intelligence assurance

How we prove it's
safe to merge.

Every automated merge rests on a chain of claims that used to be taken on faith. We turned each one into something checked — and closed the gap where a false green slips through.

fleet · merge gate live
merge gate
graph-scoped affected tests · rendered by meridian
changeblast radiusverdict
lib/greet.txt7 targetsSAFE ✓ merged
api/handler.rs23 targetsbuilding…
config.weak_testcross-pkgBLOCKED ✕
FRESH CORRECT USED SAFE BROAD
gate: graph-scoped tests run: 31 via graphd.rdeps
how it holds

Five links, each one proven.

receipts

Assurance you can audit.

Not a promise — an artifact. Each of these is measured, reproducible, and emitted by the platform itself.

Every affected test, every merge.

The merge gate runs a proven superset of the tests your change can reach — computed from the real build graph, not a directory heuristic. A change can’t go green while breaking a test the naive path would have skipped.

source · graph-scoped test selection
σ
Proof-carrying tool calls.

Agents dispatch tools with a typed, Lean-proved witness — not a natural-language guess at the arguments. The proof travels with the call, so there’s no hallucination gap between intent and action.

source · agora · lean 4
Audit evidence, for free.

SOC 2 evidence isn’t collected after the fact. It’s a content-addressed, write-once byproduct of how every change already flows through the control plane — builds, merges, deploys, all attested.

source · compliance plugin

Let agents build. Prove it's safe to ship.