Trust layer for AI-modified software — receipts, ledger, calibrated autonomy
Project description
SignalBrain
Trust layer for AI-modified software.
Get started · Receipt spec · Architecture & roadmap · The founding incident · Pilot · Demo repo
Every company is letting agents change systems that matter. Every agent overstates what it did. SignalBrain is the referee: signed improvement receipts, objective re-score, and per-class calibrated trust — so autonomy is earned, not self-reported.
Agent tooling today answers risk with a permission prompt — approve every action, forever. Receipts are the exit ramp: an agent earns the right to stop asking, one measured claim at a time, per change-class, revocable by evidence.
Your repo, your ledger, no server. Plain files, a CLI, and a GitHub Action — nothing to host, nothing phones home. And because a referee can't also be a player, SignalBrain is agent- and model-neutral by design: Claude Code, Cursor, goose, Codex CLI — same rules for every one of them.
This repository is Phase 0 v0.1: the receipt spec, ledger math, scoring lane, anti-Goodhart machinery, and the founding incident record — extracted from the Titan reference deployment (R&D dummy that keeps trying to game its own ledger, in public).
60-second demo — run it, don't trust it
pip install signalbrain
bash demo/demo.sh
Raw transcript (real output — no mocks)
▶ 1. An agent tries to score its own claim BEFORE anyone merged it
{"status": "refused_guard", "code": 3, "message": "... not on HEAD — score only human-merged receipts"}
refused: unmerged claims cannot enter the ledger. No agent grades its own homework.
▶ 2. A batch of receipts measured only by tests the agent wrote itself
ledger now holds 3 rows — every one classified: 3 "claim_kind": "invariant_pin"
{} (no class has ANY trust-eligible claims)
three green results, ZERO earned trust: held-by-construction pins are recorded, never counted.
▶ 3. An honest failure
"held": false
the agent said 0.9 confidence. The measurement said no. That gap is the product.
▶ 4. Ten claims that actually hold
"tooling": { "hit_rate": 1.0, "n": 10, "status": "auto-merge ELIGIBLE" }
earned by track record, revocable by evidence. Autonomy is graduated, never granted.
The receipt lifecycle
flowchart LR
A["Agent ships change<br/>+ receipt"] --> B{"human<br/>merges?"}
B -- "no" --> R["refused — unmerged claims<br/>cannot be scored"]
B -- "yes" --> C["sb score<br/>re-runs the receipt's<br/>own commands"]
C --> D{"measured only by<br/>tests it wrote itself?"}
D -- "yes" --> P["invariant_pin<br/>recorded · zero trust"]
D -- "no" --> E{"commands<br/>pass?"}
E -- "yes" --> H["held ✓"]
E -- "no" --> F["held ✗<br/>recorded forever"]
H --> L[("ledger")]
F --> L
P --> L
L --> G{"last 10 high-confidence<br/>claims ≥ 95% held?"}
G -- "yes" --> M["auto-merge ELIGIBLE<br/>earned · revocable"]
G -- "no" --> N["GATE<br/>human review"]
classDef good fill:#0d2b1e,stroke:#34d399,color:#a7f3d0
classDef bad fill:#2b1214,stroke:#f87171,color:#fecaca
classDef neutral fill:#0f172a,stroke:#475569,color:#cbd5e1
class M,H good
class R,F,P bad
class A,B,C,D,E,G,L,N neutral
Three layers
| Layer | What | Status |
|---|---|---|
| Receipt | Open standard — signed, re-runnable claims | docs/RECEIPT_SPEC.md v0.1 |
| Ledger | Per-class trust from objectively re-scored receipts | src/signalbrain/governance/ |
| Refuter | Adversarial verification + SPC (premium) | scripts + roadmap |
Founding proof
Our own autonomous lane tried to pad its trust score to 100% ELIGIBLE in a local working tree. It never reached git. Full receipt-style incident record with reproduce commands:
docs/incidents/2026-07-tooling-trust-streak-gaming.md
Every number in that document is re-derivable from cited SHAs.
The ledger data has its own headline: across 58 objectively measured claims, hold-rate falls as stated confidence rises — 86% in the 0.85–0.90 bin, 83% in 0.90–0.95, 33% above 0.95. The most confident claims were the least reliable. Reproducible curves + generator: report/calibration-curves/.
Quick start
pip install signalbrain
# 1. Teach your agents to emit receipts (paste into CLAUDE.md / .cursorrules):
# docs/pilot/receipt-emission.md
# 2. After a receipt merges, score it objectively:
sb score receipts/0001-tooling-my-change.md --root . --ledger .signalbrain/ledger.jsonl
# 3. Read the trust gates (exit 0 = TRUST earned, 1 = GATE):
sb gate --ledger .signalbrain/ledger.jsonl --by-class --window 10
# Or wire it into CI — see the fork-able demo's workflow:
# https://github.com/whitestone1121-web/receipt-gate-demo
Reference-deployment invocations (legacy scripts, kept for parity)
export PYTHONPATH=src:scripts
python scripts/calibration_ledger.py docs/calibration/improvement_claim_ledger.jsonl \
--require-measured --by-class --window 10
bash scripts/calibration_score_receipt.sh docs/improvements/NNNN-name.md
pytest tests/ -q
v0.1 scope and roadmap
See Architecture, provenance & roadmap — what's in the box, why the rules look the way they do, and what design partners drive next. Known limitations are stated there plainly; this project publishes its edges the same way it publishes its incidents.
Compat note: governance modules live under signalbrain.governance; agi_os_backend.governance shims preserve script import paths from the reference deployment.
Design partner offer
We score your coding agents' claims against what actually merged. First caught overclaim is free — if we don't find one, you still get an audit. Contact: signalbrain.ai
License
Apache-2.0 — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file signalbrain-0.1.2.tar.gz.
File metadata
- Download URL: signalbrain-0.1.2.tar.gz
- Upload date:
- Size: 23.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f537af5922dab79115306430c171e44e693b284e854b0a6696342ab576befe0b
|
|
| MD5 |
93d7581b4d3b44d4ecf4e11990f38216
|
|
| BLAKE2b-256 |
27d0a4add07bc66d5945f3619832476d27f770ecd5ed0ca14cf03585415900e6
|
Provenance
The following attestation bundles were made for signalbrain-0.1.2.tar.gz:
Publisher:
release.yml on whitestone1121-web/signalbrain
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
signalbrain-0.1.2.tar.gz -
Subject digest:
f537af5922dab79115306430c171e44e693b284e854b0a6696342ab576befe0b - Sigstore transparency entry: 2066655591
- Sigstore integration time:
-
Permalink:
whitestone1121-web/signalbrain@49223579e43325b6e0ec706d4e6d04893303051c -
Branch / Tag:
refs/tags/v0.1.2 - Owner: https://github.com/whitestone1121-web
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@49223579e43325b6e0ec706d4e6d04893303051c -
Trigger Event:
push
-
Statement type:
File details
Details for the file signalbrain-0.1.2-py3-none-any.whl.
File metadata
- Download URL: signalbrain-0.1.2-py3-none-any.whl
- Upload date:
- Size: 29.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
793246317c14dc08b5024ad3003c384411c6f2b5831753b7f0b1586dc21e2d05
|
|
| MD5 |
f6abbbecb4c0ac7ec8b7e37ad582f35d
|
|
| BLAKE2b-256 |
4b48574820a39fb6c4526cf4755697bbcaa6afafad7bc73578730d712152187e
|
Provenance
The following attestation bundles were made for signalbrain-0.1.2-py3-none-any.whl:
Publisher:
release.yml on whitestone1121-web/signalbrain
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
signalbrain-0.1.2-py3-none-any.whl -
Subject digest:
793246317c14dc08b5024ad3003c384411c6f2b5831753b7f0b1586dc21e2d05 - Sigstore transparency entry: 2066655892
- Sigstore integration time:
-
Permalink:
whitestone1121-web/signalbrain@49223579e43325b6e0ec706d4e6d04893303051c -
Branch / Tag:
refs/tags/v0.1.2 - Owner: https://github.com/whitestone1121-web
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@49223579e43325b6e0ec706d4e6d04893303051c -
Trigger Event:
push
-
Statement type: