Before any agent
deletes, modifies, or destroys — RecourseOS returns a verdict.
RecourseOS analyzes blast radius, evaluates recoverability against live infrastructure state, gathers evidence, and issues cryptographically signed attestations. 175+ resource types. Native MCP server, CLI, and CI integration.
Terraform
Shell
MCP
AWS
GCP
Azure
Kubernetes
Docker
GitHub Actions
PulumiWatch RecourseOS intercept a destructive command
Cline calls rm -rf — RecourseOS evaluates recoverability and returns a verdict before execution.
Full demo video coming soon — this preview shows the evaluation flow
Autonomous systems lack consequence awareness.
They execute. They don't verify.
An agent sees "will be destroyed" but can't distinguish recoverable from permanent. It executes. The resource is gone. RecourseOS provides the missing layer — consequence verification that agents query before execution, not after incident.
says "will be destroyed" — but doesn't verify backup existence or deletion protection state
the database disappears no backup existed
agent executes shell command with no recoverability check
directory contained production configs
autonomous system calls delete API with full permissions
no audit, no evidence no attestation
Single evaluation engine.
Universal consequence contract.
Every mutation — Terraform plan, shell command, MCP tool call — normalizes to a MutationIntent, flows through deterministic rules plus semantic classification, and produces a signed ConsequenceReport.
Identify every resource affected by the proposed change. Map dependencies. Calculate cascade impact.
Check deletion protection, backup status, versioning, retention policies. Classify: reversible, effort, backup, or unrecoverable.
Query live infrastructure state. Capture protective mechanisms. Document reasoning chain for audit.
Return allow, warn, escalate, or block. Issue Ed25519-signed attestation binding decision to evidence.
Machine-readable verdicts. Cryptographic attestations.
Enum decisions, typed recoverability tiers, structured evidence arrays, Ed25519-signed attestations. No prose interpretation. The ConsequenceReport is the canonical output — consumed by agents, stored for audit, verified by policy engines.
Deterministic rules for known resources.
Conservative escalation for unknowns.
175+ resource types with provider-specific handlers across AWS, GCP, and Azure. Unknown resources undergo semantic classification — weak evidence escalates to human review, never to automatic approval.
Ed25519 Signed Attestations
Every consequence report is signed with Ed25519. Attestations include the original input hash, decision, evidence, and timestamp. Verifiable by anyone with the public key. Cross-implementation verification proven between TypeScript and Go SDKs.
Deterministic Rules + Semantic Fallback
175+ resource types have deterministic handlers that check deletion protection, versioning, backup status. Unknown resources use semantic classification with conservative defaults — weak evidence escalates, never approves.
Per-Mutation Evaluation
No persistent trust. Every Terraform plan, shell command, and MCP tool call is evaluated independently. Agents call RecourseOS before each action. The verdict is specific to that mutation at that moment.
Structured Evidence Chain
Every decision includes the evidence that informed it: which protective mechanisms were checked, what values were found, why the tier was assigned. The reasoning chain is machine-readable for audit integration.
Deploy where your agents execute.
One config line. Full coverage.
Drop-in policy layer. No agent rewrites. No infra migration.
For the teams building autonomous systems
and the teams responsible when they fail.
Agent Builders
Your agent needs to know what it can't safely do.
Add RecourseOS as an MCP tool. Before your agent executes a destructive action, it calls recourse_evaluate. The response tells it whether to proceed, warn, escalate, or block — with evidence it can relay to the user.
Platform Teams
Autonomous systems touch your infrastructure. You need visibility.
Every mutation that passes through RecourseOS carries a signed attestation. When something goes wrong, you have the evidence chain: what was proposed, what was evaluated, why the decision was made.
Security & Compliance
You need machine-readable audit trails, not prose logs.
ConsequenceReports are structured JSON with typed fields. Evidence is enumerated. Decisions are enums. Attestations are Ed25519-signed. Integrate with policy engines, audit systems, and compliance workflows.
Add consequence verification
to your agent in one line.
RecourseOS is available now. Published in the official MCP Registry. Works with Claude Code, Cline, Cursor, and any MCP-compatible agent.
{ "mcpServers": { "recourseos": { "command": "npx", "args": ["-y", "recourse-cli@latest", "mcp", "serve"] } } }