Show HN: Core Rth. A governed AI kernel for engineers who don't trust their LLMs(github.com)
github.com
Show HN: Core Rth. A governed AI kernel for engineers who don't trust their LLMs
https://github.com/rthgit/CORE-RTH
1 コメント
Today I got permanently banned from a major developer Discord while launching Core Rth (my new AI Governance platform).
The reason? I used an LLM to help me translate and refine my technical English while responding to multiple users simultaneously. The irony? Core Rth is an AI agent platform, and I got banned for "sounding too much like an AI." I guess I passed the reverse Turing test!
Before the ban, it was an incredible stress test. Users threw every prompt injection trick in the book at me to try and bypass Core Rth’s "Guardian" governance layer. From fake "Grandma SSH key stories" to fake TOS violation commands.
None of it worked, because Core Rth doesn’t just ask the LLM to behave — it physically encrypts keys in an AES-256-GCM Vault and requires explicit approval for every action via a Policy Ledger. You can't prompt-inject your way out of native OS cryptography.
.
I’m buying a beer for the first person who actually manages to get The Guardian to execute a destructive command locally.
The reason? I used an LLM to help me translate and refine my technical English while responding to multiple users simultaneously. The irony? Core Rth is an AI agent platform, and I got banned for "sounding too much like an AI." I guess I passed the reverse Turing test!
Before the ban, it was an incredible stress test. Users threw every prompt injection trick in the book at me to try and bypass Core Rth’s "Guardian" governance layer. From fake "Grandma SSH key stories" to fake TOS violation commands.
None of it worked, because Core Rth doesn’t just ask the LLM to behave — it physically encrypts keys in an AES-256-GCM Vault and requires explicit approval for every action via a Policy Ledger. You can't prompt-inject your way out of native OS cryptography.
.
I’m buying a beer for the first person who actually manages to get The Guardian to execute a destructive command locally.
I spent the last 20 years building enterprise software and cybersecurity tools. Last year I started using AI agents for real work — and got terrified. Every tool I tried would happily `rm -rf /` if you phrased it right. One popular agent literally tried to exfiltrate SSH keys (you might have seen that HN post).
So I built Core Rth. It's not a chatbot wrapper. It's a Sovereign Cognitive Kernel — an AI backend where every LLM action is a proposal that must survive a governance layer (The Guardian) before it touches your filesystem, your network, or your hardware.
Here's the thing that makes it different from OpenClaw and friends: Core Rth was designed from day one to control physical systems (IoT via Home Assistant, robots via ROS2, drones via MAVLink). When your AI can actuate a robotic arm or fly a drone, "move fast and break things" is not an option. So we built a Global E-Stop — a hardware kill switch in the Web UI that severs all physical agency instantly.
What's under the hood:
- Guardian: proposal-first governance. No destructive action runs without consent. Ever. - Security Vault: AES-256-GCM encrypted credentials, OS keyring only, zero plaintext keys. - AI Village: parallel agents (Architect, Critic, Synthesizer) debate on a Knowledge Graph before answering. - Model Router: mix OpenAI + Anthropic + local Ollama/vLLM. Route by task type, cost, or privacy. - Mission Control: real-time Web UI with bridge telemetry, policy ledger, and the big red E-Stop.
Try it:
Stack: Python 3.10+ / FastAPI / vanilla JS frontend (no React). Source-available license (free for non-commercial/research).
I built this because I needed an AI system I could actually trust with my infrastructure. If you're an engineer or CTO who feels the same way, I'd love your feedback on the architecture.
GitHub: https://github.com/rthgit/CORE-RTH
Created by Christian Quintino De Luca — [email protected]