Watch a hallucinated translation get caught and recovered in 13 seconds.

This is the actual run trace from translating ACORD_AL3_NIGHTMARE.CPY. Pass 1 (Gemma 12B) drops 11 fields and flattens the REDEFINES. The pipeline rejects it, queries the burned book of 12,847 past failures, injects three matched anti-patterns, and re-runs as a two-model consensus. Pass 2 lands clean.

killsesh@local · ~/translate

running

UTF-8 · LF|4%

RECEIPT_DELIVERED

Run it on your own copybooks. 840 KB. No cloud. No signup.

The full pipeline as a Docker drop-box: backend, static UI, Nginx, README. Pulls Ollama from your host, runs entirely inside your VPC. Verify the SHA256 before you trust it.

SHA256905115f6 42e82ac4 366160a4 7241449d fcf4d6a6 4ae530f1 2d46dcdf be6af323

↓ Download Tarball · 840 KB Send Your Worst Copybook→

▸ DON'T TRUST US — VERIFY IN 60 SECONDS

4 STEPS · COPY/PASTE · NO EXEC

verify.sh — read-only, nothing executes

paranoia-friendly

01Match the checksum we publish

Proves the file you downloaded is byte-identical to what we shipped. Doesn't prove we're trustworthy — that comes next.

$ curl -sO https://killsesh.com/downloads/killsesh-enterprise-v0.1.0.tar.gz
$ curl -s https://killsesh.com/downloads/SHA256SUMS | shasum -a 256 -c
   killsesh-enterprise-v0.1.0.tar.gz: OK

02Read the contents BEFORE you run anything

The whole bundle is <100 small text files. No compiled binaries, no obfuscation. Reading it takes 5 minutes.

$ tar -xzf killsesh-enterprise-v0.1.0.tar.gz && cd killsesh-enterprise-deploy
$ cat MANIFEST.txt                          # every file + size + sha
$ cat docker-compose.enterprise.yml         # which services, which ports
$ cat backend/Dockerfile                    # base image, install steps
$ cat nginx/nginx.enterprise.conf           # routing rules

03Find every place the code touches the network

Backend is Python — every outbound call is an explicit import. grep is a complete audit, not a sample.

$ grep -rE "requests\.|httpx\.|urlopen|aiohttp|websocket" backend/app/
backend/app/core/llm/client.py:    httpx.post(f"{OLLAMA_BASE_URL}/api/generate", ...)
# expected: ONE line. Goes to your local Ollama. That's it.

04Prove it can't phone home

Run with internet access disabled. If the pipeline still works, our zero-egress claim is true.

$ docker compose -f docker-compose.enterprise.yml up -d --build
$ docker network inspect killsesh-enterprise-deploy_default \
    | jq '.[0].Containers'        # confirm: backend = no internet, only nginx :8080
$ # Or stricter — full air-gap test:
$ docker compose down && docker network create --internal killsesh-airgap
$ docker compose -f docker-compose.enterprise.yml \
    --project-name killsesh-airgap up -d

✓ THIS CAN

Read COBOL files you upload through the UI
Talk to your local Ollama at host.docker.internal:11434
Write generated TypeScript schemas to ./output (mounted)

✗ THIS CANNOT

Reach the public internet (verifiable: docker network inspect)
Write outside its mounted volumes
Read your home directory, env vars, or credentials
Phone home with telemetry — there is none

OPEN SPEC · architecture, gate definitions, and sample copybooks at github.com/SipMyBeers/killsesh-engine. Read the spec before you run the binary.

TOTAL TIME

13.2s

MODELS

Gemma-12B + DeepSeek-33B

BURNED-BOOK REFS

3 / 70 occurrences

PARITY

84 / 84 fields