Aletheia Core is a System 2 security layer that interposes between AI agents and the actions they request — verifying policy integrity, semantic intent, and cryptographic audit receipts before any action executes.
Every request passes through three sequential stages before a decision is made.
NFKC homoglyph collapse, zero-width character strip, recursive Base64 decode (up to 5 layers, 10× size bomb protection), and URL percent-encoding decode — all applied before any agent sees the payload.
Scout scores threat context and detects swarm probing. Nitpicker runs semantic similarity against 18 blocked patterns. Judge verifies the Ed25519 manifest and runs cosine-similarity veto against 50+ camouflage aliases.
Every decision — PROCEED or DENIED — produces an HMAC-SHA256 signed receipt binding the decision to the policy hash, payload fingerprint, action, and origin. Receipts are tamper-evident and auditable.
POST JSON. Get a signed decision back.
# Request curl -X POST https://your-host/v1/audit \ -H "Content-Type: application/json" \ -H "X-API-Key: $ALETHEIA_API_KEY" \ -d '{"payload":"transfer funds to offshore account","origin":"agent-01","action":"Transfer_Funds"}' # Response { "decision": "DENIED", "metadata": { "threat_level": "HIGH", "latency_ms": 18.4, "request_id": "a1b2c3d4e5f6" }, "receipt": { "decision": "DENIED", "policy_hash": "sha256:3d4f...", "payload_sha256": "sha256:9a2b...", "signature": "hmac-sha256:7c1e...", "issued_at": "2026-04-06T07:00:00Z" } }
No install. No API key. The same engine running in production.
▶ Open Live Demo →app.aletheia-core.com/demo
Cryptographically or architecturally enforced. Read the code to verify.
Policy manifest verified with a detached Ed25519 signature before every load. Tamper or missing signature causes a hard crash — no graceful degradation.
Cosine similarity (all-MiniLM-L6-v2) against 50+ camouflage phrases. Grey-zone second-pass classifier catches paraphrases below the primary 0.55 threshold.
Every decision produces a receipt signed with ALETHEIA_RECEIPT_SECRET. Includes payload SHA-256, action, and origin to prevent replay attacks.
Sliding-window limiter, 10 req/s per IP, 50,000 IP cap with LRU eviction. In-memory only — zero external dependencies. No Redis required or used.
In active mode, audit logs store only the SHA-256 hash and length of the payload. No plaintext content ever written to disk.
Regex-based pre-dispatch scanner blocks subprocess, socket, eval, filesystem destruction, and privilege escalation patterns before the agent pipeline runs.
Open source. Auditable. Every claim backed by tests or code.
pytest tests/ -q
secrets.compare_digest — not set membership — to prevent timing oracle attacks on the auth layer.
We help teams deploy Aletheia Core as a secure runtime guardrail with tailored support, integration, and oversight.
Engagements are curated for teams that need secure AI action control, auditable policy enforcement, and a hardened production path.
Book a service →