Everything your agents build
ships with proof.
Logs show what agents did. RootBlocks proves what they were authorized to do.
RootBlocks is the governed rail your coding agents run on. Every merge ships with a signed receipt of the human approval that governed it. Your code stays home. Only receipts travel.
Attribution for Claude Code, Cursor and Copilot, on GitHub. GitLab and Bitbucket on the roadmap.
AI already writes the code.
Nobody can prove who authorized it.
Public repos, a fintech's merged PRs, the frontier lab's own codebase. Different scopes, one direction.
So teams put a human bottleneck in front of every merge, and give back the speed they bought the agents for. Until the questionnaire, the audit, or the incident asks: who authorized this?
ISO 42001 Clause 8 asks for operational control over your AI systems, and the AI section is now standard in enterprise security questionnaires. The evidence has to come from somewhere. That evidence is the product.
Four levels of proof.
One verifiable asset.
Every governed change comes out of the rail with a seal. The more of the rail you adopt, the more of the seal fills in.
A governed run is one agent execution on the rail: an isolated worktree, your policy scope, your gates enforced, and a signed receipt out.
Observe
Your AI exposure, inventoried. Percent agent-authored and the review gap your auditor will ask about, derived from the merges you already make, and signed. The receipt comes out observed.
Prove
The run itself happened on the rail: isolated worktree, policy scope, your gates enforced. An attestation of execution, not a claim. The receipt comes out proven.
Buildtrace
The change links back to a ratified human decision. Not just that the agent ran, but that it built what you decided. The receipt comes out traced.
Enforce
The rail is a required check. Nothing merges without a conforming receipt. The receipt comes out enforced: the seal completes.
Every seal is a signed receipt in an append-only ledger, verifiable offline, by anyone, with the public key. evidence.v1 · ed25519 →
The more of the rail you adopt, the stronger your seal.
And that is the whole pricing.
One console.
The whole rail.
Web or desktop, every plan opens the same console. Your plan unlocks levels, and locked levels stay visible, so you always see the next step. The rail decides what runs next to your code: the scan, the daemon, the gate.

In-flight: a live governed run in the desktop console.
The console is a desktop app (macOS today; Windows and Linux next). It runs next to your files and your local daemon, offline-first.
Run one scan.
Nothing changes.
rootblocks scan reads the git and PR metadata you already have, inside your own infra, and derives a signed receipt for every merge: who, which PR, which agent, reviewed or not.
- Percent agent-authored and the review gap, across every repo.
- A signed exposure report for the AI section of the security questionnaire.
- Read-only. Runs in your infra. Your code never leaves.
Concept preview. Observe: the agent-authorship inventory and the review gap, derived from your git history.
Drop in the daemon,
next to your agents.
Let your agents run, behind your gates, with proof. You already have autonomy without governance. Keep the autonomy. Add the proof.
- Every run in an isolated worktree, policy-scoped, with your gates enforced at run time.
- Your code never leaves your infra. Only the signed receipt travels.
- Every run comes out proven: an attestation, not a claim.
The rail does not promise the code is good. It proves nothing merged without passing your gates. Governed runs use Claude Code today; Cursor and Copilot adapters are on the roadmap.
Concept preview. Prove: a task executed through the daemon, proven.
Open the console.
Command the fleet.
Everything your daemon runs, in one cockpit: dispatch coders, watch live streams, and keep the decision log that upgrades receipts from proven to traced.
- Dispatch and live streams, several runs in parallel. Today.
- In-flight fleet across repos today. Run graph, plans and pipelines rolling out with design partners.
- Context workspace and decision log (DEC): execution traced back to ratified decisions.
Concept preview. Operate: the console cockpit; dispatch, live streams, the fleet.
No merge without
a receipt.
The rail becomes a required check on the PR. The seal completes. Every change ships enforced, with the full trace behind it.
- Enforcement gate: a conforming receipt required to merge.
- Retention, legal hold, RBAC, dedicated verification.
- ISO 42001 and SOC 2 mapping, on-prem and sovereign, SSO.
Co-built with our first enterprise design partners in the 2026 program.
Concept preview. Enforce: the ledger, the decision link, and the merge gate.
Did we build what we decided?
RootBlocks links execution back to intent: proof that the agent built the right thing, not just that it ran.
Every link present. Provably tied to a human decision.
Decisions become anchors
A ratified decision, or a derived PR approval, is what execution traces back to. With no decision layer you can prove an agent ran, never that it built what the business wanted.
The only trail that answers who authorized this
The seven links above, linked and signed. A forge or an agent vendor cannot produce it: they do not have your decision context.
Optional, not required
Land with zero ceremony: we derive decisions from the PRs you already approve. Go deeper only when you want a stronger trail. The decision log ships with Buildtrace.
The methodology behind the trace is SliceOps, the open framework for decision-governed, agent-built software.
Explore the framework at sliceops.org →Tech specs
Three planes, one rail. The engine runs where your code lives. Only signed metadata reaches the control plane.
Scales with your agents,
not your headcount.
Billed by governed run, never per seat. These are launch prices. Reserve them as a design partner.
- Exposure report, review gap, unlimited derived receipts.
- Export a signed evidence pack when you need one.
- Read-only. Runs in your infra.
- Everything in Observe
- Self-hosted daemon (rootblocks run)
- Isolated worktrees, policy, gates
- Proven receipts, code stays home
- Unlimited developers, pay for runs not people
- Everything in Prove
- The console cockpit: dispatch and live streams
- In-flight fleet (run graph, plans and pipelines rolling out)
- Context workspace and decision log: traced
- Desktop console, SSO on the roadmap
- Everything in Buildtrace, at volume run pricing
- Enforcement gate: no merge without a receipt
- Retention, legal hold, RBAC
- ISO 42001 and SOC 2 mapping, on-prem and sovereign
- Dedicated verification
Need retention on the free tier? Audit-ready packs are on the roadmap, priced with design partners.
What would your team pay per month?
The full cockpit and traced receipts cost this much more than Prove at your volume: $318/mo.
A governed run is one agent execution routed through the daemon. Failed runs count: they produce evidence too. These are launch prices; we will calibrate them with our first design partners.
Think · Build · Audit
See what each plan unlocks.
| Feature | Observe | Prove | Buildtrace | Enforce |
|---|---|---|---|---|
| Think - context and decisions | ||||
| Exposure and review-gap report | Included✓ | Included✓ | Included✓ | Included✓ |
| Decision log (derived from PR approvals) | Included✓ | Included✓ | Included✓ | Included✓ |
| Context workspace, product and architecture map | Not included· | Not included· | Included✓ | Included✓ |
| Explicit decision log (DEC): full trace | Not included· | Not included· | Included✓ | Included✓ |
| Build - governed execution | ||||
| Governed runs via CLI (rootblocks run) | Not included· | Included✓ | Included✓ | Included✓ |
| Isolated worktrees, policy scope, gates | Not included· | Included✓ | Included✓ | Included✓ |
| Console cockpit: dispatch and live streams | Not included· | Not included· | Included✓ | Included✓ |
| In-flight fleet (run graph, plans, pipelines) | Not included· | Not included· | Included✓ | Included✓ |
| Vendor-neutral attribution (Claude Code, Cursor, Copilot) | Included✓ | Included✓ | Included✓ | Included✓ |
| Governed runs: Claude Code today, Cursor and Copilot on the roadmap | Not included· | Claude Code | Claude Code | Claude Code |
| Audit - evidence and enforcement | ||||
| Signed receipts: observed | Included✓ | Included✓ | Included✓ | Included✓ |
| Signed receipts: proven | Not included· | Included✓ | Included✓ | Included✓ |
| Signed receipts: traced to a decision | Not included· | Not included· | Included✓ | Included✓ |
| Append-only ledger, verify offline | Included✓ | Included✓ | Included✓ | Included✓ |
| Export packs: ISO 42001 / SOC 2 / questionnaires | $/pack | Included✓ | Included✓ | Included✓ |
| Enforcement gate: no merge without a receipt | Not included· | Not included· | Not included· | Included✓ |
| Retention policy, legal hold | Not included· | Not included· | Not included· | Included✓ |
| Platform and security | ||||
| Code never leaves your infra | Included✓ | Included✓ | Included✓ | Included✓ |
| Self-hosted daemon, desktop console | Not included· | daemon | Included✓ | Included✓ |
| SSO / SAML, RBAC roles | Not included· | Not included· | SSO | Included✓ |
| On-prem / air-gapped, dedicated verification | Not included· | Not included· | Not included· | Included✓ |
| Support | Community | Priority | Dedicated | |
Everything your agents build
ships with proof.
Get early access, or book a call. We are onboarding a small number of design partners before launch.
Code stays home · receipts travel · never per seat.