Agent-native workflow firewall

Give AI coding agents a memory for critical workflow behavior.

DriftFence turns one critical workflow into an approved contract in Git. Agents see the guardrails before they edit, CI checks fresh traces before merge, and failed checks give agents the context to revise patches instead of guessing. Intentional behavior changes still go through human contract review.

Approved behavior in Git Workflow contracts stay reviewable by owners.

Agents query first Installed guidance and read-only context show protected behavior before edits and after failed checks.

Deterministic checks Readable first-divergence reports replace vague semantic scoring.

Low adoption friction One npm install, one config file, one GitHub Action, no hosted service.

Check workflow fit See measured proof

Best fit: backend-heavy teams with 1-10 critical workflows where approved behavior must stay visible as AI patches land. Start: one workflow fit review, then a team plan or paid pilot when the scope is clear.

AI-written patch evidence

`release-it` private-package behavior

AI-written patches kept standard CI green while changing approved behavior inside a release automation tool.

3 / 6 blocked while the repo's own checks stayed green

6 / 6 the repo's own checks passed

3 / 3 blocked and upheld on review

Second repo example

`verdaccio` deprecation merge

In the measured AI patch batch, DriftFence caught package-metadata behavior changes while the repo's own checks still passed.

5 / 5 blocked while the repo's own checks stayed green

5 / 5 the repo's own checks passed

5 / 5 blocked and upheld on review

Similar non-flagged cases

Similar cases DriftFence did not flag stay visible.

Two release-it cases and one verdaccio case did not flag in the same measured AI patch runs.

Measured contract-gate proof

Fixed AI-patch tasks show DriftFence catching approved-behavior changes while the repo's own checks still passed.

release-it example

`release-it` private-package publishing

The clearest example today is private-package publishing behavior changing while the same release checks still pass.

3/6 blocked while the repo's own checks passed
6/6 standard CI runs passed
3/3 blocked and upheld on review

Second repo example

`verdaccio` sync-uplink deprecation merge

A second repo shows the same pattern on package metadata: DriftFence blocked the change while the same repo checks still passed.

5/5 blocked while the repo's own checks passed
5/5 standard CI runs passed
5/5 blocked and upheld on review

Similar comparisons

Similar comparison cases did not trigger DriftFence.

The same results set also includes similar comparison cases that did not trigger DriftFence.

release-it.prerelease-next-tag-publish -> 0/5 valid-run catches
release-it.subdirectory-version-without-repo-tag -> 0/5 blocked while the repo's own checks stayed green
verdaccio.proxy-protocol-selection -> 0/5 valid-run catches

Where DriftFence fits

DriftFence is built for the few critical workflows where silent behavior drift is expensive even if tests still pass. The fit question is whether one workflow has a clear owner, a clear behavior boundary, and a CI path that can exercise it.

Best-fit teams

Backend-heavy and GitHub-native

DriftFence fits repos where AI-assisted implementation is common and a handful of backend workflows matter much more than the rest.

Node.js TypeScript GitHub AI-assisted delivery

Best-fit workflows

Operations with real business risk

Start where reviewers need behavior intent made explicit before implementation details move.

Billing cancellation Refunds Entitlements Provisioning Release flows Package-publishing Package metadata Private-package publishing

Why this matters

Approved behavior memory for agents

AI review asks another model whether a patch looks risky. DriftFence gives agents approved constraints before they edit, then uses the CI report to show exactly what must be revised.

behavioral intent made reviewable
Git-native approval surface
readable CI report for agent revision
AI-assisted delivery increases patch volume faster than human review can safely cover

Where MCP fits

Read-only constraints before and after the edit

DriftFence MCP lets an agent ask which approved workflows apply before touching protected files. If CI later reports drift, the agent can query the same constraints, revise the patch, or ask for contract review. MCP does not approve behavior changes or write contracts.

Fit boundary

Sometimes better tests are enough.

If one stable interface test already captures the behavior cleanly and you fully trust that as the gate, DriftFence may add little. It matters more when implementation and tests can move together while approved workflow behavior still drifts.

Choose the smallest credible start

The commercial start is intentionally simple: protect one workflow with the Team plan, or use a paid pilot when you want help choosing and rolling out the first workflow.

Team plan

From $750/month billed annually

Best when you already know the first risky workflow and want a clear commercial starting point for private production use.

Open the pricing page

Paid pilot

From $15,000 for the first workflow

Best when the workflow matters but the test surface, ownership, or rollout path still needs shaping with you.

Fit review

Check workflow fit

Bring one workflow and one reason it matters. That is enough to tell whether DriftFence fits now.

Start fit review

Bring one workflow. Leave with a clear next step.

If one critical workflow is costly to change silently, the next step is a workflow fit review. That is the fastest way to tell whether DriftFence fits now, needs a pilot, or needs a clearer workflow boundary first.