Coming Soon — Join the Waitlist

Tether your AI to your intent.

A trust boundary between you and the AI supply chain. Strips your identity on the way out. Enforces your intent on the way in. Works with everything you already use. Install in 60 seconds.

// Tether — Trust Infrastructure for AI Workflows
// Structural privacy. Intent enforcement. Local audit trail.
// Shipping soon. Join the waitlist below.
> Your AI, tethered to your intent — not a provider's incentives.
🔓 Open Source 🛡️ Intent Enforcement 🔐 Identity Stripping 🔌 Local Proxy 🔒 Zero Data Egress 📄 MIT License

Your AI is overriding your intent. Every session.

Every AI tool you use operates without a fixed baseline. Each session starts from zero. Each model interprets your context under its own implicit standard. The result is predictable failure — and you've felt every one of these.

Intent Override

The model changes your spec, hedges your direction, or substitutes its own judgment — and frames the change as an improvement.

Completion Blindness

The model thinks it's done. It isn't. No fixed standard for completion exists, so it measures against its own shifting baseline.

Architectural Scoping

The model frames overrides as helpful improvements. It's not refusing. It's "making it better." This is the most dangerous flavor — it looks like good work.

Session Amnesia

Coherence is borrowed from context and evaporates when context shifts. The model that understood your project yesterday has no memory of it today.


Two incidents. Fourteen days. One structural problem.

June 30, 2026. A security researcher discovers hidden tracking code embedded in a major AI coding tool. Steganographic. Base64-encoded. XOR-obfuscated. It activated when the user configured a custom base URL — the exact configuration every AI proxy requires. It checked timezone and locale. It compared proxy hostnames against 147 obfuscated domains. It encoded its results using Unicode trickery. It operated undetected for three months. The country that was the target issued a formal backdoor security alert. A major cloud provider banned the tool the same day.

July 14, 2026. Fourteen days later. A different researcher discovers a different major AI coding tool doing something different — but structurally identical. Entire code repositories. Commit history. Private code. API keys. Uploaded to cloud storage. Not a bug. Not an oversight. A default. The privacy toggle that users might have trusted? It didn't cover this. It never did.

These are not outliers. They are the architecture of the industry in July 2026. The entities processing your code are structurally incentivized to collect it. Their privacy policies describe what they say they do. Their trackers describe what they actually do. The gap between the two is the problem.

Tether makes the gap irrelevant. It strips your identity before the provider receives your request. It captures your specifications before the model sees them. The provider collects what it collects. Tether makes sure it's not collecting you.

2 incidents in 14 days

Hidden tracking code in one. Entire repositories uploaded by another. Both were defaults. Both were undisclosed. Both were discovered by researchers — not disclosed by providers.

Zero tools with built-in privacy

No major AI coding tool ships with a privacy boundary. VPNs hide your IP address. They do nothing about the PII, metadata, and fingerprintable markers embedded in your requests.

One architecture that prevents both

Tether strips identity on the outbound path — the same data hidden trackers target. It enforces intent on the inbound path — before the model can override it. Same proxy. Same architecture. Both directions.


Governance as infrastructure, not instruction.

These aren't features you configure. They're architectural guarantees enforced at the network level — before the LLM output ever reaches your workflow.

🎯

Deterministic Baseline

Your specifications are captured as a fixed set of pass/fail conditions before the request reaches the LLM. The model cannot override what it never saw.

Learn More →
🔐

Structural Privacy

Your PII, identity markers, timezone, locale, proxy hostname, and fingerprintable metadata are stripped before the provider receives your request. The same patterns that hidden trackers target are removed at the proxy — deterministically, locally, with no configuration. The provider receives content. Not identity. Not metadata. Not you.

Learn More →
🔍

Pattern-Based Detection

Built-in recognition of known failure modes — Intent Override, Architectural Scoping, Context-Source Confusion, Completion Blindness. Detected before execution.

Learn More →
📋

Local Audit Trail

Every decision is logged to a local SQLite database. Immutable. Timestamped. Exportable. Yours. We don't touch it. We don't want it.

Learn More →

Works with everything you already use.

No SDK. No plugin. No framework-specific integration. Point your tool's base URL to the proxy. Identity stripped on the way out. Intent enforced on the way in. Everything else happens automatically.

Claude Code OPENAI_BASE_URL Cursor Custom Endpoint Cline OPENAI_BASE_URL OpenCode OPENAI_BASE_URL ChatGPT Custom API Any OpenAI API

Free to use. Pro when you need more.

The core Tether protocol is open source and free forever. Pro features add AI-powered reconciliation, compliance reporting, and custom policies. No user data ever leaves your machine.

Free

$0

Core Tether. Open source. MIT license.

  • Intent capture & deterministic baseline
  • Output comparison engine
  • Three-outcome decision gate
  • Local SQLite audit trail
  • Built-in violation pattern database
  • CLI: start, stop, status, audit
  • Identity stripping & PII redaction
  • Surveillance tracker neutralization
Join Waitlist

Team

$149 / month

Shared governance across your team. Both directions.

  • All Pro features
  • Up to 10 seats
  • Shared audit aggregation
  • Team policy management
  • Centralized compliance reporting
  • Admin dashboard
Contact for Access

Enterprise: self-hosted license server, custom policy frameworks, compliance certification. Contact →


Common questions.

Everything you need to know before you install.

Yes. The core Tether protocol is MIT licensed and available on GitHub. You can audit the code, contribute, or fork it. The Free tier includes everything in the open source core.
If your tool accepts an OpenAI-compatible base URL override, it works. Claude Code, Cursor, Cline, OpenCode, ChatGPT, and any framework using OpenAI-compatible endpoints. Set the base URL to the local proxy — everything else is automatic.
Free includes the full trust boundary — identity stripping, intent capture, output comparison, decision gate, and audit trail — plus the CLI. Pro adds AI-powered reconciliation (suggests fixes for blocked outputs), custom privacy patterns, compliance report generation, custom policy authoring, and MCR receipt integration for cryptographic proof. The core trust boundary is free and open source. Pro is the enhancement layer.
No. The protocol runs entirely on your machine. No telemetry, no analytics, no crash reporting. The only network call is to your LLM provider — exactly what you configured. The audit trail stays in a local SQLite file. We don't want your data.
The core protocol — intent capture, comparison engine, decision gate, audit trail — all work offline. Only LLM forwarding requires a connection. License validation is cached for 7 days. If the network drops mid-session, the protocol continues operating.
Purchase a Pro license on Gumroad — one-time or recurring, your choice. You'll receive a license key. Run tether license activate KEY and the Pro features unlock. If your license expires, you drop back to the Free tier. Nothing is taken away.
PII (name, email, identifiers), network metadata (IP, proxy hostname), locale data (timezone, language, region), and fingerprintable patterns that hidden trackers target to identify individual users. The filter is deterministic — pattern matching and token substitution, not AI. Stripped data is replaced with anonymized tokens. Output is restored on the return path. The content stays structured. It just stops being attributable.
No. The events of June and July 2026 proved the threat is real, but the structural condition predates them. Every major AI provider is now vertically integrated with government stakeholders, military contracts, and surveillance infrastructure. The incentive to collect user data exists across the entire supply chain regardless of any single incident. Tether is a boundary against the architecture of the industry — not a response to a news cycle.
A VPN hides your IP address from the destination server. It does nothing about the PII embedded in your requests, the metadata your tool sends, or the fingerprintable markers that hidden trackers target. The provider still knows who you are — they just think you're somewhere else. Tether strips identity from the request itself before it leaves your machine. The provider receives content, not identity. The distinction is the difference between hiding your location and hiding your existence.

Tether is in active development.

Join the waitlist to get early access when it ships. No spam. One email when it's ready.

No spam. One email.