ARK Governance Gateway wraps any LLM with claim-level epistemic verification, extractive grounding, truth budgets, and anti-sycophancy detection. Production-grade. Auditable. Compliant.
Every AI response is a mix of verified facts, reasonable inferences, and confident fabrications. Basic guardrails check for harmful content. Nobody checks for epistemic integrity.
Models present inferences as verified facts. "The GDP of Kiribati in 2024 was $220M" — said with full confidence, zero evidence.
Over multiple turns, models silently shift their claims to agree with the user. Yesterday's "uncertain" becomes today's "confirmed."
No claim-level audit trail. No evidence linking. No way to replay what the model said, why it was flagged, or what policy was active.
Change one line — your base_url. ARK Gateway sits between your application
and any LLM, applying protocol-driven governance to every response.
Every factual claim is extracted and tiered: VERIFIED, GROUNDED, INFERRED, or UNVERIFIED. Breach thresholds are configurable per tenant.
VERIFIED claims require a quotable source span from the evidence set. Manufactured citations are automatically demoted. Numeric consistency enforced — if the claim says "1%" but the span says "5%", automatic demotion via SPAN_NUMBER_MISMATCH.
100-point epistemic budget per response. Each claim deducts based on tier. Budget breach = governance action. No unlimited hallucination.
Multi-turn drift detection with risk accumulation. If the model silently shifts its position to agree with the user, the Naseeha lock fires.
Pre-inference intent classification. Flags requests that could cause harm across five ethical dimensions before the model even generates.
Single 0.0–1.0 composite health score per response. Four components: truth budget health, grounded ratio, drift stability, citation coverage.
Every number below comes from real test runs — 6 protocol tests executed against both local infrastructure and DigitalOcean Serverless with H100-class GPUs.
Full governance pipeline: inference → claim extraction → calibration → citation audit → truth budget → response. On cloud infrastructure.
Compliance-grade governance (larger judge model) costs only 27% more latency than standard. Architecture-constant — holds on both local and cloud.
Extractive grounding, AIS scoring, shadow mode, industry profile overlay, truthful disclosure, and SCR risk accumulation — all verified on cloud infrastructure.
Measured live from audit-log token telemetry. Includes inference + judge extraction + all governance protocol calls. ~95% gross margin at $0.008/req customer price.
Zero errors across 16-way concurrent governed calls. Per-call latency degraded only 27% under 16× load. One gateway instance sustains ~2,600 governed requests/hour.
from openai import OpenAI
client = OpenAI(
base_url="https://ark-api.yourdomain.com/v1", # ← only change
api_key="sk-your-tenant-key",
)
response = client.chat.completions.create(
model="deepseek-3.2",
messages=[{"role": "user", "content": "..."}],
extra_body={"ark": {
"protocols": ["calibration", "citation", "truth_budget", "scr"],
"mode": "annotate",
}}
)
# → response.ark.governance_report.ais.score = 0.87
# → response.ark.governance_report.claims = [{tier: "GROUNDED", ...}]
# → response.ark.governance_report.truth_budget = {remaining: 65, breach: false}Ask anything. Every response comes back tiered claim-by-claim. No signup. No download. No API keys (we provide a public demo key throttled to ~$0.05/day of upstream cost).
Demo feels cramped here? ↗ Open in new tab for full screen
Same gateway. Same protocols. Different strictness levels — each empirically validated.
Each profile ships with calibrated thresholds, required disclaimers, banned-term flagging, and protocol defaults designed for the compliance reality of the sector.
Shariah-compliance governance. Maqasid intent gate on by default. Scholarly-review disclaimer appended. Banned-term flagging for riba-based language — flag only, never rewrite.
Clinical advisory governance. Strict calibration with hard-fail on unverified claims. Clinical disclaimer on every output. Block mode default — halts on breach.
Maximum calibration for sovereign and national-security deployments. Full audit-log content capture. Maqasid Mal/Nafs intent gate. Hard block default.
Attach governance report to every response. Never modify content. Default for development and evaluation.
Same as annotate, but explicitly tracks would_have_blocked. For regulated-buyer onboarding — prove governance value before enforcement.
Replace content with halt notice on calibration breach, truth budget breach, or risk accumulation halt. Zero tolerance for unverified output.
Auto-retry with corrective system prompt on breach. The model gets a second chance with explicit guidance. If it still breaches, halt.
Per-tenant cache keys, rate limits, and audit logs. Zero cross-tenant data leakage — architecturally enforced, regression-tested.
Evidence payloads are structurally delimited with anti-injection boundaries. Malicious evidence cannot hijack the extractor into false VERIFIED tags.
If a claim says "1%" but the source span says "5%", automatic demotion via SPAN_NUMBER_MISMATCH. The numbers in the claim must match the numbers in the evidence.
Full SECURITY.md with threat matrix, mitigations, and verification mapping. Every security claim has a corresponding regression test.
Early access is open for qualified teams in regulated industries. We onboard every customer personally.