§ 00 /thesis issued · production · 2026

Zero-trust
AI execution.

Every verified code response from Aether is signed Ed25519, canonicalized under RFC 8785, and anchored to Sigstore's transparency log. You can verify the receipt yourself, on your machine, with one command. Non-verifiable output is not billed.

aetherproof · receipt · v1 ✓ verified · gate 5/5
request
POST /v1/chat/completions
model
claude-sonnet-4-6 · single-block python
gates
syntax · static · sandbox · schema · determinism
signed
sha256:f95a45bd…a17e022
rekor
log_index 1554376230 · sigstore.dev
billed
$0.0042 · refund_eligible: false
§ 01 /the-difference vs. cursor · copilot · vanilla llm apis

What no one else ships.

Plenty of products generate AI code. Aether is the only one that hands you a cryptographic receipt proving the code passed five execution gates — on a key you can verify against a public transparency log.

  • 01 · proof

    Post-execution attestation, not just generation.

    Ed25519 signature over a JCS-canonicalized record of the run. Microsoft AGT (Apr 2026) doesn't ship this. Cursor and Copilot don't either.

  • 02 · trust

    External anchor. Not our word.

    Receipts are written to Sigstore Rekor. Even if we vanish tomorrow, the log entry persists and verifies.

  • 03 · audit

    Built for EU AI Act, SOC2, MiFID II evidence.

    Every billable inference produces a portable artifact. Auditors don't need our cooperation to verify them.

  • 04 · refund

    Failed gates → refunded automatically.

    If ATLAS can't verify a response (multi-block, non-Python, syntax fail), you don't pay. No tickets, no disputes.

§ 02 /how-it-works request → atlas → receipt

Five gates. One signature.

Every request hits ATLAS, a five-gate verifier. If a gate fails, HYDRA-Heal calls a second LLM provider in parallel. If both fail, the response is rejected and refunded.

gate 01syntax

Parse

AST round-trip. No syntactically broken code leaves the gate.

gate 02static

Analyze

Static analysis for known-bad patterns, unsafe imports, traversal.

gate 03sandbox

Execute

nsjail-isolated run with strict syscall filter. No network, no FS escape.

gate 04schema

Validate

Output schema match. Pydantic strict, extra="forbid". No silent drift.

gate 05determinism

Repeat

Re-run same input. Outputs must match. Non-determinism = reject.

Pass → signed receipt returned alongside response.
Fail → 503 fail-closed · refund automatic · Asklepios paged.
§ 03 /the-suite five services · one trust chain

One trust chain. Five services.

Each service exists to enforce a different boundary in the AI execution lifecycle. Same signing key. Same audit surface. Different domain.

A
commercial · code execution

AetherCode

OpenAI-compatible coding proxy. Every verified Python response is gated, signed by the AetherProof key, refundable.

api.aetherlang.online/v1/chat/completions
P
open · verifier

AetherProof

Ed25519 signer + RFC 8785 JCS + Sigstore Rekor anchor. Verifier is open-source; install with pip and check any AetherCode receipt offline.

pip install aetherproof-verify
N
open · governance dsl

NOUS

Formally-verified language for governed AI agents. EU AI Act Annex IV dossier generation. Independent trust root — NOUS manifests sign under their own key; auditors do not need to trust AetherCode's operator.

pip install nous-lang · nous-lang.org
S
internal · gateway

AetherShield

State-transition gateway for autonomous agents. Each transition is receipt-bound and drift-monitored. Not a customer-facing product.

internal · loopback only
K
internal · monitor

Asklepios

Fail-closed monitor backing the AetherCode SLA. Catches silent regressions, triggers refunds, pages the operator before users notice.

internal · runs ahead of customer path
two roots · one company

Independent trust roots

AetherCode signs under f95a45bd…a17e022. NOUS signs under 01f22210…0bc0790. By design — auditors of one product never need to trust the operator of the other.

keys.aetherlang.online · nous-lang.org/keys
§ 04 /what-is-verified honest scope · 2026.06

What's verified. What isn't.

Verification is a strong claim. We restrict it to outputs we can prove. Everything outside that scope is refunded automatically — no support ticket required.

Verified · billed

  • Single-block Python responses passing all 5 ATLAS gates
  • Outputs with deterministic re-runs across HYDRA-Heal hedging
  • Responses with attached Ed25519 receipt and Rekor log entry
  • Schema-matching outputs against the request contract

Not verified · not billed

  • Multi-block code, mixed-language, or prose-with-snippets
  • Non-Python languages (Rust, Go, TS roadmap)
  • Streaming responses (breaks verify-then-return semantics)
  • Built-in tool calls passed through (web_search, computer_use)
Important. A receipt proves an execution happened under those constraints at that hash. It does not prove the constraints remain admissible downstream. Admissibility is continuous, not point-in-time — design accordingly.
§ 05 /who-buys regulated · evidence-bound · time-sensitive

Built for buyers who need evidence, not vibes.

If your auditor has ever asked "prove the AI did what you say it did," this is for you.

Regulated · 01

EU AI Act compliance teams

Annex IV technical documentation requires retained evidence of system behavior. Receipts are portable, signed, and time-stamped.

→ Aug 2026 activation
Financial · 02

Trading & quant firms

Code that touches order routing or pricing must be reproducible under audit. Determinism gate + receipt = reproducibility proof.

→ MiFID II §16, MAR
Clinical · 03

Healthcare & medical AI

Generated analysis pipelines need traceability. Each pipeline run signs its own provenance receipt.

→ HIPAA, EU MDR
Security · 04

Security researchers

Run code from untrusted models inside the sandbox. Inspect receipts. Refute or confirm gate behavior independently.

→ open verification
Platform · 05

Internal AI platform teams

Need to give your engineers AI codegen without your CISO blocking it. Receipts close the trust gap.

→ enterprise pilot
Public sector · 06

Government & public-sector procurement

Procurement criteria increasingly require attestable behavior. Aether ships the artifact the RFP asks for.

→ tender-ready
§ 06 /aethercode-pricing rapidapi · usd · monthly

AetherCode pricing.

Three tiers, all served through RapidAPI. NOUS and the AetherProof verifier are free open-source tools — pricing below covers the gated execution API only.

Pro
$29/mo
  • requests5,000 / mo
  • rate limit60 / min
  • overage+$0.020 / req
  • bandwidth10 GB / mo
  • receipts✓ ed25519 + rekor
  • supportemail · 48h
Subscribe on RapidAPI →
Ultra
$99/mo
  • requests25,000 / mo
  • rate limit300 / min
  • overage+$0.015 / req
  • bandwidth10 GB / mo
  • receipts✓ ed25519 + rekor
  • supportemail · 24h
Subscribe on RapidAPI →
Mega
$299/mo
  • requests100,000 / mo
  • rate limit1,000 / min
  • overage+$0.010 / req
  • bandwidth10 GB / mo
  • receipts✓ ed25519 + rekor
  • supportemail · 12h
Subscribe on RapidAPI →
Need more than 100k req/mo, on-prem JWKS, or shared-Slack support? Talk to us about Enterprise → Billing handled by RapidAPI. EU VAT applied automatically.
§ 07 /verify-yourself no server-side cooperation required

Don't trust us. Verify.

The whole point of cryptographic attestation is that you shouldn't have to trust the issuer. Install our open verifier, fetch our public key from the JWKS endpoint, and check any receipt against the Sigstore log. We do not need to be online for this to work.

# install the open verifier
$ pip install aetherproof-verify

# verify a receipt you received from any aether endpoint
$ aetherproof verify receipt.json \
    --jwks https://keys.aetherlang.online \
    --rekor https://rekor.sigstore.dev

✓ signature valid     ed25519 · f95a45bd…a17e022
✓ jcs canonical      rfc 8785
✓ rekor anchored     log_index 1554376230
✓ gates passed       5/5 atlas
✓ receipt admissible at signing time
Signing key fingerprint
sha256:f95a45bdc15db8f6ef61fa853366e860726aefe16474e943ebe79b132a17e022

Ed25519. Rotation will be announced 90 days ahead and logged to Rekor.

JWKS endpoint
https://keys.aetherlang.online

Static origin, Cloudflare-fronted, immutable per revision. No origin server required for verification.

Canonicalization
RFC 8785 · JCS

Receipts are JSON Canonicalized before signing. Bit-identical reproduction across implementations.

Transparency log
Sigstore Rekor · public

Every receipt's signature is anchored to Sigstore. We can't quietly invalidate the past.

§ 08 /access beta · invitation · 2026

If you need a receipt, you need Aether.

Three tiers on RapidAPI. Subscribe in two clicks, receive your API key immediately, start signing receipts. Enterprise terms by email.