Your AI agent just broke production.
It didn't know.
mati blocks AI agents from touching dangerous code until they prove they know what's dangerous about it — and keeps the audit trail your compliance team needs.
Hard enforcement,
not suggestions.
mati intercepts file reads at the hook level. Access is denied until the agent consults the verified knowledge record for that file.
The failure mode
is always the same.
An actor with write intent had no access to the institutional knowledge that would have prevented the mistake. mati makes that knowledge structurally unavoidable.
Contractor makes a 'minor performance fix' to a data pipeline. No one flags it as HIPAA-covered. Audit exposure 6 months later.
mati blocks the read. The agent consults the gotcha: 'Every read/write to patient_records must call audit_log::record_phi_access.' The audit trail logs the consultation.
Built for teams
handling PHI.
mati generates the audit trail your SOC 2 auditor will ask for. Every agent action, every DENY decision, every policy consultation — logged, timestamped, and exportable.
What your
auditor sees.
Every enforcement decision, cryptographically signed and auditor-ready. Your audit trail started the day you installed mati.
What your agent sees.
12 languages.
Real codebases.
Every resolution rate is verified against a real-world open-source project. No toy fixtures, no synthetic benchmarks.
| Language | Resolution | Verified against | Edges |
|---|---|---|---|
| Rust | 97% | ripgrep | 342 |
| Python | 100% | httpx | 124 |
| TypeScript | 97% | vitest | 2,147 |
| Go | 98% | hcl | 190 |
| Java | 95% | jsoup | 740 |
| C | 100% | mimalloc | 129 |
| C++ | 95% | nlohmann/json | 619 |
| Ruby/Rails | structural | discourse | 2,622 |
| Haskell | meaningful | aeson | 223 |
| Scala | partial | zio-json | 21 |
| JavaScript | shared | vitest | — |
| Elixir | fixture | Mix | — |
Your agent sees what matters.
Blast radius
Co-change clusters
Staleness propagation
Not a memory tool.
Not a linter.
mati answers a different question: has this actor proven they understand what's dangerous about this file — and can we prove it to an auditor?
| Capability | mati | AI memory | Linters | ADRs |
|---|---|---|---|---|
| Block reads until knowledge consulted | ● | — | — | — |
| Compliance audit trail | ● | — | — | — |
| On-prem, zero network calls | ● | — | ● | ● |
| Per-file gotchas with confidence scoring | ● | — | — | — |
| Works without any LLM calls | ● | — | ● | ● |
Your AI agent just refactored a payment flow and removed the fraud check. With mati, that's structurally impossible — the agent can't read the file until it proves it knows about the fraud check.
Free for developers.
Paid for compliance teams.
Cloud compliance tools automate paperwork. mati enforces compliance at the code level — before the code ships.
- 01Full enforcement engine
- 0212-language import resolution
- 03Blast radius & co-change clusters
- 04Enforcement event recording
- 05365-day event retention
- 06Claude Code & Codex support
- 01Signed audit PDF export
- 02Cryptographic chain of custody
- 03License-verified enforcement reports
- 04Extended retention controls
- 05Direct support from the founder
Signed audit export aligned with SOC 2 Type II and HIPAA evidence requirements.
Running in your repo in 15 minutes.
Questions, answered.
The short version of how mati works, what it touches, and why it's different.
What is mati?
mati is compliance infrastructure for AI-assisted engineering. It blocks AI coding agents from reading or editing dangerous code until they prove they understand the per-file constraints ("gotchas"), and it records an audit trail for compliance teams. mati runs on-prem with zero network calls and works without any LLM calls.
How does mati stop AI agents from breaking production code?
mati intercepts file reads at the hook level and denies access until the agent consults the verified knowledge record for that file. For example, before editing a payments file the agent must acknowledge a constraint such as keeping an idempotency check that was added after a fraud incident, so it cannot silently remove safeguards.
Does mati make LLM calls or send code to the cloud?
No. mati works without any LLM calls and makes zero network calls. It runs entirely on-prem, which is what makes it suitable for regulated environments handling sensitive or compliance-covered code such as HIPAA data.
What programming languages does mati support?
mati supports 12 languages: Rust, Python, TypeScript, Go, Java, C, C++, Ruby/Rails, Haskell, Scala, JavaScript, and Elixir, with knowledge-resolution rates up to 100%.
How is mati different from agent memory, linters, or ADRs?
Unlike agent memory, linters, or ADRs, mati hard-blocks file reads until the required knowledge is consulted, produces a compliance audit trail, and scores per-file gotchas by confidence — all on-prem with zero network calls. Memory and ADRs are passive; mati is enforcement.
Does mati provide a compliance audit trail?
Yes. Every time an agent consults a gotcha before editing a file, mati logs the consultation. Compliance teams get a verifiable audit trail showing exactly what the agent knew before it made each change.