Overview
The Nomos Secure Pipeline is a security-first LLM orchestration system. It places input validation, intelligent routing, and output verification into a structured pipeline that treats every request as potentially adversarial.
Most LLM security operates at the output layer — system prompts, output filters, guardrails bolted onto the response path. Nomos inverts this. The security gate sits at the front of the pipeline. Inputs are scanned, classified, and attested before any model sees them. This is the difference between locking the front door and installing an alarm that goes off after someone is already inside.
The 5-Layer Architecture
Section titled “The 5-Layer Architecture”The pipeline is organized into five logical layers, implemented across three microservices:
| Layer | Function | Service |
|---|---|---|
| L1: Input Security | Scan for injection, encoding attacks, malware | Security Gate |
| L2: Intent Classification | Classify task type, select specialist model | Router |
| L3: Execution | Dispatch to model provider, manage context | Router |
| L4: Output Verification | Multi-axis verification by independent model | Verifier |
| L5: Attestation | Cryptographic chain linking all stages | All services |
Each layer produces an attestation that the next layer requires. A request cannot be routed without a clean scan attestation. An output cannot be returned without a verification attestation. The chain is enforced, not optional.
What Makes It Different
Section titled “What Makes It Different”Input security, not output filtering. The Security Gate catches prompt injection, role override attempts, encoding evasion, and embedded malware before any model processes the input. Most frameworks scan outputs for harmful content. Nomos scans inputs for harmful intent.
Attestation-linked pipeline. Every stage produces a signed attestation ID. The router requires a clean attestation from the gate. The verifier receives the full chain. This creates an auditable trail from raw input to verified output.
Multi-agent verification. The Verifier uses a different model than the one that generated the response. Verification is adversarial by design — the verifier’s job is to find problems, not confirm correctness.
Cost-aware routing. The router classifies task intent and selects the appropriate model and provider based on capability requirements, not just defaulting to the largest available model. A formatting task does not need the same model as a security analysis.
Current Status
Section titled “Current Status”The pipeline runs as three microservices on a homelab Proxmox cluster:
- Security Gate at
gate.tismjedi-homelab.com(192.168.0.82) - Router at
router.tismjedi-homelab.com(192.168.0.4) - Verifier at
verifier.tismjedi-homelab.com(192.168.0.50)
All services are behind Caddy reverse proxy with automatic TLS via Cloudflare DNS. The pipeline handles real traffic and has been tested against known injection patterns, encoding evasion techniques, and multi-turn manipulation strategies.
The system is functional and processing requests. It is not yet hardened for production-scale deployment — it runs on homelab infrastructure and is designed for research, development, and demonstration purposes.