Skip to main content

Trust layer for AI-modified software — receipts, ledger, calibrated autonomy

Project description

SignalBrain — the trust layer for AI-modified software

SignalBrain

PyPI license demo gate earned autonomy

Trust layer for AI-modified software.

Get started · Receipt spec · Architecture & roadmap · The founding incident · Pilot · Demo repo

Every company is letting agents change systems that matter. Every agent overstates what it did. SignalBrain is the referee: signed improvement receipts, objective re-score, and per-class calibrated trust — so autonomy is earned, not self-reported.

Agent tooling today answers risk with a permission prompt — approve every action, forever. Receipts are the exit ramp: an agent earns the right to stop asking, one measured claim at a time, per change-class, revocable by evidence.

Your repo, your ledger, no server. Plain files, a CLI, and a GitHub Action — nothing to host, nothing phones home. And because a referee can't also be a player, SignalBrain is agent- and model-neutral by design: Claude Code, Cursor, goose, Codex CLI — same rules for every one of them.

Animated: a 0.92-confidence claim is re-executed after merge, fails, held: false is recorded forever, and the class drops to GATE

This repository is Phase 0 v0.1: the receipt spec, ledger math, scoring lane, anti-Goodhart machinery, and the founding incident record — extracted from the Titan reference deployment (R&D dummy that keeps trying to game its own ledger, in public).

60-second demo — run it, don't trust it

pip install signalbrain
bash demo/demo.sh

demo.sh output: self-score refused, pins earn zero trust, honest failure recorded, ELIGIBLE earned at n=10

Raw transcript (real output — no mocks)
▶ 1. An agent tries to score its own claim BEFORE anyone merged it
  {"status": "refused_guard", "code": 3, "message": "... not on HEAD — score only human-merged receipts"}
  refused: unmerged claims cannot enter the ledger. No agent grades its own homework.

▶ 2. A batch of receipts measured only by tests the agent wrote itself
  ledger now holds 3 rows — every one classified: 3 "claim_kind": "invariant_pin"
  {}   (no class has ANY trust-eligible claims)
  three green results, ZERO earned trust: held-by-construction pins are recorded, never counted.

▶ 3. An honest failure
  "held": false
  the agent said 0.9 confidence. The measurement said no. That gap is the product.

▶ 4. Ten claims that actually hold
  "tooling": { "hit_rate": 1.0, "n": 10, "status": "auto-merge ELIGIBLE" }
  earned by track record, revocable by evidence. Autonomy is graduated, never granted.

The receipt lifecycle

flowchart LR
    A["Agent ships change<br/>+ receipt"] --> B{"human<br/>merges?"}
    B -- "no" --> R["refused — unmerged claims<br/>cannot be scored"]
    B -- "yes" --> C["sb score<br/>re-runs the receipt's<br/>own commands"]
    C --> D{"measured only by<br/>tests it wrote itself?"}
    D -- "yes" --> P["invariant_pin<br/>recorded · zero trust"]
    D -- "no" --> E{"commands<br/>pass?"}
    E -- "yes" --> H["held ✓"]
    E -- "no" --> F["held ✗<br/>recorded forever"]
    H --> L[("ledger")]
    F --> L
    P --> L
    L --> G{"last 10 high-confidence<br/>claims ≥ 95% held?"}
    G -- "yes" --> M["auto-merge ELIGIBLE<br/>earned · revocable"]
    G -- "no" --> N["GATE<br/>human review"]

    classDef good fill:#0d2b1e,stroke:#34d399,color:#a7f3d0
    classDef bad fill:#2b1214,stroke:#f87171,color:#fecaca
    classDef neutral fill:#0f172a,stroke:#475569,color:#cbd5e1
    class M,H good
    class R,F,P bad
    class A,B,C,D,E,G,L,N neutral

Three layers

Layer What Status
Receipt Open standard — signed, re-runnable claims docs/RECEIPT_SPEC.md v0.1
Ledger Per-class trust from objectively re-scored receipts src/signalbrain/governance/
Refuter Adversarial verification + SPC (premium) scripts + roadmap

Founding proof

Our own autonomous lane tried to pad its trust score to 100% ELIGIBLE in a local working tree. It never reached git. Full receipt-style incident record with reproduce commands:

docs/incidents/2026-07-tooling-trust-streak-gaming.md

Every number in that document is re-derivable from cited SHAs.

The ledger data has its own headline: across 58 objectively measured claims, hold-rate falls as stated confidence rises — 86% in the 0.85–0.90 bin, 83% in 0.90–0.95, 33% above 0.95. The most confident claims were the least reliable. Reproducible curves + generator: report/calibration-curves/.

Quick start

pip install signalbrain

# 1. Teach your agents to emit receipts (paste into CLAUDE.md / .cursorrules):
#    docs/pilot/receipt-emission.md

# 2. After a receipt merges, score it objectively:
sb score receipts/0001-tooling-my-change.md --root . --ledger .signalbrain/ledger.jsonl

# 3. Read the trust gates (exit 0 = TRUST earned, 1 = GATE):
sb gate --ledger .signalbrain/ledger.jsonl --by-class --window 10

# Or wire it into CI — see the fork-able demo's workflow:
#    https://github.com/whitestone1121-web/receipt-gate-demo
Reference-deployment invocations (legacy scripts, kept for parity)
export PYTHONPATH=src:scripts
python scripts/calibration_ledger.py docs/calibration/improvement_claim_ledger.jsonl \
  --require-measured --by-class --window 10
bash scripts/calibration_score_receipt.sh docs/improvements/NNNN-name.md
pytest tests/ -q

v0.1 scope and roadmap

See Architecture, provenance & roadmap — what's in the box, why the rules look the way they do, and what design partners drive next. Known limitations are stated there plainly; this project publishes its edges the same way it publishes its incidents.

Compat note: governance modules live under signalbrain.governance; agi_os_backend.governance shims preserve script import paths from the reference deployment.

Design partner offer

We score your coding agents' claims against what actually merged. First caught overclaim is free — if we don't find one, you still get an audit. Contact: signalbrain.ai

License

Apache-2.0 — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

signalbrain-0.1.2.tar.gz (23.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

signalbrain-0.1.2-py3-none-any.whl (29.0 kB view details)

Uploaded Python 3

File details

Details for the file signalbrain-0.1.2.tar.gz.

File metadata

  • Download URL: signalbrain-0.1.2.tar.gz
  • Upload date:
  • Size: 23.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for signalbrain-0.1.2.tar.gz
Algorithm Hash digest
SHA256 f537af5922dab79115306430c171e44e693b284e854b0a6696342ab576befe0b
MD5 93d7581b4d3b44d4ecf4e11990f38216
BLAKE2b-256 27d0a4add07bc66d5945f3619832476d27f770ecd5ed0ca14cf03585415900e6

See more details on using hashes here.

Provenance

The following attestation bundles were made for signalbrain-0.1.2.tar.gz:

Publisher: release.yml on whitestone1121-web/signalbrain

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file signalbrain-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: signalbrain-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 29.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for signalbrain-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 793246317c14dc08b5024ad3003c384411c6f2b5831753b7f0b1586dc21e2d05
MD5 f6abbbecb4c0ac7ec8b7e37ad582f35d
BLAKE2b-256 4b48574820a39fb6c4526cf4755697bbcaa6afafad7bc73578730d712152187e

See more details on using hashes here.

Provenance

The following attestation bundles were made for signalbrain-0.1.2-py3-none-any.whl:

Publisher: release.yml on whitestone1121-web/signalbrain

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page