mapping system actions directly to ISO 42001 and NIST AI RMF controls.
Governance & Auditability
Every run generates an Append-Only JSONL Audit Manifest. To ensure integrity, events are cryptographically chained (Event Hash → Chain Hash).
| Framework | Implementation |
|---|---|
| ISO 42001 | Automated AI Artifact Trails & Risk Context policy evaluation. |
| NIST AI RMF | PII pseudonymization and Human-in-the-loop (HITL) checkpoints. |
| ISO 27001 | Encrypted-at-rest workflow checkpoints and Scoped IAM for agents. |
2. AI Design Patterns Used
A. Strategic Orchestration (ReAct & Supervisor)
The system utilizes a Hybrid Orchestration approach to balance flexibility with durability:
- ReAct (Reasoning + Acting): Implemented in
react_runner.py, this pattern uses a Thought → Action → Observation loop. It features Mission Reinjection every N steps to prevent context drift. - Supervisor Pattern: A durable coordinator (
supervisor.py) that manages sub-agents, validates plans, and handles Checkpointing, allowing workflows to pause for human approval and resume across restarts.
B. Advanced Execution Flow (DAG & Blackboard)
For complex multi-agent missions, the system transitions from linear steps to graph-based execution:
- DAG-Based Execution: Plans are converted into
DAGNodeswith explicit input/output keys. Thedag_executorruns ready nodes in parallel batches using a LineageKernel to track artifact provenance. - Blackboard Pattern: A structured shared state (
blackboard.py) providing Scoped Reads. Sub-agents only see the specific data keys they require, reducing prompt noise and improving security.
C. Reliability, Reflection & Guardrails
Ensuring output quality and system recovery through automated feedback loops:
- Reflection & Self-Correction: On failure, the
ReflectionAgentanalyzes node history to write "Correction Artifacts" that guide the next retry attempt. - Contract Guardrails: The
SupervisorGuardrailsvalidate agent outputs against strict contracts, checking for "echo contamination" or schema violations before committing data to the blackboard.
D. Governance & Intelligent Routing
The entry and exit points are governed by classification and capability matching:
- Intent Routing: A small-LLM classifier (Qwen 2.5) maps requests to domains (HR, Legal, etc.) and filters the Allowed Toolset before planning begins.
- Capability-Based Selection: Instead of fixed tool-maps, the
capability_resolvermatches task requirements to tool metadata, ensuring ISO 42001 compliant tool discovery. - Human-in-the-Loop (HITL): Sensitive tools trigger an
AuthorizationResultthat pauses the pipeline for manual oversight based on "Soul" or Profile constraints.
3. Safety & Human Oversight
4. Solution Communication
Agent - Human Collaboration
Agents and humans need a way to collaborate, our solution provide two priary methods - Web Portal and a Messaging App.
Web Portal
The Web Portal provides Communication, Administration & Reporting.
Signal - Secure Messaging
For messaging we decided on Signal as it provide end-to-end encryption and aligns with the Human-First strategy.
5. Feature Extensions
Capability Enhancements
The Metronisys Platform offers a number fo extended features you include as separate additions.
Image Generation
Get your AI Agents to create unique, license free images (using the popular StableDiffusion)
Your Model Speaks Your Industry
LoRA trains your AI to understand and communicate in the specific language, tone, and terminology of your industry. Simply take your reference documents (like policies, codes, or manuals) convert them into text, and create a LoRA. When you need expert-style responses, the AI loads the LoRA, ensuring answers are accurate, professionally phrased, and aligned with your field, while leaving general-purpose queries unaffected.
The Metronisys Promise
You do not need to work harder.
You do not need to sacrifice yourself to succeed.
You do not need to burn out to matter.
You need a better operating system for being human.
Harness AI to deliver a better life.
Metronisys is that system.