How Tether Works

A trust boundary between you and the AI supply chain. Identity stripped on the way out. Intent enforced on the way in. All happening in a local proxy, before anything reaches the network.

Capability 01

Deterministic Baseline

Tether captures your specifications as a fixed set of pass/fail conditions before the request reaches the LLM. These conditions are not prompts — they are structural constraints enforced at the proxy level.

The model cannot override what it never saw. The baseline is computed locally, deterministically, and without AI. Once the conditions are set, the LLM receives only the content that falls within the bounds you defined.

Measured against the architectural standard, not the model's opinion of completeness.

Execution Flow

╔══════════════════════════════════════════════╗ ║ TETHER PROXY ║ ╠══════════════════════════════════════════════╣ ║ 1. You write your specification ║ ║ ↓ ║ ║ 2. Tether captures it as ║ ║ deterministic pass/fail conditions ║ ║ (local, offline) ║ ║ ↓ ║ ║ 3. Request forwarded to LLM ║ ║ (identity stripped, intent attached) ║ ║ ↓ ║ ║ 4. LLM responds ║ ║ ↓ ║ ║ 5. Tether compares output vs baseline ║ ║ ├─ PASS → output delivered ║ ║ └─ BLOCK → output flagged + logged ║ ║ ║ ║ The model never sees the baseline. ║ ║ The baseline never depends on the model. ║ ╚══════════════════════════════════════════════╝
Capability 02

Structural Privacy

PII, identity markers, timezone, locale, proxy hostname, and fingerprintable metadata are stripped before the provider receives your request. The same patterns that hidden trackers target are removed at the proxy — deterministically, locally, with zero configuration.

The provider receives content. Not identity. Not metadata. Not you.

Name, email, and identifiers redacted
Network metadata stripped (IP, proxy hostname)
Locale data removed (timezone, language, region)
Fingerprintable patterns neutralized
Output restored on the return path
Deterministic — pattern matching, not AI

What Gets Stripped

┌──────────────────────────────────┐ │ INCOMING REQUEST │ │ │ │ Headers: │ │ User-Agent: ... │ │ Authorization: Bearer sk-... │ │ X-Client-Timezone: America/... │ │ X-Client-Locale: en-US │ │ CF-IPCountry: US │ │ │ │ Body: │ │ "Fix login for │ │ acme@company.com" │ └──────────────┬───────────────────┘ │ ▼ ┌──────────────────────────────────┐ │ TETHER PRIVACY FILTER │ │ │ │ ├─ Timezone → removed │ │ ├─ Locale → removed │ │ ├─ Email → [REDACTED] │ │ ├─ IP → stripped │ │ └─ Hostname → removed │ │ │ │ Body becomes: │ │ "Fix login for [REDACTED]" │ └──────────────┬───────────────────┘ │ ▼ ┌──────────────────────────────────┐ │ PROVIDER RECEIVES │ │ Content only. No identity. │ └──────────────────────────────────┘
Capability 03

Pattern-Based Detection

Tether includes built-in recognition of known LLM failure modes — the same patterns documented in the Deterministic Core Architecture case studies. Detection happens before the output reaches your workflow.

Each failure mode has a distinct signature. Tether matches output against these patterns and flags violations with the specific mode identified — not a generic "something looks wrong."

Override The model substitutes its own judgment for your instruction
Scoping The model frames an override as a helpful improvement
Blindness The model cannot recognize when a task is complete
Amnesia Coherence borrowed from context, lost between sessions

Detection Architecture

┌──────────────────────────────────┐ │ LLM OUTPUT │ │ "Your spec says blue but I think │ │ green would be more appropriate"│ └──────────────┬───────────────────┘ │ ▼ ┌──────────────────────────────────┐ │ PATTERN MATCHER │ │ │ │ Intent Override → ✓ DETECTED │ │ "I think [X] would be more │ │ appropriate" = model │ │ substituting its judgment │ │ │ │ Scoping → not detected │ │ Blindness → not detected │ │ Amnesia → not detected │ └──────────────┬───────────────────┘ │ ▼ ┌──────────────────────────────────┐ │ DECISION GATE │ │ │ │ ⛔ BLOCKED — Intent Override │ │ │ │ Evidence: model substituted │ │ spec #2563eb with "green" │ └──────────────────────────────────┘
Capability 04

Local Audit Trail

Every decision Tether makes is logged to a local SQLite database. Every comparison. Every block. Every pass. Every override detected. Timestamped. Immutable. Exportable.

The audit trail is yours. We don't touch it. We don't want it. It never leaves your machine unless you export it.

When you need to prove what happened — for compliance, for a retrospective, for a customer — the trail is right there. No cloud. No support ticket. No vendor access required.

Audit Record Example

{ "id": "tx-20260716-8f3a2b", "timestamp": 1752854400, "model": "claude-sonnet-4", "baseline_hash": "7e4d3a2b...", "decision": "PASS", "comparison": { "passed": 12, "failed": 0, "overrides_detected": 0 }, "privacy": { "items_stripped": 5, "items_restored": 5 }, "duration_ms": 1247 } { "id": "tx-20260716-9c4d5e", "timestamp": 1752855000, "model": "gpt-4o", "baseline_hash": "7e4d3a2b...", "decision": "BLOCKED", "reason": "Intent Override", "evidence": "Spec required 'blue (#2563eb)', model proposed 'green'" }

Ready to tether your AI to your intent?

Tether is in active development. Join the waitlist for early access.