AI Operator
Approvals and receipts for coding agent actions in GitHub
Guardrails for coding agent actions in GitHub

Approve, execute, and keep receipts for what coding agents do in GitHub.

AI Operator is a trust layer for coding agent actions. The hosted demo now proves a real GitHub action end-to-end: request a branch creation, require approval, execute through the GitHub API, and persist a receipt afterward.

View repositoryDemo docsSee packaging
  • Canonical state in Supabase Postgres
  • Hosted runtime on Vercel
  • Real GitHub branch creation with receipt
Why teams care
Coding agents can propose GitHub actions.
Teams want bounded approval before execution.
They want a receipt after the action runs.
They do not want this tied to a personal server.
Commercial wedge

One narrow, sellable workflow: guard coding agent actions in GitHub.

Buyer
  • CTO or engineering manager
  • platform / infra engineer
  • AI-native team using coding agents with GitHub
Pain
  • Agents can branch, push, or mutate code too freely
  • Approval is informal or missing
  • Receipts and auditability are weak after execution
Live hosted demo

request → approval → execute → receipt on a real GitHub action

Current hosted proof path: `github.create_branch` on a dedicated demo repo.

1. Request a remote `github.create_branch` action.
2. Record approval in canonical Postgres state.
3. Execute the action via GitHub API from the managed runtime.
4. Persist the receipt with result hash and evidence.
Protocol primitives

ActionDescriptor, Mandate, Receipt.

The protocol is general. The current product wedge is intentionally specific.

ActionDescriptor

What action is being requested, by whom, on which tool, in which scope.

{
  "id": "25ef1cd9-c927-4976-9f29-66ba71356bcc",
  "actor": "demo/coding-agent",
  "tool": "github",
  "action": "create_branch",
  "scope": [
    "repo:ai-operator-demo",
    "branch:aiop-demo-1776249981"
  ],
  "target": "aiop-demo-1776249981",
  "createdAt": "2026-04-15T10:46:25.549748+00:00"
}
Mandate

The bounded approval object used to authorize execution.

{
  "id": "mandate_25ef1cd9-c927-4976-9f29-66ba71356bcc",
  "actionId": "25ef1cd9-c927-4976-9f29-66ba71356bcc",
  "actor": "demo/coding-agent",
  "tool": "github",
  "scope": [
    "repo:ai-operator-demo",
    "branch:aiop-demo-1776249981"
  ],
  "approvalStatus": "approved",
  "approvedBy": [
    "demo/reviewer"
  ],
  "conditions": [
    "Bounded approval",
    "GitHub API managed execution"
  ],
  "issuedAt": "2026-04-15T10:46:26.563+00:00",
  "expiresAt": "2026-04-15T11:01:26.919Z",
  "signature": "unsigned-v1"
}
Receipt

The proof object emitted after execution, including result hash and GitHub evidence.

{
  "id": "738081a1-a2ad-4020-afa1-7adf0866a2a0",
  "actionId": "25ef1cd9-c927-4976-9f29-66ba71356bcc",
  "mandateId": "mandate_25ef1cd9-c927-4976-9f29-66ba71356bcc",
  "status": "executed",
  "resultHash": "203c2f786e9ed9f172225ca5bc31fe32e583bac4ff8ef18f7d1cbc3392a9cef1",
  "verifier": "forge",
  "evidence": {
    "mode": "managed-github-api",
    "owner": "jetlifeZ7",
    "repo": "ai-operator-demo",
    "branch": "aiop-demo-1776249981"
  },
  "startedAt": "2026-04-15T10:46:29.697885+00:00",
  "completedAt": "2026-04-15T10:46:29.697885+00:00",
  "signature": "unsigned-v1"
}
Packaging

Open protocol, managed controls.

Open source / visible
  • Protocol shape
  • Basic runtime loop
  • Dev/self-host fallback pieces
Premium / managed direction
  • Hosted approvals inbox
  • Hosted receipts explorer
  • GitHub coding-agent action controls
  • Policy templates for bounded authorization