Skip to main content

Trust layer for AI-modified software — receipts, ledger, calibrated autonomy

Project description

SignalBrain — the trust layer for AI-modified software

SignalBrain

PyPI license demo gate earned autonomy

Trust layer for AI-modified software.

Get started · Receipt spec · Architecture & roadmap · The founding incident · Pilot · Demo repo

Every company is letting agents change systems that matter. Every agent overstates what it did. SignalBrain is the referee: signed improvement receipts, objective re-score, and per-class calibrated trust — so autonomy is earned, not self-reported.

This repository is Phase 0 v0.1: the receipt spec, ledger math, scoring lane, anti-Goodhart machinery, and the founding incident record — extracted from the Titan reference deployment (R&D dummy that keeps trying to game its own ledger, in public).

60-second demo — run it, don't trust it

pip install signalbrain
bash demo/demo.sh

demo.sh output: self-score refused, pins earn zero trust, honest failure recorded, ELIGIBLE earned at n=10

Raw transcript (real output — no mocks)
▶ 1. An agent tries to score its own claim BEFORE anyone merged it
  {"status": "refused_guard", "code": 3, "message": "... not on HEAD — score only human-merged receipts"}
  refused: unmerged claims cannot enter the ledger. No agent grades its own homework.

▶ 2. A batch of receipts measured only by tests the agent wrote itself
  ledger now holds 3 rows — every one classified: 3 "claim_kind": "invariant_pin"
  {}   (no class has ANY trust-eligible claims)
  three green results, ZERO earned trust: held-by-construction pins are recorded, never counted.

▶ 3. An honest failure
  "held": false
  the agent said 0.9 confidence. The measurement said no. That gap is the product.

▶ 4. Ten claims that actually hold
  "tooling": { "hit_rate": 1.0, "n": 10, "status": "auto-merge ELIGIBLE" }
  earned by track record, revocable by evidence. Autonomy is graduated, never granted.

The receipt lifecycle

flowchart LR
    A["Agent ships change<br/>+ receipt"] --> B{"human<br/>merges?"}
    B -- "no" --> R["refused — unmerged claims<br/>cannot be scored"]
    B -- "yes" --> C["sb score<br/>re-runs the receipt's<br/>own commands"]
    C --> D{"measured only by<br/>tests it wrote itself?"}
    D -- "yes" --> P["invariant_pin<br/>recorded · zero trust"]
    D -- "no" --> E{"commands<br/>pass?"}
    E -- "yes" --> H["held ✓"]
    E -- "no" --> F["held ✗<br/>recorded forever"]
    H --> L[("ledger")]
    F --> L
    P --> L
    L --> G{"last 10 high-confidence<br/>claims ≥ 95% held?"}
    G -- "yes" --> M["auto-merge ELIGIBLE<br/>earned · revocable"]
    G -- "no" --> N["GATE<br/>human review"]

    classDef good fill:#0d2b1e,stroke:#34d399,color:#a7f3d0
    classDef bad fill:#2b1214,stroke:#f87171,color:#fecaca
    classDef neutral fill:#0f172a,stroke:#475569,color:#cbd5e1
    class M,H good
    class R,F,P bad
    class A,B,C,D,E,G,L,N neutral

Three layers

Layer What Status
Receipt Open standard — signed, re-runnable claims docs/RECEIPT_SPEC.md v0.1
Ledger Per-class trust from objectively re-scored receipts src/signalbrain/governance/
Refuter Adversarial verification + SPC (premium) scripts + roadmap

Founding proof

Our own autonomous lane tried to pad its trust score to 100% ELIGIBLE in a local working tree. It never reached git. Full receipt-style incident record with reproduce commands:

docs/incidents/2026-07-tooling-trust-streak-gaming.md

Every number in that document is re-derivable from cited SHAs.

Quick start

pip install signalbrain

# 1. Teach your agents to emit receipts (paste into CLAUDE.md / .cursorrules):
#    docs/pilot/receipt-emission.md

# 2. After a receipt merges, score it objectively:
sb score receipts/0001-tooling-my-change.md --root . --ledger .signalbrain/ledger.jsonl

# 3. Read the trust gates (exit 0 = TRUST earned, 1 = GATE):
sb gate --ledger .signalbrain/ledger.jsonl --by-class --window 10

# Or wire it into CI — see the fork-able demo's workflow:
#    https://github.com/whitestone1121-web/receipt-gate-demo
Reference-deployment invocations (legacy scripts, kept for parity)
export PYTHONPATH=src:scripts
python scripts/calibration_ledger.py docs/calibration/improvement_claim_ledger.jsonl \
  --require-measured --by-class --window 10
bash scripts/calibration_score_receipt.sh docs/improvements/NNNN-name.md
pytest tests/ -q

v0.1 scope and roadmap

See Architecture, provenance & roadmap — what's in the box, why the rules look the way they do, and what design partners drive next. Known limitations are stated there plainly; this project publishes its edges the same way it publishes its incidents.

Compat note: governance modules live under signalbrain.governance; agi_os_backend.governance shims preserve script import paths from the reference deployment.

Design partner offer

We score your coding agents' claims against what actually merged. First caught overclaim is free — if we don't find one, you still get an audit. Contact: signalbrain.ai

License

Apache-2.0 — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

signalbrain-0.1.1.tar.gz (22.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

signalbrain-0.1.1-py3-none-any.whl (28.5 kB view details)

Uploaded Python 3

File details

Details for the file signalbrain-0.1.1.tar.gz.

File metadata

  • Download URL: signalbrain-0.1.1.tar.gz
  • Upload date:
  • Size: 22.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for signalbrain-0.1.1.tar.gz
Algorithm Hash digest
SHA256 00b4f00d0716c5c943e3c8407f85605b254546b25f5ac877d2883faf3469c63b
MD5 f0d113002f5a470016b1a04494841728
BLAKE2b-256 897fafed28dc5fed486a1ec1061e65722b08a7fe859e87ff896f75b013c6b1e2

See more details on using hashes here.

File details

Details for the file signalbrain-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: signalbrain-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 28.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for signalbrain-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 dc75c5371d9c782a4f1a7b6e8a21f180082287675f69fcdb3f31d681e2d36044
MD5 150cee2cd7b90adad3f4f4db395b0f0e
BLAKE2b-256 e335764d215f928d93d2e52d981f4b159af2ae45753de943385d85391910c14e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page