§ MERGE GATE FOR CODING AGENTS private beta · 2026.04

Your agent ships more PRs than you can review. Sigil decides which ones to trust.

Sigil runs every agent-generated pull request through tests the agent never sees, then emits one of three verdicts — ALLOW, REVIEW, or BLOCK — each signed, audit-trailed, and governed by a trust ladder the system has to earn. Auto-merge becomes something the system proves, not something you grant blind.

Request access → How it works Read the docs ↓
§ 01 · THE PROBLEM

Coding agents broke the assumption that humans review every merge.

Three things break at once — and none of them has a good answer in the tools you already have.

01
Volume
Your agent can ship fifty PRs this week. Your team can review ten.
Throughput is the point of adopting an agent — and the source of the problem. Every PR still needs a merge decision. None of them can wait a day.
02
Trust
You won't auto-merge blind. You won't review every PR.
The spectrum between "trust the agent" and "trust nobody" doesn't give you a principle — just a policy you have to keep adjusting. What's missing is a gate that has a principle.
03
Gaming
Your CI runs tests the agent can read.
Agents are very good at making tests pass. If a test lives inside the PR, it stops being a safety net and becomes a specification the agent targets directly. Coverage goes up; correctness doesn't follow.
§ 02 · WHY IT WORKS

Two ideas do the load-bearing work.

Everything else — the ledger, the signatures, the CLI surface — is plumbing. These two are the product.

Isolation
Tests the agent never sees.
Sigil splits every test suite in half: a visible portion the agent iterates against, and an age-encrypted holdout it never reads. The visible half guides development; the holdout decides the merge. An agent can optimize what it can read — it cannot optimize what it can't.

On failure, the agent learns that a holdout step failed and which spec document it relates to. It does not learn the test content, the expected values, or the failure diagnostics. The dark factory holds by construction, not by policy.
Earned autonomy
Trust is a ledger entry, not a config flag.
Every service starts at zero. Sigil records every verdict it would have emitted and compares it against what humans actually merged. When agreement holds across a rolling window, the service climbs the ladder: first shadow, then advisory, then auto-merge.

Any incident decays it back. Auto-merge is something the system proves, reproducibly, before the gate ever lets a verdict through unattended.
§ 03 · WHO IT'S FOR

Teams who adopted coding agents and hit the merge queue.

You're already feeling it, or you're about to. Here's who Sigil was designed for.

Platform teams
You own CI and the merge queue.
Engineers are asking for coding-agent support. Leadership is asking for velocity. You're the one who has to ship that without giving up the guardrails you've spent years building. Sigil drops into an existing merge queue and GitHub status-check surface.
Engineering leaders
Your team deployed a coding agent. Now what?
Claude Code, Cursor, Devin, or something internal. The first month was exciting. Month two needs a story for how the main branch stays green without your senior engineers turning into full-time reviewers. Sigil is that story.
Coding-agent builders
Your agent needs an external trust layer.
Your customers want evidence your agent's output is safe to merge — evidence that doesn't come from your agent. Sigil is deliberately external: open source, self-hosted, signed builds. Your users can audit it end-to-end.
PRIVATE BETA

Ship coding-agent code like you ship the rest of it.

Sigil is in private beta. Self-hosted, Apache-2.0, signed builds — free forever for evaluation, personal use, and internal business use. Reach out if you want early access or you have a use case you want to talk through.

Request access → How it works