Trust AI-written code before it touches production.

Qorthos checks AI-assisted changes against live system truth, gates risky actions, and leaves signed evidence engineering, security, and audit teams can verify.

Book a demo See the runtime

Trust Infrastructure for engineering teams working with AI agents

Local-first by default. Code stays in your environment.

Live SQL validation for Postgres, MySQL, MariaDB, and SQLite.

Signed trust reports, attestations, capability snapshots, and policy evidence.

qorthos runtime

Works with the tools your team already uses.

CursorIDE
Claude CodeAgent
CopilotAgent
GitHubSCM
PostgresSchema
OpenAPIContracts
MCPRuntime
VercelDeploy
DockerRuntime
SupabaseData
CursorIDE
Claude CodeAgent
CopilotAgent
GitHubSCM
PostgresSchema
OpenAPIContracts
MCPRuntime
VercelDeploy
DockerRuntime
SupabaseData

Not a SAST scanner. Not a spec-driven IDE. Not a cloud dashboard. Qorthos publishes its schemas and ships a reference verifier. A local runtime that turns AI-assisted work into signed evidence.

AI code review is still held together by trust and screenshots.

Agents merge faster than humans can verify. The artifacts that prove what an agent actually did live in chat logs, PR comments, scanner output, and reviewer memory.

The problem is not AI usage. The problem is unverifiable AI usage.

01
“It passed CI” is the evidence.
Tests cover behavior the team already knew to write. They do not cover what the agent quietly assumed about schemas, APIs, packages, or policy.
unverifiable
02
Reviewers paste screenshots.
A PR description with chat links, copied terminal output, and a green check is not an audit trail your security team can accept.
not durable
03
Policy lives in Slack.
“Do not touch the billing schema” is enforced by reviewer memory, not by the runtime the agent is using while it acts.
unenforced
04
Every replay is a re-run.
To understand what an agent did last Tuesday, teams re-read transcripts, re-run checks, and hope the reconstructed answer matches reality.
non-reproducible

Register the session. Validate the change. Seal the evidence.

Qorthos runs beside the agent workflow you already use. It records the session, checks generated work against live constraints, gates risky actions, and exports signed evidence for review.

Register

The session starts with agent identity and a signed capability snapshot: runtime, model, tool registry, system prompt hash, scope reference, and delegation context.

Validate

Generated code is checked against the live constraints that matter: database schemas, dependency surfaces, API usage, policy contracts, and business rules.

Govern

Risky actions are evaluated before they are trusted. Scope violations, destructive commands, production writes, and unsigned control-plane changes are blocked or routed to approval.

Attest

The result is sealed into evidence: trust report, attestation, policy trail, attribution, and compliance bundle, signed under the configured project or organization key.

The old workflow asks reviewers to trust the story. Qorthos gives them the record.

Scenario

Old Way

Manual AI disclosure

Old Way“Used Claude for this” in a PR description.

signed attribution records tied to the session, model, files, and evidence bundle.

CI-only scanning

Old Wayscanners run after the work is already shaped.

validation and policy run while the agent acts, then scanner evidence can be imported into the same chain.

Security dashboard

Old Waya point-in-time view owned by a vendor UI.

portable signed artifacts that verify offline.

Human code review

Old Wayreviewer reconstructs intent from commits, chat, and comments.

reviewer opens one trust report with authorization, scope, validations, approvals, and provenance.

Compliance request

Old Wayengineering spends a week assembling screenshots.

export the evidence package and verification command.

Where teams can use Qorthos

Qorthos is most valuable when AI mistakes are expensive, infrastructure is real, and leaders need one operating record for validation, policy, telemetry, benchmarking, and audit.

For teams shipping schema-heavy code into real databases and pipelines

The problem

AI writes SQL against stale schema assumptions, generated data logic misses business rules, and downstream impact is hard to see before merge.

What Qorthos does

Qorthos validates SQL against live schemas, checks data contracts and downstream impact, then records the validation result as trust evidence.

AI-generated SQL gets checked against the database you actually run, not the one the model imagined.

qorthos validate --sqlschema: public

SELECT email, phone FROM users_v2

✗ column `phone` not found in users_v2

✓ suggested: `phone_number`

verdict: blocked · 1 issue · 42ms

What Qorthos produces for the organization.

TRUST REPORT

The human-readable review file for a session or PR.

Shows the model, agent, scope, validations, policy decisions, approvals, blocked actions, and provenance.

trust-report.json · 4 validations · 1 blocked action · 2 approvals

trust-report.jsonqr_9k2f

{

"session": "sess_7a2f",

"scope": "data-eng/api",

"validations": 4,

"blocked": 1,

"approved": 2,

"provenance": {

"git-commit": "a1b2c3d",

"Qorthos-Session-Id": "sess_7a2f"

}

trust-report.json · 4 validations · 1 blocked action · 2 approvals

ATTESTATION

The signed receipt for the work.

It binds the evidence scope to the signing scope so a reviewer knows what was checked and whose key signed it.

attestation.json · evidence_scope=pr · signing_scope=organization · Ed25519

attestation.jsonEd25519

{

"evidence_scope": "pr",

"signing_scope": "organization",

"signature": "Ed25519:a8f2..."

}

✓ attestation valid

attestation.json · evidence_scope=pr · signing_scope=organization · Ed25519

CAPABILITY SNAPSHOT

The agent’s declared operating envelope at session start.

Captures runtime kind, model identity, system prompt hash, MCP/tool registry, scope contract reference, and delegation context.

capability-snapshot.json · model + tools + scope hash

capability-snapshot.jsonenvelope

{

"runtime": "qorthos-mcp",

"model": "claude-3.5-sonnet",

"system_prompt_hash": "sha256:7b9f...",

"tool_registry": ["sql-read", "git-write"]

}

capability-snapshot.json · model + tools + scope hash

POLICY TRAIL

The record of which controls fired.

Tracks allowed actions, blocked actions, approvals, host-action evidence, and the scope contract in force.

policy-trail · destructive write blocked · production approval required

policy-trail.logsession scope

# scope checks

✓ action: read schema, allowed

✗ action: destructive write, blocked

# approval flow

⏳ approval requested: production write

✓ approved by: eng-lead@corp.com

policy-trail · destructive write blocked · production approval required

COMPLIANCE BUNDLE

A portable evidence bundle.

Used for security review, compliance mapping, and offline verification. Not a certification claim. Evidence your audit program can use.

compliance-evidence-bundle.json · SOX/DORA/EU AI Act mapping

compliance-evidence-bundle.jsonexport

{

"type": "compliance_evidence_bundle",

"frameworks": ["SOX", "DORA", "EU AI Act"],

"trust_report_ref": "qr_9k2f",

"attestation_ref": "Ed25519:a8f2..."

}

$ qorthos-verify bundle compliance-evidence-bundle.json

compliance-evidence-bundle.json · SOX/DORA/EU AI Act mapping

AGENT FINGERPRINT

The behavioral signature behind every session.

Pre and post hook events, the exact tool sequence, scope boundary crossings, and a deterministic behavior hash. The record of how an agent actually behaved versus how it was supposed to.

agent-fingerprint.json · hook events · tool order · drift score

agent-fingerprint.jsonhooks · tool order

{

"agent_id": "claude-sonnet-4-6",

"hook_events": 14,

"tool_sequence": ["read", "sql-validate", "edit", "git-commit"],

"scope_crossings": 1,

"behavior_hash": "sha256:f9c1...",

"drift_score": 0.07

}

✓ behavior matches declared envelope

agent-fingerprint.json · hook events · tool order · drift score

TELEMETRY · BENCHMARKING

Opt-in usage telemetry and model benchmarking, in one rollup.

Aggregate signals across sessions: which models pass policy, which agents trigger more approvals, which validations block the most issues, and how hallucination rates compare across providers, repos, and teams.

telemetry-rollup.json · pass rate · hallucination rate · approvals per session

telemetry-rollup.jsonopt-in · 30d

# model leaderboard, last 30 days

claude-sonnet-4-6 pass 94.2% halluc 1.1%

gpt-5-codex pass 91.8% halluc 2.4%

gemini-2.5-pro pass 88.3% halluc 3.7%

# aggregate

"sessions": 12,438 · "approvals/sess": 0.31

"validations": 38,109 · "blocked": 1,842

telemetry-rollup.json · pass rate · hallucination rate · approvals per session

Qorthos translates agent actions into regulated software evidence.

You are responsible for the AI software you ship. Qorthos provides the deterministic proof that AI-generated changes went through required controls before touching production.

SOX 404

Requirement: Material change authorization.

Output: Signed record of production deployment approval mapped to the agent's session and the human reviewer.

DORA (EU)

Requirement: ICT risk management & incident review.

Output: Offline-verifiable evidence bundles that survive vendor outages or contract termination.

EU AI Act

Requirement: High-risk AI system traceability.

Output: AI-CBOM (CycloneDX) linking the model identity, session, and generated artifacts to validation results.

NIST AI RMF

Requirement: Measure & Manage functions.

Output: Policy trails showing which specific risk constraints were evaluated and enforced on the agent.

ISO/IEC 42001

Requirement: AI management system auditing.

Output: Immutable trust reports that serve as primary auditable records for AI software contributions.

SOC 2 / HIPAA

Requirement: Logical access & change management.

Output: Cryptographic proof that a human authorized the agent’s specific code changes, not just the PR merge.

Evidence leaves. Data doesn't

Qorthos runs next to your code: on the developer machine, in CI, or inside your VPC. It validates against local truth, signs evidence under your key policy, and only emits portable artifacts you choose to share.

→No source, schemas, prompts, or raw SQL are transmitted to Qorthos servers by the local runtime.

→Signing keys stay under your control through local project keys or customer-owned AWS KMS, GCP KMS, and Vault providers.

→Telemetry is opt-in and limited to redacted aggregate events. SQL telemetry never carries query text, table names, schema DDL, or connection strings.

→Verification does not require our dashboard because the verifier runs as a standalone CLI and browser-capable library against signed artifacts.

yourenvironmentvpc · workstation · ci

agentCursor · Claude Code · Codexruns where it already runs: IDE, CI, terminal, or sandbox.

qorthos runtimevalidate · gate · attestlocal MCP server, CLI, and sidecar validate locally; signing uses your configured key provider.

your repos and dbcode · schemas · promptsused locally for validation, not serialized into Qorthos Cloud.

evidence storagelocal · S3 · GCS · your bucketsigned bundles follow your retention, keys, and audit process.

Frequently asked questions.

No. Qorthos does not generate code. It is the control and evidence layer that sits behind those tools.

Become a design partner.

One config block. Zero workflow changes. Real-time validation, governance, and provenance for every AI-generated line.

Local-first. Your code never leaves your machine.