Sign in

Packet boundary

Codaegis turns one AI-assisted GitHub pull request into one governed packet so a human and their AI agents can read a bounded review posture before any merge decision. Codaegis is decision support only. It does not merge, deploy, approve, certify, enforce, warrant, replace human judgment, or include public API access in Starter.

Boundary stancePacket before platform

Visible uncertainty, narrow evidence, human-owned decisions.

What Codaegis commits to

Read-only first

The first paid path starts from PR-scoped evidence and names missing proof instead of silently widening the task.

No hidden authority

The governed packet can support a decision, but Codaegis does not merge, deploy, certify, or approve code.

Bounded loop before platform

The first paid path is GitHub PR review, while public API, SDK, adapter, and non-PR work-family surfaces remain separately admitted future or higher-tier paths.

Held trust artifacts

Formal trust and compliance materials remain held; Codaegis only names safeguards that are true and evidenced today.

Visible uncertainty

When evidence is missing, the governed packet shows the gap and the next review action so buyers can inspect the limits.

No substitute packets

If setup, repo access, analysis path, or packet transport is unavailable, Codaegis explains the stop and recovery step instead of filling the gap with a fake answer.

What Codaegis does not claim

  • Codaegis is not a merge authority.
  • Codaegis is not a deployment authority.
  • Codaegis is not legal, security, or compliance approval.
  • Codaegis does not claim perfect safety.
  • Codaegis does not claim certification, audit approval, regulated-use approval, or trust-center admission.
  • Codaegis does not claim Starter public API access, SDK admission, or Codex/Cursor/CLI/VM-agent adapter admission.

Measured quality

On a frozen 29-pull-request evaluation corpus — 20 higher-risk, 9 clean — the shipped review engine produced 0 dangerous misses and 0 false stops.

Dangerous misses

0 of 20 higher-risk PRs

False stops

0 of 9 clean PRs

Verdict accuracy

0.897

Confidence calibration

0.959

This is a held evaluation corpus scored by frozen replay, not production traffic and not a guarantee. The provider is OpenAI; the model version and routing are held as internal engine configuration. Full methodology is published in the Codaegis product benchmark publication.

Trust and data-handling FAQ

The operational questions a serious buyer asks before connecting a repository, answered only with what is true and evidenced today.

Data handling

What does Codaegis read from my repository?

Only what an admitted pull-request review needs: the pull request title and body, changed-file references, review, commit, and discussion summaries, and CI or status signals for that pull request. The posture is read-only first, scoped to the one admitted pull request, not your whole repository.

Data handling

Where does my code content go to produce a packet?

Codaegis uses OpenAI as the third-party AI provider that processes pull-request and code content to produce the governed packet. The specific model version, routing, and prompt configuration are internal engine configuration, not a data-handling boundary, so they are not disclosed.

Data handling

Do you train models on my code?

No. Codaegis does not use customer packet, repository, or code content for broad model training without explicit opt-in or a later reviewed policy.

Data handling

How long is my packet history kept, and can I get it out?

Packet history is bounded by tier: Free keeps 3 days and Starter keeps 30 days. After a downgrade, data outside the shorter visible window may be held but unavailable for up to three days so the change can be reversed. You can export each governed packet as JSON or Markdown, and you remain responsible for storing packets you need beyond retention.

Data handling

Can I revoke access or request deletion?

Yes. You can revoke GitHub access at any time and request export or deletion where applicable through support@codaegis.com. Payments run through Stripe-hosted flows, and Codaegis does not store full card details.

Security

How do I report a security issue?

Responsible disclosure is live. A machine-readable contact is served at /.well-known/security.txt (RFC 9116) alongside a published security policy; report privately to support@codaegis.com and allow a reasonable remediation window before public disclosure.

Security

What is the governed packet not allowed to do?

The packet is decision support only. It does not merge, deploy, approve, certify, or enforce, and write access to your repository is not the default posture. A human owns the decision the packet supports.

Security

What formal compliance does Codaegis claim today?

Only safeguards that are true and evidenced today: read-only review posture, bounded packet retention, no merge or deploy authority, and Stripe-handled payment data. Formal compliance features and trust artifacts remain held; Codaegis claims no certification or audit approval.

Current proof limits

These limits are not fine print. They are how the first paid module stays honest enough for a serious buyer to evaluate.

Public sample governed packets are synthetic.

This boundary keeps public explanation honest while the product continues under held public-surface evidence.

Local fixture proof is not live provider proof.

This boundary keeps public explanation honest while the product continues under held public-surface evidence.

Private proof evidence supports internal review confidence, not public hosting or production admission.

This boundary keeps public explanation honest while the product continues under held public-surface evidence.

Stripe handles payment details; Codaegis keeps only the billing records needed for access and support.

This boundary keeps public explanation honest while the product continues under held public-surface evidence.

Public API is a future or higher-tier strategic surface, not a Starter entitlement.

This boundary keeps public explanation honest while the product continues under held public-surface evidence.

Webhook packet transport remains eligibility-gated and separately admitted.

This boundary keeps public explanation honest while the product continues under held public-surface evidence.

Formal trust artifacts remain held; no certification or audit claim is made.

This boundary keeps public explanation honest while the product continues under held public-surface evidence.

Codex, Cursor, CLI, and VM-agent adapters are future demand surfaces, not active Starter features.

This boundary keeps public explanation honest while the product continues under held public-surface evidence.

Any proceed packet verdict remains decision support, not legal or security approval.

This boundary keeps public explanation honest while the product continues under held public-surface evidence.