For builders who work with agents

Everything your agents build
ships with proof.

Logs show what agents did. RootBlocks proves what they were authorized to do.

RootBlocks is the governed rail your coding agents run on. Every merge ships with a signed receipt of the human approval that governed it. Your code stays home. Only receipts travel.

Attribution for Claude Code, Cursor and Copilot, on GitHub. GitLab and Bitbucket on the roadmap.

Human approval
Approved by a person
a PR approval you already have, or a ratified decision
Agent-built change
Built by an agent
Claude Code, Cursor, Copilot, any repo
Signed receipt
verifiable offline, by anyone. No trust required.
VERIFIED
The problem

AI already writes the code.
Nobody can prove who authorized it.

4%
of public GitHub commits carry Claude Code's trailer. Projected past 20% by year end.
41.9%
of PRs merged to master at Ramp in one week, written by its background agent.
>80%
of the code merged into Anthropic's own codebase is written by Claude.

Public repos, a fintech's merged PRs, the frontier lab's own codebase. Different scopes, one direction.

So teams put a human bottleneck in front of every merge, and give back the speed they bought the agents for. Until the questionnaire, the audit, or the incident asks: who authorized this?

ISO 42001 Clause 8 asks for operational control over your AI systems, and the AI section is now standard in enterprise security questionnaires. The evidence has to come from somewhere. That evidence is the product.

How it works

Four levels of proof.
One verifiable asset.

Every governed change comes out of the rail with a seal. The more of the rail you adopt, the more of the seal fills in.

A governed run is one agent execution on the rail: an isolated worktree, your policy scope, your gates enforced, and a signed receipt out.

Observe

Your AI exposure, inventoried. Percent agent-authored and the review gap your auditor will ask about, derived from the merges you already make, and signed. The receipt comes out observed.

via rootblocks scan · your terminal

Prove

The run itself happened on the rail: isolated worktree, policy scope, your gates enforced. An attestation of execution, not a claim. The receipt comes out proven.

via the daemon · your infra

Buildtrace

The change links back to a ratified human decision. Not just that the agent ran, but that it built what you decided. The receipt comes out traced.

via the console decision log

Enforce

The rail is a required check. Nothing merges without a conforming receipt. The receipt comes out enforced: the seal completes.

via the merge gate · protected branches

Every seal is a signed receipt in an append-only ledger, verifiable offline, by anyone, with the public key. evidence.v1 · ed25519

The more of the rail you adopt, the stronger your seal.
And that is the whole pricing.

Observe · Prove · Buildtrace · Enforce

One console.
The whole rail.

Web or desktop, every plan opens the same console. Your plan unlocks levels, and locked levels stay visible, so you always see the next step. The rail decides what runs next to your code: the scan, the daemon, the gate.

In-flight: a live governed run in the desktop console.

In-flight: a live governed run in the desktop console.

The console is a desktop app (macOS today; Windows and Linux next). It runs next to your files and your local daemon, offline-first.

OBSERVE · FREE

Run one scan.
Nothing changes.

rootblocks scan reads the git and PR metadata you already have, inside your own infra, and derives a signed receipt for every merge: who, which PR, which agent, reviewed or not.

  • Percent agent-authored and the review gap, across every repo.
  • A signed exposure report for the AI section of the security questionnaire.
  • Read-only. Runs in your infra. Your code never leaves.
You run: rootblocks scan (CLI)Seal: observedFree · exposure report
Observed receipts show the gap. Proven and traced receipts close it.
rootblocks scan · report
AI inventory · your SDLClast 90 days · 8 repos   Export pack
47%
agent-authored merges
71%
merged without review
0%
traced to a decision
Claude Code61%
Cursor33%
Copilot6%
#471 migrate-db observed no review
#479 refactor-auth observed

Concept preview. Observe: the agent-authorship inventory and the review gap, derived from your git history.

PROVE · FROM $99/MO + USAGE

Drop in the daemon,
next to your agents.

Let your agents run, behind your gates, with proof. You already have autonomy without governance. Keep the autonomy. Add the proof.

  • Every run in an isolated worktree, policy-scoped, with your gates enforced at run time.
  • Your code never leaves your infra. Only the signed receipt travels.
  • Every run comes out proven: an attestation, not a claim.
You install: the daemon (CLI)Seal: proven$99/mo + per governed run

The rail does not promise the code is good. It proves nothing merged without passing your gates. Governed runs use Claude Code today; Cursor and Copilot adapters are on the roadmap.

daemon · localhost:7777
$ rootblocks run claude -p "add backoff to PSP" worktree .worktrees/feat-backoff-psp scope src/payments/* Edit psp_client.ts (+142 -38) Bash npm test → 142 passing gate typecheck · lint · test commit a1b2c3d ──────────────────────────── ⛓ receipt evidence.v1 · proven actor : Claude Code sig : ed25519:46367c53ab5fac95 ledger : #9f2a ✓ verified ↳ receipt written to the local append-only ledger (metadata only)

Concept preview. Prove: a task executed through the daemon, proven.

BUILDTRACE · $499/MO + USAGE

Open the console.
Command the fleet.

Everything your daemon runs, in one cockpit: dispatch coders, watch live streams, and keep the decision log that upgrades receipts from proven to traced.

  • Dispatch and live streams, several runs in parallel. Today.
  • In-flight fleet across repos today. Run graph, plans and pipelines rolling out with design partners.
  • Context workspace and decision log (DEC): execution traced back to ratified decisions.
You add: the console, desktop or web, riding the daemon you already runSeal: traced$499/mo + per governed run
For the team that runs agents all day.
RootBlocks Console · Agent runs (concept preview)
Agent runs14 total · 3 live   New run
#477 fix-retry-logic → DEC-214 traced
#482 billing-webhook ● live proven
#479 refactor-auth observed
#482 · Edit webhook_handler.ts (+64 -12) #482 · Bash npm test → 98 passing #482 · receipt pending · gates 2/3

Concept preview. Operate: the console cockpit; dispatch, live streams, the fleet.

ENFORCE · ENTERPRISE

No merge without
a receipt.

The rail becomes a required check on the PR. The seal completes. Every change ships enforced, with the full trace behind it.

  • Enforcement gate: a conforming receipt required to merge.
  • Retention, legal hold, RBAC, dedicated verification.
  • ISO 42001 and SOC 2 mapping, on-prem and sovereign, SSO.
You add: a required check on protected branchesSeal: enforced, the complete markfrom $120k/yr

Co-built with our first enterprise design partners in the 2026 program.

RootBlocks Console · Audit (concept preview)
SOC 2 trail · signed ledgerappend-only · ed25519   Export
#477 fix-retry-logic → DEC-214 traced
#482 billing-webhook policy ✓ proven
#471 migrate-db unreviewed observed flagged
Gate active · main requires a conforming receipt to merge

Concept preview. Enforce: the ledger, the decision link, and the merge gate.

The deep view: the receipt, opened up

Did we build what we decided?

RootBlocks links execution back to intent: proof that the agent built the right thing, not just that it ran.

TRACED

Every link present. Provably tied to a human decision.

Decisions become anchors

A ratified decision, or a derived PR approval, is what execution traces back to. With no decision layer you can prove an agent ran, never that it built what the business wanted.

The only trail that answers who authorized this

The seven links above, linked and signed. A forge or an agent vendor cannot produce it: they do not have your decision context.

Optional, not required

Land with zero ceremony: we derive decisions from the PRs you already approve. Go deeper only when you want a stronger trail. The decision log ships with Buildtrace.

The methodology behind the trace is SliceOps, the open framework for decision-governed, agent-built software.

Explore the framework at sliceops.org
For the technical evaluator

Tech specs

Three planes, one rail. The engine runs where your code lives. Only signed metadata reaches the control plane.

The receipt, annotated

// evidence.v1, one governed merge { "schema": "evidence.v1", "operationType": "code.merge", "actor": { "agent": "claude-code", "session": "7f3a" }, "provenance": { "decision": "DEC-214", "pr": 477 }, "checks": { "typecheck": "pass", "test": "pass:142", "scope": "src/payments/*" }, "redaction": "none", "sig": "ed25519:46367c53", "keyId": "sha256:", "ledger": "#9f2a" }
Verify a receipt offline, with only the public key: $ rootblocks verify receipt.json --key rootblocks.pub ✓ signature valid · ledger #9f2a · not tampered

Hand this file to anyone. They do not need us to verify it.

Pricing

Scales with your agents,
not your headcount.

Billed by governed run, never per seat. These are launch prices. Reserve them as a design partner.

OBSERVE
Free
unlimited repos and developers
  • Exposure report, review gap, unlimited derived receipts.
  • Export a signed evidence pack when you need one.
  • Read-only. Runs in your infra.
Reserve early access
Below the procurement line
MOST TEAMS START HERE
PROVE
$99/mo per org
1,000 governed runs included, then $0.075 per run
  • Everything in Observe
  • Self-hosted daemon (rootblocks run)
  • Isolated worktrees, policy, gates
  • Proven receipts, code stays home
  • Unlimited developers, pay for runs not people
Reserve launch pricing
About 7 to 8% of your agent generation spend
BUILDTRACE
$499/mo per org
5,000 governed runs included, then $0.065 per run
  • Everything in Prove
  • The console cockpit: dispatch and live streams
  • In-flight fleet (run graph, plans and pipelines rolling out)
  • Context workspace and decision log: traced
  • Desktop console, SSO on the roadmap
Reserve launch pricing
The operator plane, where the fleet lives
ENFORCE
Custom · from $120k/yr
the gate plus the enterprise platform
  • Everything in Buildtrace, at volume run pricing
  • Enforcement gate: no merge without a receipt
  • Retention, legal hold, RBAC
  • ISO 42001 and SOC 2 mapping, on-prem and sovereign
  • Dedicated verification
Talk to us
Priced against the security and compliance budget, not the dev-tools budget

Need retention on the free tier? Audit-ready packs are on the roadmap, priced with design partners.

What would your team pay per month?

2,100governed runs / month
$182on Prove
$499on Buildtrace

The full cockpit and traced receipts cost this much more than Prove at your volume: $318/mo.

A governed run is one agent execution routed through the daemon. Failed runs count: they produce evidence too. These are launch prices; we will calibrate them with our first design partners.

Think · Build · Audit

See what each plan unlocks.

FeatureObserveProveBuildtraceEnforce
Think - context and decisions
Exposure and review-gap reportIncludedIncludedIncludedIncluded
Decision log (derived from PR approvals)IncludedIncludedIncludedIncluded
Context workspace, product and architecture mapNot included·Not included·IncludedIncluded
Explicit decision log (DEC): full traceNot included·Not included·IncludedIncluded
Build - governed execution
Governed runs via CLI (rootblocks run)Not included·IncludedIncludedIncluded
Isolated worktrees, policy scope, gatesNot included·IncludedIncludedIncluded
Console cockpit: dispatch and live streamsNot included·Not included·IncludedIncluded
In-flight fleet (run graph, plans, pipelines)Not included·Not included·IncludedIncluded
Vendor-neutral attribution (Claude Code, Cursor, Copilot)IncludedIncludedIncludedIncluded
Governed runs: Claude Code today, Cursor and Copilot on the roadmapNot included·Claude CodeClaude CodeClaude Code
Audit - evidence and enforcement
Signed receipts: observedIncludedIncludedIncludedIncluded
Signed receipts: provenNot included·IncludedIncludedIncluded
Signed receipts: traced to a decisionNot included·Not included·IncludedIncluded
Append-only ledger, verify offlineIncludedIncludedIncludedIncluded
Export packs: ISO 42001 / SOC 2 / questionnaires$/packIncludedIncludedIncluded
Enforcement gate: no merge without a receiptNot included·Not included·Not included·Included
Retention policy, legal holdNot included·Not included·Not included·Included
Platform and security
Code never leaves your infraIncludedIncludedIncludedIncluded
Self-hosted daemon, desktop consoleNot included·daemonIncludedIncluded
SSO / SAML, RBAC rolesNot included·Not included·SSOIncluded
On-prem / air-gapped, dedicated verificationNot included·Not included·Not included·Included
SupportCommunityEmailPriorityDedicated

Everything your agents build
ships with proof.

Get early access, or book a call. We are onboarding a small number of design partners before launch.

Get early access

Tell us where your agents run. We will reach out with a design-partner slot and reserved launch pricing.

We use your email only to reply about RootBlocks. No lists, no sharing.

Code stays home · receipts travel · never per seat.

FAQ

The honest answers

Is this an AI code reviewer?
No. Reviewers judge whether the code is good. RootBlocks proves what the code was authorized to do, and that it passed your gates. Keep your reviewer; RootBlocks is the layer underneath it.
We already use Vanta or Drata. Isn't this the same thing?
No, and they are partners, not competitors. Vanta and Drata own the compliance checklist. They cannot collect the AI-governance evidence, because that lives in your git history and your agents. RootBlocks generates the AI-section evidence and feeds it into that workflow.
Can't GitHub just build this?
They can build the gate. They will not build neutrality across competing agents and forges, a self-hosted execution plane where code never leaves, or a portable, decision-linked corpus you own. And the one thing they structurally cannot copy is the decision layer, which lives outside the forge. Their incentive is lock-in; ours is neutrality.
Does the EU AI Act or ISO 42001 require evidence for AI-generated code?
The operational driver is ISO 42001 Clause 8 (operational control over AI systems) and SOC 2 CC8.1 (change management). A RootBlocks receipt maps to both. We do not lean on the EU AI Act; the security questionnaire and the ISO clause are the reasons teams act this year.
$99 plus usage: what will my team actually pay?
You pay for governed runs, never for people. At about 10 governed runs per developer per day, a 10-dev team lands around $180/mo on Prove, 50 devs around $800, 200 devs around $3,200. Use the simulator above. Buildtrace adds the console cockpit and traced receipts at $499/mo with 5,000 runs included.
Do failed runs still get receipts?
Yes. A failed run also produces evidence: the agent tried X, the gate blocked it, which is exactly what you want for forensics. It counts as a governed run.
Do you see our source code?
No. The engine runs in your infra. rootblocks scan is read-only and runs locally; code contents are never stored. Receipts (hashes, signatures, metadata) are the only thing designed to leave, and they sync to our cloud once the control plane is enabled for your org.
Is there a desktop app, or is it all cloud?
Both. The desktop console (macOS today; Windows and Linux next) is the operator cockpit, offline-first, next to your files and local daemon. The web console is the shared dashboard. Agents run local; receipts will sync to the control plane once it is enabled for your org (rolling out with design partners).