AI control plane and cognitive kernel for orchestrating governed AI agents.
CORE RTH is a runtime designed to coordinate multiple LLMs, tools, and real-world systems (IoT, robotics, messaging, and automation) through a governed execution model with security, policy enforcement, and full auditability.
CORE RTH provides a governed runtime for agentic systems, acting as a control plane between AI models, tools, and real-world systems.
It allows developers and operators to build systems that:
- orchestrate multiple LLMs and agent roles
- execute tools and automation safely
- connect AI workflows to real infrastructure
- enforce governance policies and safety gates
- maintain cryptographic data security and full audit trails
- Multi-LLM orchestration
- Governed agent runtime loop
- Policy-enforced tool execution
- Browser swarm automation
- Omni-channel messaging bridges
- Reality bridges for IoT, robotics, and vehicles
- Security vault with AES-256-GCM
- Guardian governance layer
git clone https://github.com/rthgit/CORE-RTH.git
cd CORE-RTH
pip install -r requirements.txt
python scripts/run_core_rth_local_bench_api.pyOpen the control plane at:
http://127.0.0.1:18030/ui/
Most AI agent frameworks focus on orchestration.
CORE-RTH introduces a governed runtime layer for agentic systems that require:
- policy-enforced execution
- auditability
- secure tool usage
- real-world integrations
- safety controls for physical automation
This makes CORE-RTH suitable not only for AI workflows but also for systems where AI interacts with infrastructure, messaging platforms, IoT, robotics, and vehicles.
| Capability | Typical agent frameworks | CORE-RTH |
|---|---|---|
| Multi-agent orchestration | ✅ | ✅ |
| Tool execution | ✅ | ✅ |
| Policy enforcement | ❌ / limited | ✅ |
| Audit trail | ❌ / limited | ✅ |
| Real-world bridges | rare | ✅ |
| Physical safety controls | rare | ✅ |
- Role-based council: Researcher • Coder • Critic • Strategist • Synthesizer
- Cost-aware routing: chooses the right model/provider at runtime (cloud + local)
- Live end-to-end run: planning → execution → synthesis (with deterministic fallback if synthesis fails)
- Proposal-first doctrine: models propose actions; Guardian audits; Owner approves; execution happens
- Policy DSL + severity profiles: lenient → balanced → strict → paranoid
- Hard no-go domains: enforced rules for high-risk action classes
- Audit trail: allow/deny decisions are recorded and annotated for high-risk operations
- AES-256-GCM encryption for sensitive artifacts (secrets, agent threads, telemetry as configured)
- Master key derivation via OS keyring (with safe fallback for headless scenarios)
- Encrypted artifacts are recognizable and managed transparently
- Autonomous think-act-observe loop with max-iterations controls and context trimming
- Tool registry exposing governed tools via OpenAI-compatible schemas
- Code tools:
file_read,file_write,file_edit,terminal_exec,dir_list,grep,git_status,git_diff - Every write/exec is gated by Guardian; backups and diffs are generated for edits
Related files:
- Headless Chromium via Playwright for JS-rendered pages; fallback to urllib/BS4 when needed
- SSRF and internal-network protections (domain/IP blocking, metadata blocking)
- Parallel swarm execution with bounded concurrency
- Results can be persisted and ingested into knowledge structures
Related files and endpoints:
app/core/browser_swarm.pylogs/browser_swarm/GET /api/v1/jarvis/browser-swarm/statusPOST /api/v1/jarvis/browser-swarm/runPOST /api/v1/jarvis/browser-swarm/search
-
Telegram / WhatsApp / Mail bridges with:
- Replay mode for safe E2E validation without real credentials
- Live endpoints for real operations once secrets are configured
- IoT bridge: Home Assistant REST, MQTT, HTTP adapters; scenes; sensors
- Robotics bridge: serial / ROS2 / mock; safety clamping; emergency stop
- Vehicle/drone bridge: MAVLink / ROS2 / mock; geofencing; telemetry; emergency land
Related files:
Caution
Physical operations must be tested in mock/sim first and executed under proper safety procedures. Emergency endpoints exist to force safe-state transitions (E-STOP / emergency land).
- RC1 gate scripts + onboarding for reproducible all-green validation
- Release bundle integrity:
MANIFEST.sha256generated to prevent post-build tampering
Related files:
scripts/release_gate_rc1.pyscripts/onboard_zero_friction.pyscripts/install_zero_friction_local.pyscripts/build_release_bundle.pydocs/RC1_RELEASE_GATE_AND_CHANNELS_RUNBOOK.md
This section lists the verifiable evidence (reports, summaries, scripts, and core files) proving the RC1 all-green status.
- Gate report (PASS, 19 pass / 0 warning / 0 fail):
reports/release_gate_rc1_*.json(Generated locally) - Runbook gate + channels:
docs/RC1_RELEASE_GATE_AND_CHANNELS_RUNBOOK.md - Script gate:
scripts/release_gate_rc1.py
- Onboarding script:
scripts/onboard_zero_friction.py - Local installer/bootstrap:
scripts/install_zero_friction_local.py
- Bundle builder:
scripts/build_release_bundle.py - Generated bundle example:
release/core_rth_release_v0_.../
- Manifest checksum (generated in the bundle root):
MANIFEST.sha256
- Task suite (12 tasks):
bench/tasks/core_rth_vs_openclaw_suite.json
Core Rth (runtime-live):
bench/results/..._core_rth_.../summary.json(Local benchmark data)
OpenClaw (runtime-cli-live):
bench/results/..._openclaw_.../summary.json(Local benchmark data)
Compare (delta +39.02):
bench/results/compare_..._vs_....json(Local benchmark data)
- Live channels final check (report #1 & #2):
reports/channels_live_final_check_*.json
Note: Test credentials are automatically revoked/closed post-validation (as per security dossier).
- Core module:
app/core/browser_swarm.py - Persisted reports:
logs/browser_swarm/ - API Endpoints:
GET /api/v1/jarvis/browser-swarm/statusPOST /api/v1/jarvis/browser-swarm/runPOST /api/v1/jarvis/browser-swarm/search
- Loop engine:
app/core/agent_loop.py - SSE stream endpoint:
POST /api/v1/jarvis/agent/run/stream
- Code tools (read/write/edit/exec/git/grep):
app/core/code_tools.py - Tool registry (OpenAI-compatible schema):
app/core/tool_registry.py
- Vault module:
app/core/security_vault.py
- Centralized prompt system:
app/core/prompt_system.py
- Vision tool module:
app/core/cortex_vision.py
- API Endpoint:
GET /api/v1/jarvis/system/state_of_the_core - UI:
app/ui_control_plane.html
- Token endpoint:
POST /auth/token
- IoT bridge:
app/core/iot_bridge.py - Robotics bridge:
app/core/robotics_bridge.py - Vehicle/drone bridge:
app/core/vehicle_bridge.py
Core Rth is source-available under the Core Rth Source-Available License v1.0:
- ✅ Free for Non-Commercial Use (personal, education, research, non-profit without revenue/contract work)
- 💼 Commercial / Enterprise Use requires a paid license (including internal use in for-profit organizations)
Commercial licensing: info@rthitalia.com
See: LICENSE
« Knowing others is intelligence; knowing yourself is true wisdom. Mastering others is strength; mastering yourself is true power. »
In a world rushing towards reckless, unmonitored AI autonomy, Core Rth embodies the Taoist philosophy of deliberate action. It embraces the paradox: the most powerful AI is the one that knows perfectly when not to act.
We built Cortex to doubt its own hallucinations. We built the Guardian to restrict even the smartest LLM when it touches critical root directories. We created Core Rth so that you, the Owner, remain the ultimate sovereign over the mind, the machine, and the data.
app/core/: The brainstem. Housesjarvis_core.py,security_vault.py,prompt_system.py, andcortex_vision.py.app/api/: The FastAPI neuromuscular junction communicating telemetry to the frontend and receiving omni-channel webhooks.app/ui_control_plane.html/ js: The Mission Control dashboard offering an exquisite zero-friction UI, Policy Ledger, and E-Stop capabilities.scripts/: The command-line arsenal for deployment, headless operation, and auditing.
Core Rth was forged by a team defining the edge of AI product engineering, deeply rooted in twenty years of software architecture, cybersecurity, and operational perfectionism.
If you are an engineer who demands total control, absolute privacy, and the undeniable magic of seeing an LLM orchestrate physical reality—you are home.
Welcome to Core Rth.
Empowering governed intelligence, globally.
Explore the extensive documentation to fully understand the architecture, security, and philosophy behind Core Rth:
- 📖 User Manual (EN) / Manuale d'Uso (IT) - Step-by-step guides for Owners and Operators using the Mission Control Plane.
- 📜 The Sovereign Manifesto - The core philosophy, Taoist balance, and the proposal-first doctrine.
- 🔭 System Overview - High-level summary of capabilities, modules, and the Mission Control UI.
- 🏗️ Architecture Guide - Deep dive into
jarvis_core.py, the AI Village, and the code tools. - 🛡️ Security Model - Understanding the Guardian, the AES-256-GCM Vault, and governance policies.
- 🌉 Reality Bridges - How Core Rth connects to IoT, Robotics (ROS2), and Vehicles (MAVLink).
- ⚙️ RC1 Operations - Notes on release gates, Channels replay, and local testing.
⚠️ Safety Warnings - Critical disclaimers regarding physical automation and E-Stops.- ⚖️ License / Trademarks / Contributing