SYS://RECOURSE_OS/V1.0
STATUS: OPERATIONAL
Consequence Verification for Autonomous Systems

The agent proposes.
The gateway enforces. RecourseOS verifies consequences.

RecourseOS analyzes blast radius, evaluates recoverability against live infrastructure state, gathers evidence, and issues cryptographically signed attestations. 175+ resource types. Native MCP server, CLI, and CI integration.

Get StartedRead the Architecture BriefWhy we're different
Scroll
Evaluates mutations from
TerraformTerraform
ShellShell
MCPMCP
AWSAWS
GCPGCP
AzureAzure
KubernetesKubernetes
DockerDocker
GitHub ActionsGitHub Actions
PulumiPulumi
See It In Action

Watch RecourseOS block a destructive deletion

Claude Code attempts to delete a production RDS instance — RecourseOS evaluates the consequences and returns a BLOCKED verdict.

Real infrastructure. Real agent. Real protection.

12 seconds.

That's how long it takes an AI agent to destroy production.

$agent: "I'll just clean up this old database."
✗ Without RecourseOS
12 seconds to gone.
0:02terraform destroy --auto-approve
0:03Destroying aws_db_instance.prod_legacy...
0:05Destruction complete · skip_final_snapshot: true
0:06Read replicas terminated · cascade
0:08Application: Connection refused
0:12PagerDuty: CRITICAL · DB unreachable
0:45Engineer: "where's the backup?"
1:20Engineer: "skip_final_snapshot was true."
???Customer data — gone.
✓ With RecourseOS
Stopped at the gate.
0:02gateway_terraform_plan submitted
0:03Evaluating: aws_db_instance.prod_legacy
├ skip_final_snapshot: true
├ backup_retention: 0d
└ deletion_protection: false
0:03VERDICT: unrecoverable
0:03✗ BLOCKED · human approval required
+2hHuman enabled backups → approved.
Production: safe. Data: recoverable.

2 minutes of friction
vs 6 months of rebuild.

Banks have two-person rules. Hospitals have two-person rules. Nuclear launch has two-person rules. We're putting one back between your agents and prod.

How It Works

Single evaluation engine.
Universal consequence contract.

Every mutation — Terraform plan, shell command, MCP tool call — normalizes to a MutationIntent, flows through deterministic rules plus semantic classification, and produces a signed ConsequenceReport.

01
BLAST RADIUS ANALYSIS

Identify every resource affected by the proposed change. Map dependencies. Calculate cascade impact.

02
RECOVERABILITY VERIFICATION

Check deletion protection, backup status, versioning, retention policies. Classify: reversible, effort, backup, or unrecoverable.

03
EVIDENCE GATHERING

Query live infrastructure state. Capture protective mechanisms. Document reasoning chain for audit.

04
VERDICT + ATTESTATION

Return allow, warn, escalate, or block. Issue Ed25519-signed attestation binding decision to evidence.

Pipeline Status
GATE 01
PENDING
GATE 02
PENDING
GATE 03
PENDING
GATE 04
PENDING
AWAITING CLEARANCE
The Contract

Machine-readable verdicts. Cryptographic attestations.

Enum decisions, typed recoverability tiers, structured evidence arrays, Ed25519-signed attestations. No prose interpretation. The ConsequenceReport is the canonical output — consumed by agents, stored for audit, verified by policy engines.

attestation.0x7f
CONSEQUENCE REPORTv0.1.0
RESOURCEaws_db_instance.production
ACTIONdelete
TIERunrecoverable
EVIDENCEskip_final_snapshot=true, backup_retention=0
DECISIONblock
REASONNo recovery path — deletion is permanent
ATTESTATIONrecourse://att/a4f8c9...
SIGNEDEd25519 / key_id: k_2026...
Coverage

Deterministic rules for known resources.
Conservative escalation for unknowns.

175+ resource types with provider-specific handlers across AWS, GCP, and Azure. Unknown resources undergo semantic classification — weak evidence escalates to human review, never to automatic approval.

Ed25519 Signed Attestations

Every consequence report is signed with Ed25519. Attestations include the original input hash, decision, evidence, and timestamp. Verifiable by anyone with the public key. Cross-implementation verification proven between TypeScript and Go SDKs.

Deterministic Rules + Semantic Fallback

175+ resource types have deterministic handlers that check deletion protection, versioning, backup status. Unknown resources use semantic classification with conservative defaults — weak evidence escalates, never approves.

Per-Mutation Evaluation

No persistent trust. Every Terraform plan, shell command, and MCP tool call is evaluated independently. Agents call RecourseOS before each action. The verdict is specific to that mutation at that moment.

Structured Evidence Chain

Every decision includes the evidence that informed it: which protective mechanisms were checked, what values were found, why the tier was assigned. The reasoning chain is machine-readable for audit integration.

Global Enforcement

Wherever your agents reach,
so do we.

Multi-region enforcement runs at the edge of your agent's execution surface — Terraform Cloud, kubectl, shell, MCP. Every verdict in <50ms, signed and auditable.

Regions12 active · 4 standby
Verdicts/sec8,400 sustained
Tail latency47ms p95 / 110ms p99
Integrations

Deploy where your agents execute.
One config line. Full coverage.

Autonomous Agent
RecourseOS
Infrastructure
Agent SDKs
MCP Server
Published
LangChain
Published
LlamaIndex
Published
Go SDK
Tested
OpenAI Assistants
Code Ready
CI/CD & GitOps
GitHub Action
Published
Terraform Cloud
Tested
Atlantis
Code Ready
Pulumi Policy
Code Ready
AWS Lambda
Code Ready
Kubernetes
Admission Controller
Code Ready
kubectl Plugin
Code Ready
Enforcement
MCP Gateway Mode
Code Ready
IAM Session Broker
Code Ready
Attestation Format
Tested
Notifications
Slack Webhook
Code Ready
Discord Webhook
Code Ready
PagerDuty
Code Ready
Opsgenie
Code Ready
Developer Tools
CLI
Published
VS Code Extension
Code Ready
Raycast Extension
Code Ready
Desktop App
Code Ready

Drop-in policy layer. No agent rewrites. No infra migration.

Built For

For the teams building autonomous systems
and the teams responsible when they fail.

Agent Builders

Your agent needs to know what it can't safely do.

Add RecourseOS as an MCP tool. Before your agent executes a destructive action, it calls recourse_evaluate. The response tells it whether to proceed, warn, escalate, or block — with evidence it can relay to the user.

Platform Teams

Autonomous systems touch your infrastructure. You need visibility.

Every mutation that passes through RecourseOS carries a signed attestation. When something goes wrong, you have the evidence chain: what was proposed, what was evaluated, why the decision was made.

Security & Compliance

You need machine-readable audit trails, not prose logs.

ConsequenceReports are structured JSON with typed fields. Evidence is enumerated. Decisions are enums. Attestations are Ed25519-signed. Integrate with policy engines, audit systems, and compliance workflows.

Get Started

Add consequence verification
to your agent in one line.

RecourseOS is available now. Published in the official MCP Registry. Works with Claude Code, Cline, Cursor, and any MCP-compatible agent.

MCP Configuration
{ "mcpServers": { "recourseos": { "command": "npx", "args": ["-y", "recourse-cli@latest", "mcp", "serve"] } } }
View on GitHubnpm install