Tul-KI Apply for private pilot
For AI agents touching production code

Approve the exact diff, not the agent.

Tul-KI fingerprints each risky agent action, checks policy, requests approval when required, and issues a signed Action Receipt that downstream gates can verify before they accept the change.

Apply for private pilot See an Action Receipt →
Action Receipt signed
diff_hashsha256:a1b2c3d4e5f6...
policyregulated-coding-v1
approverplatform-security
accepting_systemdownstream_gate
AI Agent
Entry points
Repo / PR
CLI command
API / webhook
MCP tool call
Signed
Receipt
Accepting
System
Works above the agent: Tul-KI evaluates and records clearance for the change, not the chat tool.
Claude Code Codex Cursor Copilot Devin Windsurf

Policy for risky surfaces

Configure which paths and actions need clearance: auth, billing, infra, CI, secrets-related files, and deploys.

Approve the exact diff

Each Action Receipt binds approver, policy, changed paths, and diff hash. Change the code and clearance expires.

Proof that travels

Verify the same receipt in PR checks, merge rules, pilot deploy checks, or other acceptance points.

How exact-diff clearance works

1

An agent proposes a change

Tul-KI fingerprints the diff and reads the affected paths, workflow, and policy context.

2

Policy decides the next step

Configured low-risk edits can pass. Teams can pause sensitive paths and actions for approval.

3

A receipt unlocks the next control

The signed receipt is valid only for that diff, so modified or stale changes must be cleared again.

$ tulki doctor --repo .
AI agent readiness: 9/15
❯ _
Readiness scan

Find the risky agent paths first

tulki doctor maps where agents can affect sensitive code, CI, deploy, and approval flows, then gives teams a starting policy before enforcement.

Clearance scenarios

One decision, verified wherever the change moves.

Tul-KI checks the receipt against the current diff. It does not trust a PR title, branch, or stale approval; if the diff changes, clearance no longer applies.

Tul-KI Clearance CheckAction required
● billing/refunds.py sensitive_path

No valid Action Receipt found for this exact diff.

diff_hash: sha256:a1b2c3d4e5f6...
policy: regulated-coding-v1
Design partner program

Bring us your riskiest agent-written changes

We’re looking for teams already using AI coding agents on production repos. In the pilot, we’ll map your risky paths and actions, write the first policy, and wire exact-diff receipt checks into one acceptance point: PR, merge, deploy, CLI, or webhook.

We’ll use this only to follow up about the Tul-KI design partner program. Protected by Cloudflare Turnstile.