Probabilistic agents.
Deterministic control.
AI agents can commit code, deploy infrastructure, and manage incidents. But without deterministic governance, they're too risky for production.
SignalCheck is a policy engine that evaluates every agent action before it executes.
Same inputs, same decision, every time. No LLMs. No execution. Full audit trail.
The problem with AI agents
AI agents are powerful but unpredictable. They make decisions based on models, not rules. This creates a fundamental trust problem.
Security teams block AI agents because they can't prove what they'll do. Platform teams can't deploy them without governance. The result: AI agents stay in demos while teams manually handle incidents, dependency updates, and CI failures.
What makes SignalCheck different
SignalCheck doesn't try to make agents deterministic. It makes governance deterministic.
Your AI agent analyzes the situation and proposes an action. SignalCheck evaluates it against your policy and renders a verdict: allow, deny, or escalate to a safer alternative.
Same event, same policy, same decision. No LLMs in the decision path. No probabilistic safety layer. Decisions are reproducible, testable, and auditable.
SignalCheck runs as a CLI tool or HTTP server. Deploy it as a required gate for agent actions. Define policies in version-controlled YAML. Export findings as SARIF for your security tooling.
How it works
Agent proposes action
Your AI agent detects an issue and proposes a fix: commit code, deploy a change, rotate credentials, rollback a release.
SignalCheck evaluates
The action is evaluated against policy: repository rules, branch protections, confidence thresholds, environment constraints.
Verdict rendered
Allow (safe to proceed), deny (violates policy), or escalate (use this safer alternative instead).
HTTP API Call SignalCheck before your agent executes any action
CLI Integrate into CI/CD pipelines or run locally during development
Policy as code Version-controlled YAML files define what's allowed
What SignalCheck is and is not
What SignalCheck is
- •A deterministic decision layer for AI automation
- •A governance and audit backbone for autonomous actions
- •A way to apply production-grade controls to AI agents
What SignalCheck is not
- •Not an agent framework
- •Not a workflow engine
- •Not a CI/CD system
- •Not an execution platform
Real example: CI failure remediation
Scenario
CI fails on main branch. The issue: package-lock.json is out of sync. An AI agent detects the problem and proposes to fix the lockfile and commit directly to main.
Without SignalCheck
Either the agent auto-commits to main (pollutes protected branch) or requires human approval for every fix (defeats automation).
With SignalCheck
Policy denies direct commits to main. SignalCheck provides an escalation recipe: create a pull request instead. The agent follows the safer path. Main stays protected. Full audit trail maintained.
Policy flexibility
The same policy can allow auto-fixes on feature branches (low risk), require PRs for main (governance), and deny fixes entirely if confidence is below threshold (uncertainty).
Technical guarantees
Current status
SignalCheck is early-stage and design-partner driven. Core engine is complete. HTTP server and CLI are production-ready. This is infrastructure tooling, not a polished SaaS.
Let's talk
SignalCheck is for teams who are:
- •Evaluating AI agents for production use
- •Blocking automation due to risk and compliance concerns
- •Responsible for security, compliance, or platform enablement