The control plane for verified context
Knowledge your agent can trace back to the source
Restormel Keys is the control plane for verified context: provenance-traced, evidence-bound, quality-gated knowledge an agent — or its auditor — can trace to the exact source span. BYOK and model routing come built in to feed it.
Evidence-bound claims
Every supported claim is backed by a verbatim quote you can check yourself — bound to character offsets and a hash of the source version, so a skeptic can re-verify it with no model in the loop.
A second model family checks
The model that extracts a claim never grades its own work. An independent model family validates the extraction by default, so the answer isn't graded by the system that wrote it.
An audit trail per query
Every claim carries a provenance trace: its verification state, its citation, and a trace ref — exportable as JSON for your compliance file.
BYOK and policy-bounded model routing are built in — the supporting plumbing that feeds verified context, not a separate product to wire up. SvelteKit, Next.js, React, and Web Components paths.
What brings you here?
Built in real products
See how different teams use Restormel Keys in production: a fast setup for privacy-sensitive extraction at PLOT, and a deeper multi-workload integration at Sophia.
"The AI said so" is not a citation.
Most AI products can route to a model and get an answer back. What they can't do is tell you why an answer is trustworthy — which source it came from, whether that source actually says it, and what was left out. Restormel Keys is the control plane for verified context: provenance-traced, evidence-bound, quality-gated knowledge an agent — or its auditor — can trace to the exact source span. BYOK and model routing are the supporting plumbing that feeds it.
Claim → citation → trace
Every claim Keys serves can be followed from the answer back to the source. These guarantees are tied to tests and CI gates in the verified-context guide — not to a marketing promise.
-
Claim
A second model family checks the extraction by default — the model that wrote a claim never grades its own work.
-
Citation
Every supported claim is backed by a verbatim quote you can check yourself, bound to character offsets and a hash of the source version. A quote cited against the wrong source fails to bind — misattribution is caught structurally, not by model opinion.
-
Trace
Every claim carries a provenance trace — its verification state, its citation, and a trace ref. Unsupported claims are excluded, not blended; strict retrieval returns only supported claims. Export the trace as JSON for your compliance file.
Three ways to feed it
Verified context needs model access underneath it. Keys gives you three supporting ways to supply that — builder-managed direct, gateway-backed, or end-user BYOK — without changing how verification works on top.
Builder-managed direct
Keep provider keys in your env/secrets manager. Restormel resolves the route/model/provider decision; you supply provider access from your own infrastructure.
Gateway-backed
Already route through a provider-access layer? Keep it. Restormel adds routing policies, health, analytics, and progressive rollout on top.
End-user BYOK
Offer a KeyManager UX for users while credentials stay in your backend. Policy-bounded model choice per plan tier — Restormel stays the control plane.
Add it to your stack
Choose your integration path. Tabs are CSS-only, so this section renders cleanly without client JavaScript.
# Gateway key + site base — no npm core required
# RESTORMEL_KEYS_BASE=https://restormel.dev
# RESTORMEL_GATEWAY_KEY=rk_…// Resolve via Keys REST (any language / framework)
const res = await fetch(
`${process.env.RESTORMEL_KEYS_BASE}/keys/v1/projects/${projectId}/resolve`,
{
method: "POST",
headers: {
Authorization: `Bearer ${process.env.RESTORMEL_GATEWAY_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ workload: "chat" }),
},
);
const { data } = await res.json();pnpm add @restormel/keys-elementsimport "@restormel/keys-elements";
// In HTML or any framework template:
// <rk-key-manager user-id="u_123"></rk-key-manager>
// <rk-model-selector project-id="…"></rk-model-selector>pnpm add -D @restormel/keys-cli# Device login + doctor
pnpm exec keys login
pnpm exec keys doctorFits your framework
SvelteKit, Next.js / React, and Web Components are supported package paths. You can also run fully headless in any framework with @restormel/keys. Same API; no Docker, Redis, or proxy.
- SvelteKit
- Next.js
- React
- Vue
- Astro
What's in the box
Verified context first — with the routing, policy, and BYOK plumbing that feeds it.
Verified context
Provenance-traced, evidence-bound, quality-gated knowledge served to your agents — every claim tied to a source span.
Cross-model validation
An independent model family checks each extraction by default, so a claim is never graded by the model that wrote it.
Provenance traces
Every retrieval records which claims were considered, their verification state, and why anything was excluded — exportable as JSON.
Restormel Resolve
Model → provider resolution. One middleware, multiple backends — the routing that feeds context.
BYOK & embeddable UX
ModelSelector, CostEstimator, and optional KeyManager for policy-bounded model choice. Svelte, React, or Web Components.
Restormel Doctor & Validate
Health checks you can run locally or in CI to catch bad config and broken provider access before deploy.
Pricing
Free to build. Upgrade to Pro when you’re ready to ship.
Early access: First 50 founding members get 12 months of Pro via Founders Circle. Full tiers (Team, Platform bundle) are on the pricing page.
Free
$0
Best for prototyping. 2 projects and 1,000 requests/month.
Pro
£10/mo
Best for production. Higher limits, visibility, and routing controls. Other currencies at checkout (Paddle).
Serve knowledge your agents can be held to
Install the packages, supply model access the way that fits your stack, then serve verified context your auditors can check. The walkthrough guides you step by step.
Get started