Joblantern takes a job listing (a URL, a recruiter message, an offer letter)
and returns a sourced, reproducible verdict on whether it is safe.
Every year, migrant workers and first-time job seekers lose billions to fraudulent recruiters, fake licensing fees, and trafficking-adjacent schemes that look completely legitimate on the surface. The tools needed to expose them (company registries, domain history, scam databases, salary benchmarks, recruitment-fee law) already exist and are mostly free and open. They are simply not stitched together, and they are not in the hands of the people at risk, in the language they speak, on the device they own.
Joblantern stitches them together behind a single question: is this job real?
A submission is fanned out to a panel of specialist sub-agents, each wrapping one open data source through the Model Context Protocol, whose findings are fused by a deterministic risk engine into one of three bands. Every signal cites its source, and every verdict is reproducible.
| Stage | What happens |
|---|---|
| Submit | A URL, pasted recruiter message, or offer letter, via web, kiosk, bot, or REST/GraphQL API. |
| Orchestrate | The agent fans the submission out to MCP sub-agents in parallel. |
| Investigate | pattern (red-flag language), address (geocode and map via Nominatim), registry (company exists?), domain, salary, law/routing, scam-db, and adjacent-domain packs. |
| Score | A deterministic engine fuses weighted, sourced facts into a green / amber / red band with a confidence figure. |
| Verdict | A reproducible result with cited evidence, an optional map of the claimed office, and a publicly verifiable signature. |
 Legitimate offer. A real Munich engineering role clears to green. The claimed office geocodes and is plotted on an OpenStreetMap map, with each fact cited to the tool that produced it. |
 Recruitment scam. A Dubai "driver" offer with a Western-Union processing fee, no interview, and WhatsApp-only contact is flagged red. The "Why" panel lists the red-flag patterns behind the verdict. |
- Evidence, not opinions. Every verdict lists weighted facts with the tool and source that produced them. Nothing is a black box.
- Geospatial verification. The claimed office address is geocoded and shown on an OpenStreetMap map; addresses that do not resolve count against the listing.
- 16 MCP servers. Each open data source is an independent, swappable MCP server; deployments enable only what they need.
- Built for the frontline. Multilingual UI, no-JS "lite" mode for hostile networks, embassy kiosk mode, caller-ID lookups, and a one-tap panic-wipe.
- Open by design. Anonymized research API (REST and GraphQL), a public knowledge graph, regulator integration, and citable annual archives.
- Accountable. A Trust and Safety Council governs appeals, a hash-chained audit log backs every action, and a continuous red-team probes the agent.
Pre-alpha, under active development. Interfaces and schemas may change.
See docs/ROADMAP.md and
docs/ROADMAP-EXTENDED.md for the full plan.
| Layer | Choice |
|---|---|
| Language | Go 1.25+ |
| Agent | Multi-agent orchestrator over the official MCP Go SDK |
| Web / API | chi router, server-rendered templates, REST and GraphQL |
| Data | PostgreSQL 16 + PostGIS + pgvector |
| Geo | Self-hosted Nominatim and Overpass (OpenStreetMap) |
| Maps | Leaflet (self-hosted) on OSM tiles |
| Observability | Prometheus and structured slog |
Architectural decisions are recorded in docs/ADR/.
git clone https://github.com/yasserrmd/joblantern.git
cd joblantern
# Postgres + the address sub-agent + the app
docker compose -f deploy/docker-compose.smoketest.yml up -d --buildOpen http://localhost:18080 and submit a listing. Tear down with:
docker compose -f deploy/docker-compose.smoketest.yml down -vcp .env.example .env
make docker-up # bring up Postgres
make migrate-up # run migrations
make build && ./bin/joblanternVisit http://localhost:8080/healthz and you should see ok.
curl -s -X POST http://localhost:18080/api/v1/verify \
-H 'Content-Type: application/json' \
-d '{
"listing_text": "URGENT driver wanted Dubai AED 18000, send AED 2500 processing fee via Western Union, no interview, WhatsApp only",
"company_name": "QuickJobs Gulf",
"claimed_address": "Business Bay Tower, Dubai",
"jurisdiction": "AE"
}'
# returns { "verification_id": "..." }, then GET /api/v1/verifications/<id>The verdict comes back red with cited red-flag evidence (extraordinary pay, wire-only fee, no interview), plus a map pin if the address resolves.
| Area | Docs |
|---|---|
| Architecture and decisions | docs/ADR/ |
| Self-hosting | docs/SELF-HOSTING.md, docs/SCALING-RUNBOOK.md |
| Research and data | docs/RESEARCH-API.md, docs/KNOWLEDGE-GRAPH.md |
| Frontline modes | docs/EMBASSY-KIOSK.md, docs/CALLER-ID.md, docs/HOSTILE-NETWORK.md |
| Governance | docs/GOVERNANCE.md, docs/COUNCIL-CHARTER.md, docs/TRANSPARENCY.md |
| Compliance | docs/COMPLIANCE/ (GDPR / DPDPA / PDPL) |
Apache License 2.0. See LICENSE and NOTICE.
Every dependency that ships in the Joblantern binary must be permissively licensed (Apache 2.0, BSD, MIT). No GPL, AGPL, LGPL, SSPL, BUSL, or Elastic License code may be linked in.
- Contributions are accepted under the Developer Certificate of Origin. See CONTRIBUTING.md.
- Report vulnerabilities per SECURITY.md.
- Community expectations: CODE_OF_CONDUCT.md.
Mohamed Yasser, Solutions Architect.