an engineering team that ships itself

Engineering,
on demand.

An autonomous software-engineering platform. Submit a brief. Ship working code. For any codebase, in any domain.

Get in touch → See how it works
Pillar 1 / Plans itself

One agent. Or five. Decided per task.

Most agent platforms have fixed roles — Planner, Coder, Reviewer — running in the same shape for every task. HissAI's planner reads your brief and emits a fresh topology each time. A bug fix gets one agent. A multi-feature build gets five working in parallel. No hard-coded shape.

task-001 · hiss-orchestrator
BRIEF
Add a GET /version endpoint to api/main.py that returns the package version. Don't break /health.
// emitted plan { "topology": "single", "rationale": "Single-file change, no UI or tests required beyond curl", "agents": [ { "id": "a1", "role": "implementer", "tools": ["read_file", "write_file"] } ], "budget_usd": 0.10 }
WHY THIS PLAN
Tiny scope, one file, no parallelism needed. One implementer agent, capped at ten cents.
Pillar 2 / Bound by safety

Five rings around every agent.

The agent loop is the smallest, most-constrained component. Around it: input validation, pre-execution gates, plan-time validation, runtime isolation, post-execution checks. Every action passes through every ring. Authorization, branch policy, budget caps, sandbox isolation, test gates — all enforced before anything touches your repo.

Ring 5 · Post-execution Ring 4 · Runtime isolation Ring 3 · Plan validation Ring 2 · Pre-execution Ring 1 · Input Agent loop
Every call passes every ring. No exceptions.
Pillar 3 / Auditable

Nothing happens you can't see.

Every LLM call traced. Every tool call logged. Cost attributed per task, per agent, per role. Built on a durable execution kernel — any workflow can be replayed deterministically from its journal. For debugging, for compliance, for trust.

trace · task-001
LLM tokens
3,840
Tool calls
7
Wall time
42s
Cost
$0.07
RESULT
PR opened on task/001-add-version. Tests passed. Diff reviewed by verifier sub-agent.
The execution engine

From brief to pull request.

Every task moves through the same gates. Nothing skipped, nothing rushed.

brief
validate
plan
execute
verify
PR
review
01

Durable

Tasks survive crashes, deploys, and day-long human pauses. Built on a replay-based runtime — never a coin flip.

02

Isolated

Each sub-agent runs in a fresh microVM sandbox. No host filesystem. Network egress allowlist only.

03

Observable

Every call traced. Every cost attributed. Every workflow replayable. Audit trail by default.

How it differs

Not every agent platform is built the same.

Three differences matter most.

Capability HissAI Typical agent platforms
Agent topologyDecided dynamically per taskFixed roles, same shape every time
Human-in-the-loopFallback — humans called only when stuckGate — humans approve every step
Audit trailEvery call, full deterministic replayLogs, no replay
IsolationFresh microVM per sub-agentShared workspace, container-level
Domain assumptionsZero — works on any codebaseOften opinionated about stack
Branch + merge policyConfigurable per project, policy-enforcedConvention, not enforced
Roadmap

Private beta now. Open soon.

Working with a small group of partners first. Generally available once the feedback loop closes.

Today
Private beta

A handful of teams running real engineering work through HissAI. Domain-agnostic. Every task auditable end-to-end.

Engineering velocity, on demand.

We open beta access in waves. If your team has a backlog you can't get to — let's talk.

Get in touch →
How it works

Brief in.
PR out.

Three layers do the work — planning, execution, verification — each with its own safety envelope.

Layer 1 / Plan

Hiss-Orchestrator decides the shape.

The orchestrator is a single Claude call with one job: read the brief, read the project context, emit a typed plan. How many sub-agents. What roles. What runs sequentially, what runs in parallel. The plan is JSON — validated against a schema before any agent runs.

Same orchestrator, completely different plans, because the input changed.

TOPOLOGY · five-agent build
a1 investigator a2 backend a3 frontend a4 tester a5 verifier PR PARALLEL BLOCK
Investigator → parallel(backend, frontend, tester) → verifier → PR.
Layer 2 / Execute

One microVM per sub-agent.

Each agent runs in a fresh Firecracker microVM. Its workspace is a git worktree of the target repo. Its tools come from a Cedar policy scoped to its role — investigator gets read-only, implementer gets write, verifier gets the browser. Network egress is allowlisted. Token budgets capped per call.

When the sub-agent finishes, the sandbox is destroyed. No state leaks. No cross-contamination.

sandbox · a1
PROCESS ISOLATION
firecracker microVM · 2 vCPU · 1 GiB RAM · ephemeral filesystem · egress allowlist: api.anthropic.com, api.github.com
TOOL ALLOWLIST (role: implementer)
read_file
write_file (within workspace only)
run_tests
git_push (workflow-only)
shell(rm -rf) (blocked by Cedar)
ENFORCED BY
Cedar policy bundle, versioned in git. Hot-reloaded — change policy without redeploying agents.
Layer 3 / Verify

Tests pass. Diff scanned. PR opened.

Before any change reaches your repo: pre-commit hooks run (lint, format, type-check). The test suite must pass. A separate verification pass reviews the diff for suspicious patterns — large deletes, sensitive paths, lockfile bypass. Only then does HissAI open a pull request. Auto-merge is opt-in per project, off by default.

verify · task-001
✓ Lint 0 errors, 0 warnings
✓ Type-check mypy clean
✓ Tests pytest · 42 passed in 3.2s
✓ Diff scan no sensitive paths, deletes ≤ threshold
→ PR opened task/001-add-version
Cost discipline

Every dollar accounted for.

Hiss-Orchestrator runs on the strongest model. Sub-agents use the cheapest model that handles their role. Background scoring uses a Haiku-class model that costs a rounding error. Every task has a budget envelope — enforced before each call.

Safety

Five rings.
Zero shortcuts.

The agent loop is the smallest, most-constrained piece. Production HissAI wraps it in concentric rings of governance — and every call passes every ring.

The rings, in order

Every gate, named.

RING 01

Input validation

  • Template schema check
  • Completeness score ≥ threshold
  • Interview mode triggered if ambiguous
  • Required fields enforced
RING 02

Pre-execution gates

  • Authorization (Cedar policy)
  • Repo allowlist per submitter
  • Branch policy: base, naming, protected exclusions
  • USD budget envelope, time budget
RING 03

Plan-time validation

  • Plan JSON validated against schema
  • Max agent count enforced
  • Budget split sums within envelope
  • Forbidden operations rejected pre-execution
RING 04

Runtime isolation

  • Firecracker microVM per sub-agent
  • Tool allowlist per role (Cedar)
  • Network egress allowlist only
  • Per-call token budget
RING 05

Post-execution checks

  • Pre-commit hooks (lint, format, types)
  • Test suite must pass
  • Diff scanner for suspicious patterns
  • PR opened; humans merge
CROSS-CUT

Audit + recovery

  • Every LLM and tool call traced
  • Cost attributed per task/agent/role
  • Deterministic replay from journal
  • request_help → human inbox, workflow pauses
Branch policy

Your repo. Your rules.

HissAI never pushes to your protected branches. Each task creates a deterministic feature branch — task/<id>-<slug> — off a base branch you configure per project. Force pushes forbidden. Main and release branches blocked at the policy layer.

Audit + recovery

Nothing silent. Nothing irreversible.

TRACE

Every call

LLM calls, tool calls, sub-agent spawns. Hierarchical trace tree per task. Clickable from PR to the prompt that produced it.

COST

Per dollar

Cost attributed by task, agent, role. Budgets enforced before each call. No surprises in your bill.

REPLAY

Deterministic

Any workflow can be replayed exactly from its journal. For debugging, compliance evidence, or regression testing.

Architecture

Engineered for
production.

The same primitives a serious engineering team would assemble — if they had the time. Durable execution. Cryptographic identity. Typed policy. Real observability.

Stack

Best-in-class, replaceable.

Every layer shares an open protocol — MCP, OpenTelemetry, CloudEvents, OpenAPI. Glue stays thin. Components stay swappable.

Durable execution

Restate — replay-based runtime. Tasks survive crashes, deploys, and day-long human pauses.

Agent runtime

Claude Agent SDK on the latest Claude models. Bounded loops, structured outputs, typed contracts.

Tool protocol

Model Context Protocol. One open contract for every tool and every service HissAI talks to.

Sandbox

Firecracker microVM per sub-agent. Sub-second cold start. Network egress allowlist.

State + memory

PostgreSQL with pgvector. Entities, semantic recall, audit — one source of truth.

Policy + identity

Cedar for fine-grained authorization. SPIFFE for per-agent cryptographic identity.

Tracing + evals

Langfuse. Every prompt, every tool call, every model decision — observable end-to-end.

Code understanding

Tree-sitter AST + semantic search. Real comprehension of your codebase, not pattern matching.

Verification

Playwright in-sandbox for UI verification. Test suites run before any claim of success.

Engineering ethos

No microservices we don't need.

HissAI runs on one durable kernel, one Postgres, one sandbox provider, one tracing pipeline. Cheap to operate, easy to reason about. Complexity is added only when measured pain demands it — never speculatively.

About

Why this
exists.

Every engineering team carries a backlog of small, well-scoped work that keeps slipping. Fixes, tweaks, ports, integrations, tests. Important enough to want done. Not important enough to staff.

HissAI runs that work. Auditably, reversibly, on any codebase. Built so the team stays on the hard problems and the long tail finally moves.

Engineering velocity that's auditable, reversible, and bounded — so any team, on any codebase, can clear the work they've been deferring.

— the principle, in one breath
Where we are

Built, then sold.

SHIPPING

Core

Hiss-Orchestrator, sub-agent runner, durable execution, sandbox, tracing — all wired and running.

BETA

Customers

Working with a small group of partners running real engineering work end-to-end.

NEXT

Open

Self-serve onboarding, enterprise SSO, on-prem deploy for compliance-sensitive teams.

Be one of the first.

The first ten teams shape how HissAI grows. We listen as much as we ship.

Get in touch →
Get in touch

Let's talk.

HissAI is in private beta. Tell us about your team and what's on the backlog. We'll be in touch when a slot opens.

We answer every email a human writes. Usually within a day.

Privacy

Privacy Policy

Last updated: May 30, 2026

HissAI is in private beta. This document describes, in plain language, what we collect from beta partners, how we use it, and what we never do.

What we collect

  • Account info — name, work email, team/company.
  • Task briefs and outputs — what you ask HissAI to build, and what HissAI produced. Used to run the service and to debug failures.
  • Repo access tokens — scoped GitHub credentials you grant per project. Stored encrypted, revocable at any time.
  • Usage metadata — task counts, LLM cost, latency, error rates.

What we do with it

  • Run your tasks — read your repo, write the code, open the PR.
  • Improve the product — failure modes, success rates, latency improvements (in aggregate).
  • Bill you accurately (in beta this is free; the same data powers billing later).

What we don't do

  • We don't train our models on your code. Period.
  • We don't read your code outside of running your tasks.
  • We don't share your data with third parties unless legally compelled (in which case we tell you when allowed).

Deleting your data

Email privacy@hissme.online and we'll remove every record we hold within seven days.

Contact

Questions: privacy@hissme.online. Humans answer.

Terms

Terms of Service

Last updated: May 30, 2026

Using HissAI

HissAI is provided to beta partners under a written agreement. By accepting an invitation you agree to these terms and any project-specific agreement we exchange.

What HissAI is, and isn't

HissAI is an autonomous engineering tool that proposes changes to your codebases via pull requests. It is not a substitute for human review. Every change we open is reviewed by your team before merge unless you explicitly enable auto-merge per project.

Your code

Your code is yours. We hold a limited licence only to clone, run, and write to it within the scope of running your tasks. We don't train models on your code. We don't redistribute it.

What you agree not to do

  • Use HissAI to access or modify systems you don't have authorization for.
  • Use HissAI to circumvent security controls in third-party software.
  • Resell or sublicense HissAI access without written permission.

Limitation of liability

The service is provided "as is" during beta. To the extent permitted by law, HissAI is not liable for indirect, incidental, or consequential damages arising from your use. We've engineered for safety, but we cannot guarantee an AI-generated change is the right one for every codebase.

Contact

Questions: hello@hissme.online.