PROOFTETHER

Make autonomous work accountable.

ProofTether is the evidence layer for autonomous work. ProofTether Control gives AI-assisted software teams scoped MCP access, context packs, review gates, and audit-ready proof before agent work reaches production.

No full repo upload required. Source code stays local by design.Scoped MCP contextProvider keys stay yours

THE PROBLEM

Autonomous work moves fast. Ungoverned autonomous work is expensive.

ProofTether Control is the product line between your repo and your coding agents: dependency-aware execution packs, queue discipline, scoped context, test evidence, and launch proof.

Agents hallucinate without scope

Full repo access gives agents too many tempting paths and no enforced boundary.

No auditable evidence trail

Teams cannot prove which context was used, which gates passed, or why the output was accepted.

Context is rebuilt every run

The same repo, docs, and decision history are rediscovered instead of packaged into reusable slices.

Security boundary is unclear

Raw source, provider keys, datasets, and local model state need an explicit data boundary.

1

Define goal

The operator starts with a goal, scope, organization, project, and allowed artifact kinds.

2

Generate scoped context

Matrix builds a context pack instead of handing the agent the whole repository.

3

Execute through gates

Agents work through evidence gates, regression checks, and explicit stop conditions.

4

Publish evidence

The cockpit records access packs, reports, comparisons, and launch-readiness proof.

MODEL CONTEXT PROTOCOL

Scoped MCP access, not full repo access.

Agents get only the context they need - a slice of the repo, a constrained set of artifact kinds, an explicit deny-list. The MCP server enforces scope at the boundary; the cockpit signs every access with a hashed proof.

// MCP MANIFEST - matrix.json
{
  "mcpServers": {
    "matrix": {
      "command": "npx",
      "args": ["-y", "@matrix/mcp-server@latest"],
      "env": { "MATRIX_TOKEN": "$MATRIX_TOKEN" },
      "scope": {
        "paths": ["src/billing/**", "docs/sla/**"],
        "kinds": ["plan", "snapshot", "review", "publish"],
        "deny": ["*.env", "secrets/**", ".git/**"]
      },
      "dataBoundary": {
        "serverStores": ["goal-metadata", "evidence-hashes"],
        "staysLocal": ["source-code", "api-keys", "datasets"]
      }
    }
  }
}
Server stores
  • Goal metadata
  • Evidence hashes
  • Artifact registry index
Stays local
  • Source code
  • API keys
  • Datasets & model weights
Server stores: goal metadata, evidence hashes. Stays local: source code, API keys, datasets.

SECURITY & DATA BOUNDARY

No full repository upload required.

Matrix is a control plane, not a code host. Full source repositories, provider API keys, secrets, datasets, and local model weights are designed to remain in the customer workspace. Customer-selected snippets, metadata, hashes, and evidence references may be processed only where needed for scoped workflows.

What the server stores
  • Goal metadata
  • Evidence hashes
  • Artifact registry index
  • Published evidence reports
  • Organization & seat ledger
What stays local
  • Source code (full repo)
  • Provider API keys
  • Local LM model weights
  • Customer datasets & secrets
  • Agent runtime sessions

AI runtime modes

Local LM ADVISORY

Runs in your workspace. Matrix uses its output as advisory context only - never as published truth.

Local/server LM is advisory-only.

Provider API CUSTOMER-CONTROLLED

Bring your own key. Matrix never stores it.

Server-managed METADATA ONLY

Server coordinates goals and evidence, not source uploads.

BUILT FOR TEAMS

Built for teams, not just solo agents.

Coding agents don't ship alone. Matrix gives your team a shared control plane: who can issue access, which packs are in flight, and what changed across every goal.

Seats & roles

Owner, admin, member. Seat usage visible at the org level. Invite by email; revoke in one click.

Access packs

Bundled MCP manifest, connection proof, and admin handoff. One pack per workspace, signed and revocable.

Shared context packs

Context packs are org-scoped, not session-scoped. Reuse them across goals, agents, and team members.

Comparison & diff

Diff two artifacts, workspaces, or goal reports. Reviewers see exactly what changed between gates.

PRICING

Simple paid-founder launch.

Start with the read-only preview or claim Founder Access. Founder Access is $17 for the first 3 months plus applicable taxes calculated by Paddle at checkout. It does not automatically renew. After the founder period, eligible users can optionally continue on Founder Pro at $99/month for 12 months through a separate checkout or subscription acceptance. Regular Pro Operator pricing will be $149/month after launch.

Free Preview

$0 / no account

Walk a sample product flow end-to-end, read-only. No org, no seats, no commit.

  • 7-step sample product delivery
  • Read-only evidence inspection
  • No source code required
  • No credit card
Open preview
RECOMMENDED

Founder Access

$17 / first 3 months

First 1000 builders only. $17 for the first 3 months plus applicable taxes calculated by Paddle at checkout. No automatic renewal without separate acceptance.

  • First 1000 builders
  • Scoped MCP access packs
  • Execution packs and gates
  • Skill templates after paid activation
  • Optional Founder Pro continuation at $99/month for 12 months
Claim Founder Access

Pro Operator

$149 / month after launch

Regular Pro Operator pricing will be $149/month after launch. Public purchase opens after Founder Access validation.

  • Hosted cockpit
  • MCP project bootstrap
  • Context packs
  • Evidence publishing
  • Runtime setup
Coming after launch

Team

Custom / later

Organization-wide seats, policies, and review workflows. This is not part of the Founder Access launch scope.

  • Multi-seat governance
  • Team policies
  • Review queues
  • Enterprise data boundary
  • Coming later
Join waitlist