Skip to content
Thoth ATO

Welcome to Thoth-ATO

Thoth-ATO is the governed AI engineering co-pilot. Signed verdicts. In a local cycle, your source code and secrets stay on your machine — the governed cycle commits an Ed25519-signed verdict to your git for immutable audit logging.

60-second value prop

Section titled “60-second value prop”

Generic AI coding assistants suggest text into a chat box. Thoth-ATO runs a governed cycle — in your editor or any terminal, on any model — and emits a cryptographically signed verdict you can verify, audit, and ship.

  • Signed verdicts — Every cycle is signed with Ed25519 keys stored in Google Cloud KMS. Anyone can verify a verdict independently against the public key endpoint (GET /api/v1/judge/public-keys/{kmsKeyVersion}) — no account, no trust required.
  • Local execution — The Claude Code plugin uses Claude Code’s Write, Edit, and Bash tools to produce real files, real tests, and real git commits in your editor. In a local cycle, your source code and secrets stay on your machine — the governed cycle commits an Ed25519-signed verdict to your git for immutable audit logging.
  • Any model, from any terminal — Dispatch a remote cycle to run the full cycle on Anthropic, OpenAI, Gemini, Vertex, Ollama, or any OpenAI-compatible endpoint via the hosted control plane (no Claude Code required) — from any terminal, including the integrated terminal of your IDE. A standalone thoth CLI for any terminal and CI is in pre-launch beta — installable from source today, published to npm at the v7.2 launch gate. Native IDE extensions are on the roadmap.
  • Compliance-ready — Signed verdicts plus the KMS audit trail satisfy evidence requirements for the EU AI Act high-risk obligations (August 2026), the Colorado AI Act (June 2026), SOC2 Type II Trust Services Criteria, and ISO 27001:2022 Annex A.

Who Thoth-ATO is for

Section titled “Who Thoth-ATO is for”

Thoth-ATO is built for engineering teams that have to prove the AI didn’t ship something they would not have shipped themselves. Three canonical use cases:

Regulated fintech

Section titled “Regulated fintech”

A neobank ships a credit-risk feature touched by an AI assistant. The auditor asks: “Show me the change record. Show me the security and bias review. Show me who approved this.” Thoth-ATO’s signed verdict is the change record, principle scores are the review, and the approval-gate log is the sign-off.

Healthtech / clinical software

Section titled “Healthtech / clinical software”

A digital therapeutics vendor under HIPAA + FDA SaMD oversight uses AI to refactor a clinical decision module. The verdict captures the constitution-enforced Security and Anti-fragility thresholds, ties the deliverable hash to the KMS audit log, and produces a verifiable record the QA team archives in the design history file.

Regulated SaaS under EU / US state AI law

Section titled “Regulated SaaS under EU / US state AI law”

A B2B SaaS vendor ships an AI-assisted feature into the EU and Colorado markets and must produce per-change risk evidence. Thoth-ATO’s signed verdict is the change record, the principle scores are the risk review, and the KMS audit trail maps to EU AI Act Article 12 record-keeping and Colorado AI Act SB 24-205 obligations.

What Thoth-ATO is not

Section titled “What Thoth-ATO is not”

Thoth generates code where you work — in your editor in a local cycle, or on the provider you choose via a remote cycle — never in our cloud against your repo. In a local cycle, your source code and secrets stay on your machine; the governed cycle commits an Ed25519-signed verdict to your git. A remote cycle — when you opt in to /thoth --remote — runs on the provider you choose and returns a signed verdict and a JSON spec. Never your source. Never your secrets. Never your data.

Your source code stays in your editor. Your cloud stays yours. Your audit trail is cryptographically yours.

Next steps

Section titled “Next steps”
Quickstart Install the plugin and run your first /thoth cycle in 5 minutes.
CLI reference Every command, flag, and exit code.
API reference Drive cycles from CI/CD via REST.
Verdict verification Independently verify any signed verdict in Node, Python, Go, or Rust.
Compliance evidence EU AI Act, Colorado AI Act, SOC2, ISO 27001 control mapping.
Pricing Unlimited local cycles forever. 50 signed verdicts/month free.

What’s next?

Section titled “What’s next?”

Start with the Quickstart if you want to be running in five minutes. Skip to Verdict verification if you came here to evaluate the cryptographic story.

Thoth ATO is a product of IVS Group.