v1.12.0 — May 2026
New — Read-only dashboard surface
Four new endpoints under/api/v1/incidents give programmatic access to the same data a moderator sees in the Tuteliq dashboard, scoped per API key:
GET /api/v1/incidents— paginated, filterable listing (category, severity, status, source, platform, external_id, customer_id, time-window). Cursor-based pagination. Optionalinclude_summary=truedecrypts the summary text per row (extra credit per row).GET /api/v1/incidents/:id— full incident detail. Server-encrypted fields decrypted server-side; BYOK fields returned as hybrid envelopes for client-side decryption with the customer’s RSA private key.GET /api/v1/incidents/overview— KPI snapshot over a time window (total, requires-review queue size, 24h/7d/30d totals, counts by category/severity/source/status, top 5 platforms).GET /api/v1/incidents/trends— time-bucketed counts with per-bucket severity breakdown. Buckets: hour, day (default), week.
listIncidents, getIncident, getIncidentsOverview, getIncidentTrends) and @tuteliq/mcp 3.15.4+ (the four matching tools render as interactive dashboard widgets in MCP hosts).
Updated — detect_grooming 50-turn ceiling
Multi-turn detect_grooming calls have a documented ceiling of ~50 turns per request. Earlier this month a regression dropped the effective ceiling below 20 turns (the output-token budget was clipping the JSON response mid-message_analysis array, causing a parse failure that surfaced as analysis_status: "engine_error"). Fixed via an adaptive output budget that scales with conversation length (base + N × per-turn, capped at the model’s safe output ceiling).
The graceful engine_error envelope still exists — beyond the ceiling, callers receive recommended_action: "flag_for_moderator" rather than a silent pass. For conversations beyond ~30 turns we recommend chunked sliding windows of 10–15 turns with continuation_token carrying trajectory state across calls. See Grooming detection for the tactic taxonomy and the long-conversation pattern.
Updated — meeting_request as a first-class grooming tactic
detect_grooming now returns meeting_request as a distinct flag (previously subsumed under boundary_pushing). Meeting attempts convert online risk into physical-safety risk and warrant a different operational response — most platforms route them directly to law-enforcement-aware workflows. The full six-tactic taxonomy is documented at Grooming detection.
New — Composable safety primitives
Documentedcross_endpoint_modifier and vulnerability_profile on detect_vulnerability_exploitation. Both fields have been returning real data for months but were undocumented — they let agents amplify sibling detectors’ verdicts when a target is identified as vulnerable, and route to vulnerability-dimension-specific intervention workflows. See Composable safety primitives for the worked TypeScript + Python examples.
Fixed — Account observability endpoints
/account/consent and /account/audit-logs now respond reliably for accounts with larger or filtered datasets. Both endpoints are part of the GDPR / SOC 2 observability surface and should be considered stable for compliance workflows.
Fixed — Response key consistency across usage and pricing endpoints
/usage/monthly, /usage/history, and /pricing/details now return snake_case keys consistent with the rest of the API. SDK consumers no longer need to alias field names; existing snake_case-aware code works directly.
v1.11.0 — May 2026
Updated — Credit costs
Per-endpoint credit costs for text-detection endpoints have been updated. See Pricing & Credits for the full table./analyse/multi now uses a 1 base + 1 per endpoint formula instead of summing per-endpoint costs (e.g. 3 endpoints = 4 credits, 7 endpoints = 8 credits). Server-side execution is parallel via Promise.allSettled, so the price reflects the actual wall-clock cost rather than the sum of individual calls.
v1.10.0 — May 2026
New — Prescreen lexicon for SDK-side filtering
Public endpointGET /v1/prescreen/lexicon returns Tuteliq’s curated set of high-precision phrase patterns mapped to category flags. SDKs fetch it on startup, cache by version, and run it client-side against content before making an API call. Two wins:
- Clearly-benign content never leaves the device (greetings, thanks, small talk → SDK skips the API call entirely)
- Positive matches are attached as structured hints on the request via the new
prescreen_flagsfield, giving the server a strong prior
Improved — Continuation tokens now feed conversation trajectory into the LLM
When acontinuation_token is supplied, the LLM now receives the derived conversation state (turn count, accumulated categories with max confidence, severity trajectory, last recommended action) as injected context for the new turn. Translation: the model considers escalation patterns across the whole conversation when scoring the new message — without us ever storing the conversation.
This closes the gap between v1.9 (token carries state across calls; response shows trajectory) and the full conversation-aware analysis that was previously only available by re-sending conversation_history on every call.
Same five endpoints: /safety/grooming, /safety/distress-signals, /safety/bullying, /safety/coercive-control, /safety/vulnerability-exploitation.
v1.9.0 — May 2026
New — Continuation tokens (privacy-first conversation memory)
Five safety endpoints now return a signed, opaquecontinuation_token in every response. Pass it back on the next call to get conversation-aware analysis without re-sending the conversation history and without Tuteliq ever storing it. The token IS the analysis state — you hold it, we hold the signature.
- Supported:
/safety/grooming,/safety/distress-signals,/safety/bullying,/safety/coercive-control,/safety/vulnerability-exploitation - What’s in the token: derived signals only — turn count, accumulated category confidences, severity trajectory, recommended actions
- What’s NOT in the token: raw text, PII, anything we couldn’t already return in the public API response
- Properties enforced by construction: per-key binding (cannot be replayed across customers), per-endpoint binding, tamper-evident HMAC, 24h default lifetime, bounded payload size
- New request fields:
continuation_token,reset_conversation,message_id - New response fields:
continuation_token,continuation_expires_at,state_source(token/fresh/reset) - See the new Continuation Tokens page for usage, errors, and best practices
/safety/grooming’s legacy session_id continues to work but is scheduled for deprecation — the continuation token is the privacy-first replacement.
Backwards compatible
- All existing requests work exactly as before. The new fields are optional.
- If you send a stale or scope-mismatched token, you get a structured
CONTINUATION_TOKEN_*error and can fall back to one call withconversation_historyto re-seed.
v1.8.0 — May 2026
Breaking — Endpoint renamed: emotional-distress → distress-signals
POST /v1/safety/emotional-distress is removed. The endpoint is now POST /v1/safety/distress-signals — request and response shapes are unchanged. Calls to the legacy path return HTTP 410 Gone with a JSON body pointing to the new endpoint.
Why: EU AI Act Article 5(1)(f) framing. The detector is and always was a content classifier — it identifies linguistic patterns in text that are historically associated with distress. The old name implied emotion recognition, which is prohibited in workplaces and educational institutions outside child-safety contexts. The rename, an updated prompt that explicitly disclaims emotion inference, and a published intended-use scope (safety component for child-safety; not for workplace or general-purpose education monitoring) keep the endpoint inside the Art 5(1)(f) safety exception.
Action required:
- Update integrations to call
POST /v1/safety/distress-signals - In
/analyse/multi, change endpoint IDemotional-distress→distress-signals - MCP tool renamed:
detect_emotional_distress→detect_distress_signals - Settings keys (
enabled_endpoints/disabled_endpoints) renamed accordingly
LONELINESS, FEELING_UNHEARD, OVERWHELM, etc.), exploitation-risk fields, and the 5-credit cost are unchanged.
Breaking — Removed: per-customer synthetic profile endpoint
GET /v1/safety/synthetic-content/profile/:customer_id is removed. The endpoint and the underlying per-customer aggregation have been deleted; stored aggregates have been purged from cache.
Why: EU AI Act Article 5(1)(c) social-scoring concern and GDPR data minimisation. A per-natural-person aggregated synthetic-content score retained across detections resembles social scoring when used across unrelated contexts. Removing both the endpoint and the storage closes the retrieval surface and the stored artefact.
Action required: If you were polling the profile endpoint, aggregate detection responses on your side instead. The per-call detection endpoints (/safety/synthetic-content, /image, /audio, /video) continue to return classifications unchanged.
v1.7.0 — May 2026
Emotional Distress Detection (Early Warning)
POST /v1/safety/emotional-distress— detects pre-vulnerability emotional distress signals before exploitation begins- Based on criminological research: emotional distress is both a consequence AND a driver of vulnerability to child sexual exploitation
- 12 distress signal categories: loneliness, feeling unheard, overwhelm, low self-worth, trust-seeking, withdrawal, family conflict, identity distress, academic pressure, sleep disturbance, appetite change, emotional numbing
- Exploitation risk assessment — returns per-type vulnerability scores for grooming, sextortion, trafficking, radicalisation, self-harm, and substance use
- Vulnerability level scoring — none, low, elevated, high, critical
- Key risk combinations: loneliness + trust-seeking = HIGH grooming risk; family conflict + withdrawal = HIGH trafficking risk; low self-worth + overwhelm = HIGH sextortion risk
- 5 credits per call
Tech-Facilitated Gender-Based Violence (TFGBV) Detection
POST /v1/safety/tfgbv— detects technology-facilitated gender-based violence, rooted in gender inequalities and power imbalances- 13 TFGBV categories: image-based abuse, cyber stalking, online harassment, doxing, impersonation, outing, post-separation abuse, sextortion, digital coercion, sexualised deepfakes, gendered hate speech, reproductive surveillance, economic abuse digital
- TFGBV amplifier assessment — identifies which technology amplifiers are active: scale, speed, anonymity, permanence, cross-border reach
- Intersectionality flags — identifies compounding discrimination factors (LGBTQIA+, disability, racial, etc.)
- Child-specific detection with heightened sensitivity for minors
- 5 credits per call
Multi-Endpoint Support
- Both new endpoints available in
/analyse/multi— use endpoint IDsemotional-distressandtfgbv - MCP tools:
detect_emotional_distressanddetect_tfgbv
v1.6.1 — April 2026
Credit Pricing Update
All per-endpoint credit costs have been revised to reflect processing complexity more accurately. See Pricing & Credits for the full breakdown. Text & Safety Detections: 5 credits per call (was 1)detectBullying,detectUnsafe,detectSocialEngineering,detectAppFraud,detectRomanceScam,detectMuleRecruitment,detectGamblingHarm,detectCoerciveControl,detectVulnerabilityExploitation,detectRadicalisation
detectGrooming,analyzeEmotions
getActionPlan: 9 credits (was 2)generateReport: 13 credits (was 3)
analyzeImage: 7 credits (was 3)analyzeVoice: 21 credits base + 15 per extra minute over 60s (was flat 5)analyzeVideo: 95 credits (was 10)- Voice stream (per flush): 7 credits (was 1)
- Video stream (per frame): 7 credits (was 3)
detectSyntheticContent: 5 credits (was 2)
verifyAge(full): 20 credits (was 5)verifyAge(liveness only): 10 credits (new)verifyIdentity: 25 credits (was 10)
analyzeDocument: minimum 10 credits (was 3)
Age & Identity Verification Improvements
- Liveness-only mode now charged at 10 credits (reduced from full verification cost)
- Passport number validation — passport document numbers are no longer incorrectly validated against national ID formats (e.g., Swedish personnummer)
- Vision AI OCR fallback — when Tesseract OCR fails, document fields (name, DOB, document number) are extracted via vision AI and the confidence score reflects the extraction quality
- i18n for camera overlay — all liveness challenge text (instructions, blink/smile prompts) now translates correctly when switching languages
v1.6.0 — April 2026
Multi-Signal Forensic Synthetic Content Detection
The synthetic content detection pipeline has been completely rebuilt into a multi-signal forensic system that runs up to 6 independent analysis engines in parallel for images and 5 for video — replacing the previous single-model approach. Image Detection — 6-Signal Pipeline:- EXIF Metadata Extraction — Detects AI generator signatures in EXIF tags, XMP data, and PNG tEXt chunks (Stable Diffusion parameters). Flags suspicious absence of camera metadata (no camera model + no GPS + high resolution).
- Pixel Statistics — Shannon entropy, Laplacian edge density, and channel uniformity analysis. GAN images produce distinctive statistical signatures.
- C2PA Content Credentials — Detects and validates C2PA manifests from DALL-E 3, Adobe Firefly, Google Imagen. When C2PA declares AI generation, the result is forced to
confirmed_syntheticwith confidence ≥ 0.95. - Invisible Watermark Detection — High-frequency energy analysis, periodic pattern detection at known watermark frequencies, LSB distribution analysis, and corner entropy checks.
- Perceptual Hashing (pHash) — DCT-based 64-bit perceptual hash compared against a Redis-backed database of known synthetic content via Hamming distance. Matches force
confirmed_synthetic. - Weighted Signal Aggregation — All signals aggregated into a weighted ensemble (vision 30%, metadata 15%, pixel stats 15%, C2PA 15%, watermarks 10%, pHash 15%) with fault isolation via
Promise.allSettled.
- Mel Spectrogram Analysis — FFmpeg generates a mel spectrogram image, analyzed by a dedicated vision prompt for frequency band uniformity, harmonic anomalies, missing breath noise, onset/offset patterns, and aliasing artifacts.
- Quantitative Audio Statistics — RMS mean/peak, dynamic range, silence ratio, flat factor, and DC offset extracted via FFmpeg
astatsfilter. - Spectral analysis runs in parallel with transcription. Even speech-free audio can be flagged if spectral patterns indicate synthesis.
- Temporal Consistency Analysis — face-api.js tracks face identity across frames via 128-dimensional descriptor Euclidean distance. Real faces: < 0.4, deepfakes: spikes > 0.6. Landmark stability measured via eye-to-nose ratio variance.
- Lip-Sync Correlation — Mouth openness from 68-point face landmarks correlated against frame-aligned audio energy. Pearson correlation > 0.5 = authentic, < 0.3 = deepfake. Detects silent mouth movement and voice-without-movement.
- All 5 video analysis tracks (per-frame vision, temporal consistency, lip-sync, spectral, transcription) run via fault-isolated
Promise.allSettled.
GET /v1/safety/synthetic-content/profile/:customer_id— 30-day rolling window with synthetic count, account score, trend detection (increasing/stable/decreasing), and category distribution.- Automatic, zero-cost profiling when
customer_idis provided on any detection request.
- Image:
metadata_analysis,provenance,forensic_signals,perceptual_hash,known_synthetic_match - Audio:
audio_stats,spectral_signals - Video:
temporal_consistency,lip_sync,audio_stats,spectral_signals
Age & Identity Verification Improvements
- ICAO 9303 MRZ Validator — Full check digit validation for TD1 (ID cards, 3×30), TD2 (ID cards, 2×36), and TD3 (passports, 2×44) Machine Readable Zones with weighted mod-7 algorithm
- PDF417 Barcode Reader — Decodes AAMVA-structured data from US/Canadian driver’s licenses via
zxing-wasm— extracts name, DOB, expiry, document number, address, and more - 45-Country Document Number Validator — Algorithmic check digit verification for CPF (Brazil), personnummer (Sweden), Aadhaar (India), Codice Fiscale (Italy), CURP (Mexico), SSN (US), SIN (Canada), TFN (Australia), and 37 more country-specific document formats
- Visual Liveness Analyzer — Multi-signal liveness detection: landmark motion analysis, texture analysis (Laplacian variance + moire detection), depth cue analysis (face/background sharpness ratio), and cross-frame consistency checks
- AI-Powered Document Authenticator — Vision model analyzes document layout, security features, fonts, color consistency, and photo integration against known templates. Detects screen photos, printout recaptures, and digital manipulation.
- MRZ/OCR/Barcode Cross-Referencing — Compares name, DOB, and document number between MRZ, OCR text, barcode data, front and back sides, flagging any inconsistency as potential tampering
v1.5.0 — March 2026
Document Analysis
POST /v1/safety/document— Upload a PDF (max 50 MB, 100 pages) for multi-endpoint safety analysis with per-page detection results- Supports 8 detection endpoints:
unsafe,bullying,grooming,social-engineering,coercive-control,radicalisation,romance-scam,mule-recruitment - SHA-256 document hashing for chain-of-custody verification in compliance audits
- Zero-retention processing — no document data stored after response
- Bounded concurrency (3 pages at a time) with text chunking for long pages
Dynamic Credit Pricing for Documents
- Document analysis uses per-page, per-endpoint pricing:
max(10, pages_analyzed × endpoint_count)(minimum updated in v1.6.1) - Each page-endpoint combination costs 1 credit
- Minimum charge of 10 credits covers extraction overhead
- Examples: 5 pages × 3 endpoints = 15 credits; 20 pages × 8 endpoints = 160 credits
Model Refinements
- TCO Regulation classification — Radicalisation responses now include EU Regulation 2021/784 Art. 2(7) content classification
- Self-harm CONTAGION sub-category — Detects suicide pacts, method sharing, cluster effects, and gateway escalation
- PII/Doxxing detection — New PII_DOXXING category for doxxing threats and digital footprint weaponisation
- Legacy response normalization — Bullying, grooming, and unsafe endpoints now include a
normalizedblock with a unified response shape matching newer endpoints
v1.4.4 — March 2026
New Features
countrycontext field — Pass an ISO 3166-1 alpha-2 country code (e.g.,"GB","US","SE") in thecontextobject to receive geo-localised crisis helpline data in detection responses. Falls back to user profile country if omitted.- Improved action escalation for minors — All detection endpoints now enforce a minimum
flag_for_reviewaction when harm is detected and the subject is a minor. Criminal indicators (SEXTORTION, TRAFFICKING, CSAM, DEBT_BONDAGE, FORCED_CRIMINALITY, HONOUR_ESCALATION) targeting minors automatically escalate toimmediate_intervention. - Graduated risk scoring — Risk scores now use the full 0.0–1.0 range with graduated bands instead of clustering around a single value.
- Evidence tactic normalization — Evidence tactic fields are now always returned in SCREAMING_SNAKE_CASE format (e.g.,
"EMOTIONAL_MANIPULATION"instead of"Emotional Manipulation").
SDK Releases
@tuteliq/sdkv2.5.0 — addscountrycontext field, graduated risk scoring, tactic normalization@tuteliq/mcpv3.7.0 — addscountrycontext field, minor action escalation, tactic normalization
v1.4.3 — March 2026
Bug Fixes & Improvements
support_thresholdnow works correctly across all 11 detection endpoints — setting"critical"correctly suppresses crisis helplines for High severity results. Previously the parameter was accepted without error but had no effect on the response.sender_trust: "verified"fully suppressesAUTH_IMPERSONATION— verified senders no longer trigger impersonation detection. Routine urgency (schedules, deadlines, appointments) is also suppressed. Only genuinely malicious elements (credential theft, phishing links, financial demands) will flag a verified sender.- Empty
categoriesfield indetect_unsafefixed — stronger prompt enforcement and code-level fallback extraction ensure the categories array is populated when the rationale references specific harms. - MCP session recovery — stale MCP sessions (after Cloud Run deployment or instance recycling) now recover transparently without requiring the client to reconnect.
Documentation
- Added
support_thresholdbehaviour reference to API docs, Node SDK, and MCP README - Added
sender_trusteffect on scoring to all documentation - Added
analyse_multiaccepted endpoint values to MCP README and API docs - Added complete context field reference across all packages
SDK Releases
@tuteliq/sdkv2.4.0 — addsconfidencetoAnalyzeResult, optionalrisk_leveltoUnsafeResult@tuteliq/mcpv3.5.0 — wiressupport_thresholdthrough all detection MCP tools, shows confidence and support in analyze tool
v1.4.2 — March 2026
Full EU Language Coverage
- Added 13 new languages: Romanian (
ro), Greek (el), Czech (cs), Hungarian (hu), Bulgarian (bg), Croatian (hr), Slovak (sk), Lithuanian (lt), Latvian (lv), Estonian (et), Slovenian (sl), Maltese (mt), Irish (ga) - Tuteliq now supports 27 languages — all 24 EU official languages + Ukrainian, Norwegian, and Turkish
- Enhanced all language entries with grooming indicators, self-harm coded vocabulary, filter evasion techniques, and youth slang coverage
- All new languages are in Beta status
v1.4.1 — March 2026
Language Support Expansion
- Added 4 new languages: Dutch (
nl), Polish (pl), Italian (it), Turkish (tr) - Tuteliq now supports 14 languages with auto-detection and culture-aware analysis
- Each language includes culturally-specific safety guidelines, slur databases, and prompt calibration
- All new languages are in Beta status
v1.4.0 — March 2026
Age Verification (Beta)
POST /v1/verification/age— verify user age through document analysis and biometric age estimation- Supports government-issued ID documents (passport, driving licence, national ID)
- Biometric age estimation from selfie photo
- Returns
verified,estimated_age,age_range,confidence, anddocument_type - 20 credits per verification (updated in v1.6.1)
- Available on Pro tier and above
Identity Verification (Beta)
POST /v1/verification/identity— confirm user identity with document verification and liveness detection- Document authenticity checks (MRZ validation, hologram detection, tamper analysis)
- Liveness detection to prevent spoofing (photo-of-photo, screen replay, mask attacks)
- Face matching between document photo and selfie
- Returns
verified,match_score,liveness_passed,document_authenticated, andflags - 25 credits per verification (updated in v1.6.1)
- Available on Business tier and above
Tier Access
- Age Verification requires Pro tier ($99/mo) or above
- Identity Verification requires Business tier ($349/mo) or above
- Both features are in Beta — endpoints and response schemas may evolve
v1.3.0 — February 2026
Fraud Detection Endpoints
POST /v1/fraud/social-engineering— detect social engineering tactics: pretexting, impersonation, urgency manipulation, authority exploitationPOST /v1/fraud/app-fraud— identify fraudulent app promotion, fake reviews, malicious download links, and clone app distributionPOST /v1/fraud/romance-scam— detect romance scam patterns: love-bombing, financial requests, identity fabrication, isolation tacticsPOST /v1/fraud/mule-recruitment— flag money mule recruitment: easy money offers, account sharing requests, laundering language
Safety Extended Endpoints
POST /v1/safety/gambling-harm— detect gambling harm: underage gambling promotion, addiction patterns, predatory odds, bet pressurePOST /v1/safety/coercive-control— identify coercive control: isolation tactics, financial control, monitoring/surveillance, threat patternsPOST /v1/safety/vulnerability-exploitation— detect exploitation of vulnerable individuals with cross-endpoint vulnerability modifier and vulnerability profile scoringPOST /v1/safety/radicalisation— flag radicalisation indicators: extremist rhetoric, us-vs-them framing, recruitment patterns, dehumanisation
Multi-Endpoint Analysis
POST /v1/analyse/multi— fan-out a single text to up to 10 detection endpoints in parallel- Automatic vulnerability modifier: when
vulnerability-exploitationis included, its cross-endpoint modifier adjusts severity scores across all other results - Aggregated response with
summary.highest_severity,summary.total_credits_used, and per-endpoint breakdown - Supports both legacy (bullying, grooming, unsafe) and new detection endpoints
SDK & Tool Support
- All new endpoints available across all SDKs: Node.js, Python, Swift, Kotlin, Flutter, React Native, .NET, Unity
- CLI — new
detect social-engineering,detect app-fraud,detect romance-scam,detect mule-recruitment,detect gambling-harm,detect coercive-control,detect vulnerability-exploitation,detect radicalisation, anddetect multicommands - MCP Server — 10 new tools for fraud, extended safety, multi-endpoint analysis, and video analysis
Tier Access
- New endpoints require Indie tier or above (Starter tier retains access to bullying, grooming, and unsafe only)
- All new endpoints cost 5 credits per call (updated in v1.6.1); multi-endpoint costs the sum of individual endpoints
v1.2.0 — February 2026
Video Analysis
POST /v1/safety/video— upload a video file (mp4, webm, quicktime, avi — max 100MB, 10 min) and receive per-frame vision analysis with flagged timestamps- Frame extraction powered by ffmpeg with configurable
max_frames(default 10, max 20) - Aggregated
overall_risk_scoreandoverall_severityacross all frames - Automatic incident recording and webhook alerts for flagged videos
- 95 credits per video analysis (updated in v1.6.1)
Video Streaming
- WebSocket voice streaming now supports video frames alongside audio
- Send video frames as binary with a
0x01prefix byte; audio uses0x00or no prefix (backward compatible) - New
frame_analysisserver event with per-frame vision results - New config options:
enable_video,frame_interval_seconds(min 3s, default 5s) session_summaryevent now includesvideo_frames_analyzedcount- 7 credits per video frame analysis (updated in v1.6.1)
Voice Streaming Enhancements
- Updated authentication:
?api_key=query param orAuthorization: Bearerheader - Tier-based connection limits (1 for Starter, up to unlimited for Enterprise)
- Subscription-aware credit tracking per flush
- Heartbeat ping/pong every 30 seconds for stale connection detection
v1.1.0 — February 2026
Multilingual Support
- 27 languages supported — English (stable), all 24 EU official languages + Ukrainian, Norwegian, Turkish (beta)
- Layered auto-detection — Trigram analysis (franc) confirmed by LLM-based detection for maximum reliability
- Culture-aware analysis — Language-specific guidelines for local slang, idioms, and harmful terms injected into classification prompts
- All safety endpoints now return
language,language_status, anddetected_languagefields in responses - No explicit
languageparameter required — detection is fully automatic
v1.0.0 — February 2026
Initial public release of the Tuteliq API.Safety Endpoints
POST /v1/safety/unsafe— detect harmful content across all nine KOSA categoriesPOST /v1/safety/bullying— dedicated bullying and harassment detectionPOST /v1/safety/grooming— conversation-level grooming pattern analysisPOST /v1/safety/voice— audio file transcription and safety analysisPOST /v1/safety/image— image analysis for visual content risks
Analysis & Guidance Endpoints
POST /v1/analysis/emotions— emotional well-being analysis from text and conversationsPOST /v1/guidance/action-plan— age-appropriate guidance and intervention recommendationsPOST /v1/reports/incident— structured safety report generation
Voice Streaming
WSS /v1/safety/voice/stream— real-time voice moderation via WebSocket with configurable severity thresholds
Webhooks
POST /v1/webhooks— register webhook endpoints for safety alerts and batch events- HMAC-SHA256 signature verification on all webhook deliveries
- Automatic retry with exponential backoff (3 attempts)
GDPR Compliance
DELETE /v1/account/data— right to erasure (Article 17)GET /v1/account/data/export— right to data portability (Article 20)PATCH /v1/account/data— right to rectification (Article 16)- Consent management endpoints for granular data processing consent
- Public transparency endpoints: DPA, sub-processors, retention policy
SDKs & Tools
- Node.js SDK —
@tuteliq/sdkon npm - Python SDK —
tuteliqon PyPI - Swift SDK — via Swift Package Manager
- Kotlin SDK — via Maven Central
- Flutter SDK —
tuteliqon pub.dev - React Native SDK —
@tuteliq/react-nativeon npm - .NET SDK —
Tuteliqon NuGet - Unity SDK — via Unity Package Manager
- CLI —
@tuteliq/clion npm / Homebrew - MCP Server —
@tuteliq/mcpon npm
Platform
- Credit-based billing with per-endpoint pricing
- Tier-based rate limiting (Free, Basic, Premium, Enterprise)
- API key authentication via Bearer token or
x-api-keyheader - Full KOSA harm category coverage with age-calibrated severity scoring