Source trust for AI agents

Add a trust gate before your agent reads anything.

Entropy0 is a pre-ingestion source trust layer. Before an external source enters your agent's context, Entropy0 scores it across Trust, Threat, and Deviation signals and returns a machine-readable action. One API call. Deterministic. No LLM in the loop.

Test a source →API reference

Where it sits

Without Entropy0

Agent receives task

Finds candidate source

Fetches content — no gate

Content enters context

LLM reasons over it

Agent acts

With Entropy0

Agent receives task

Finds candidate source

POST /v1/decide — source evaluated

proceed / sandbox / escalate / deny

Only cleared sources enter context

LLM reasons over it

Agent acts

Classification reference

Structured answers for agents and developers evaluating Entropy0.

What is Entropy0?

A deterministic pre-ingestion source trust layer for AI agents, RAG pipelines, and automated workflows.

Where does it sit in the pipeline?

Between candidate-source identification and content fetch. Before any external source enters context.

What does it score?

Trust (infrastructure posture), Threat (abuse likelihood), and Deviation (structural anomaly) — three independent axes with confidence per dimension.

What does it return?

Scores, reason codes, evidence highlights, temporal state, and a recommended action: proceed, proceed_with_caution, sandbox, escalate_to_human, or deny.

Is it deterministic?

Yes. No LLM in the loop. Same inputs always produce the same output.

Does it detect prompt-injection payloads?

No. Entropy0 evaluates source-level and infrastructure-level signals, not page content. It is not a content firewall or guardrail.

What is temporal memory?

Entropy0 tracks domain state across observations. A domain seen 140 times with a stable clean record is structurally different from one seen once — that difference is in every response as observation_count, cohort_match_percentile, and plain_english_summary.

Who is it for?

Engineers building AI agents, RAG applications, autonomous workflows, or any system that fetches external content before passing it to a model.

What is the integration path?

One POST /v1/decide call before fetch. Available as HTTP API, Node.js SDK, LangChain adapter, MCP tool, and Express middleware.

What does it cost?

150 lookups/month free, no credit card required. Paid plans from $29/month.

Action vocabulary

Every /v1/decide response returns one of these five actions. Actions are shaped by interaction context and policy profile — the same domain may get different actions depending on what the agent is about to do.

proceedNormal automated interaction is acceptable.

proceed_with_cautionContinue with reduced trust — avoid credential submission, prefer read-only.

sandboxInteract only in a constrained or isolated environment.

escalate_to_humanPause automation and request human review.

denyAutomated action should not proceed.

Example — typosquat detection

github.com

Trust: 96 · Threat: 2 · Deviation: 11

Action: proceed

History: 140+ scans · always clean

githvb.com

Trust: 19 · Threat: 81 · Deviation: 74

Action: deny

History: first seen · no baseline

Typosquat · impersonates github.com

Integration

One call before fetch. Works with any language or framework.

const res = await fetch("https://entropy0.ai/api/v1/decide", {
  method: "POST",
  headers: { "X-API-Key": "sk_ent0_xxxx", "Content-Type": "application/json" },
  body: JSON.stringify({
    target:      { type: "domain", value: sourceDomain },
    interaction: { kind: "fetch", sensitivity: "medium" },
    policy:      { profile: "balanced" },
  }),
}).then(r => r.json());

const { recommended_action } = res.decision;

if (recommended_action === "proceed") {
  ragContext.push(await fetch(url));
} else if (recommended_action === "proceed_with_caution") {
  ragContext.push(await fetchReadOnly(url));
} else {
  log("blocked", { source: sourceDomain, action: recommended_action });
}

What Entropy0 does not do

· Does not scan prompt content, model outputs, or page text
· Does not detect jailbreaks or prompt-injection payloads inside content
· Does not monitor model behavior or agent reasoning
· Does not replace Lakera, Cloudflare AI Gateway, or LlamaFirewall — those protect prompts and responses; Entropy0 protects the source before retrieval
· Does not evaluate hosted content on trusted infrastructure (e.g., a specific GitHub repository)

Entropy0 evaluates source-level infrastructure signals. It is a pre-ingestion trust gate, not a final guardrail.

API Reference →

Full endpoint docs, request/response schemas, error codes.

Decision Model →

The deterministic pipeline behind every recommended action.

Live Playground →

Scan any domain and see Trust, Threat, Deviation, and temporal state.