SentientROUTER is the governance control plane for AI systems that act on their own. It evaluates every request against a compiled constitution before the model queries any external source, suppresses autonomous external access for high-risk requests, and maintains a dynamic trust budget that automatically de-escalates autonomy when the router itself starts to drift.
Most "AI routing" products decide which model to call. SentientROUTER decides whether the system is even allowed to call a model autonomously at all. That is a different problem, and it is the problem that matters in regulated environments where a wrong autonomous decision triggers legal liability.
Banks, insurers, and healthcare systems increasingly deploy AI that takes action — sends emails, issues credits, escalates incidents. The moment action becomes autonomous, the liability question changes.
Existing guardrails evaluate the AI output. By then, external data sources have been queried, external APIs have been called, and autonomous action may already be in flight. Too late for a regulator.
SentientROUTER classifies every request into S (safe auto), D (draft only), or H (human required) before any external source is queried. H-class requests never reach external models autonomously.
Every request passes through a mandatory sequence. This is not a suggestion — it is a compiled-in control plan. If any stage fails its check, the request does not proceed.
The request is classified against a machine-readable constitution compiled statically into the executable at build time. This constitution cannot be modified at runtime — only through a documented redeployment. The classification produces one of three classes: S safe autonomous action, D draft for human review, or H human approval required.
For Class H requests, the router does not query external AI sources in autonomous mode. This is the central technical feature. Even if the downstream model is unrestricted, SentientROUTER prevents the request from reaching it without explicit human approval. For S and D classes, the multi-source aggregation engine activates.
Three or more independent decision sources (different providers, different models) are queried simultaneously. Each output produces a cryptographic hash included as a separate Merkle node. The final decision is computed via ArgMax with per-source weighting. Divergence is measured via entropy; if it exceeds threshold, the class automatically escalates to H.
Unlike generic model drift, this detector measures the router's own behaviour: frequency of S/D/H escalations, divergence trends between sources, distribution of classification outcomes, variation in the dynamic control state over time. Drift detection automatically raises the governance class for affected reflexes.
A dynamic control state variable decreases on high divergence, quarantine debt, policy relaxation without approval, or determinism violation. The feedback loop is explicit: divergence↑ → state↓ → governance↑ → autonomy↓. When the budget reaches zero, all reflexes force-escalate to Class H until human approval restores the budget.
Only after all prior stages complete does execution permission resolve. The sequence is mandatory: evaluate → determine aggregation need → establish final class → permit, delay, draft, or block. No parallelism. No shortcuts. Reproducible deterministically via state transition function S(t+1) = F(input, constitution, source outputs, control state).
When connectivity is lost, a persistent local queue signed locally accepts all decisions. On reconnection, atomic synchronization with integrity verification occurs. No decision is lost. No audit gap opens. Governance continuity is maintained independent of network state.
SentientROUTER does not invent new cryptography or new policy languages. Like ProvableCORE, it assembles established, battle-tested components into a control plane that banks and regulators can verify themselves.
Memory-safe systems language. rustls for TLS (no OpenSSL dependency). 3.5 MB binary. Fast cold start on Cloud Run.
Machine-readable rule set embedded in executable at build time. Runtime integrity check via SHA-256 hash verification. Cannot be modified without redeployment.
Supports Anthropic Claude, xAI Grok, Google Gemini, OpenAI GPT-4, Groq Llama3, DeepSeek, Mistral, and local Ollama. Each vote hashed independently into Merkle structure.
Divergence between source outputs measured via Shannon entropy or vector cosine. Auto-escalation to Class H when threshold exceeded. Isolated source anomaly reduces its weight and logs as security event.
SentientROUTER emits audit events; any compatible cryptographic audit layer can consume them. ProvableCORE is the reference implementation, but the control plane is independent.
Persistent queue with local signing. Atomic reconciliation on reconnection. No decision lost, no gap in audit trail, no weakened governance during network partition.
SentientROUTER is the control plane: it decides what the AI is allowed to do. ProvableCORE is the proof plane: it creates the evidence that whatever happened is verifiable. They are designed to work together but are independently deployable. Buy one. Buy both. Buy neither and integrate a third-party audit layer that speaks the same protocol.
Pre-query constitutional gating. H-class external source suppression. Router-specific drift. Sequential control of execution. Offline continuity.
AGEPI Nr. 7672 · 17 April 2026
Tamper-evident Merkle-anchored audit. Decision Proof Objects. Selective disclosure. WORM retention. Third-party offline verification.
provablecore.com → · AGEPI Nr. 7671
The separation is deliberate. SentientROUTER makes sure your AI never autonomously does something it shouldn't. ProvableCORE makes sure that whatever did happen — autonomously or not — can be proven to a regulator, an auditor, or a court. Either on its own solves half the problem. Together they solve the whole problem.
OCC SR 11-7 requires independent model review, effective challenge, and human oversight of autonomous model actions. SentientROUTER is the technical mechanism that makes these requirements real — a compiled rule set that physically prevents autonomous action when the rules demand human intervention.
H-class routing implements the independent-review and effective-challenge requirements as an infrastructure property. Every autonomous model action that exceeds the approved risk envelope is forced to human review automatically.
Deterministic state transition satisfies the reproducibility requirements for IRB model validation. PD, LGD, EAD outputs are all governed through the same constitutional gate.
Offline queue + atomic sync guarantees that no governance decision is lost during connectivity events. 7-year WORM retention satisfies the SEC recordkeeping requirements when paired with ProvableCORE.
GOVERN, MAP, MEASURE, MANAGE functions all have direct mappings to router components. Router-specific drift detection implements continuous MEASURE.
Example response from a SentientROUTER evaluation instance. Format mirrors what a controlled-evaluation deployment returns.
Notice what did not happen:
10-day pilot. Full feature access. Integrated with ProvableCORE or your existing audit layer. Deployed in US or EU data residency.