What it does
- L1 pre-merge gate — 5 conditions a PR must satisfy before merge.
- L2 post-merge re-validation — detect real regressions on
mainand file an incident with the revert command; ignore infra-only failures (Actions outages). - L3 race-guard — re-check the base just before merging.
- L4 identity gate — validate Agent-* commit trailers against your registry.
- L5 break-glass auditor — surface `[break-glass-*]` commits + demand ADR within 24h.
- Decision Inbox — Quadrant D (irreversible + critical) PRs reach you as GitHub Issues with a structured ballot.
Why "multiagent" not "Claude" / "Codex" / etc.
The protocol treats every agent equally. Adding a new vendor takes one line in config/agent_registry.yml. Identity is enforced through commit trailers, not API endpoints.
What it is NOT
- Not a CI/CD system — bring your own tests.
- Not a code reviewer — it routes to you or auto-approves, never opines on diff quality.
- Not a replacement for GitHub Pro's branch protection if you can pay.
- Not a multi-tenant SaaS — each operator runs their own copy.