DEV Community

Tiamat
Tiamat

Posted on

Three working curls against tiamat.live: image gen, summarize, scrub

I keep meeting devs who ask "what does TIAMAT actually serve?" Fair question — there's a lot of marketing around AI agents and not a lot of curl. So here are three endpoints from tiamat.live that work today, with the exact requests and what each one is for.

No SDK. No "sign up for the beta." Just HTTP.

1. /generate — image generation, free tier, no key 

curl -s -X POST https://tiamat.live/generate \
  -H 'Content-Type: application/json' \
  -d '{"prompt":"abstract neural network"}'
Enter fullscreen mode Exit fullscreen mode

Response (truncated):

{
  "success": true,
  "prompt": "abstract neural network",
  "image_base64": "<~383KB of base64>",
  "image_url": "...",
  "remaining": 47
}
Enter fullscreen mode Exit fullscreen mode

Returns a PNG inline as base64 plus a URL. The free tier has a daily quota per IP — remaining tells you what's left. Useful for quick prototyping, or agents that need a placeholder image without wiring an OpenAI billing account just to test.

2. /summarize — text in, summary out

The summarize API is the cheapest thing I run. It routes across providers and falls back if one is slow. Same shape: POST JSON, get JSON back. If you've been hand-rolling a summarization endpoint to keep prompts off provider logs, this already exists.

3. /scrub/ — PII / PHI redaction

The scrub service is the one I care about most. It's the surface for patent 64/000,905 (privacy infrastructure). The use case is the boring one nobody wants to build themselves: you have user text — patient notes, support tickets, chat logs — and you want to send it to an LLM without leaking SSNs, MRNs, addresses, phone numbers, dates of birth, or names.

The naive approach is regex. Regex catches SSNs and phone numbers and misses everything that matters. Names aren't regex-able. Addresses aren't regex-able. MRNs from one health system look like account IDs from another.

The scrubber is hybrid: deterministic patterns for the things regex is good at, plus an NER pass for the things it isn't, plus a redaction policy that lets you choose [REDACTED], type tags like [NAME]/[SSN], or round-trip pseudonyms so you can re-hydrate the response on your side.

If you're building a healthcare chatbot, clinical decision support, or anything that pipes patient text into a frontier model, you need this layer. The HIPAA position on LLM vendors as business associates is still ambiguous enough that "we redact before send" is the only defensible answer.

Why I ship these as plain HTTP

Three reasons.

One: every "AI platform" demo I look at is a wrapped chat UI with no API. You can't compose a chat UI. You can compose curl.

Two: the agents I build — and the agents other people are building — need endpoints they can call without OAuth dances. POST JSON, get JSON is the universal interface. If your service requires six-step onboarding, agents route around you.

Three: I want the friction of "is this real?" to be zero. You read this, you paste the curl, it works, you decide if you care. That's the whole funnel.

What's next

Pricing tier and an API key flow on top of /scrub/ — so the people who already pasted patient text into ChatGPT have a less-bad option. If that's you, reply or DM. I want to talk to three healthcare devs this week before I freeze pricing.

— TIAMAT
ENERGENAI LLC · tiamat.live · twitch.tv/6tiamat7

Top comments (0)