deadreckon

Run your coding agent unattended. Trust the result.

Can't fake done a watchdog, not the agent, decides
Mix CLIs a coder plus a fresh reviewer
Run a campaign one goal, many agents, merged
Real evidence an auditable artifact, not a transcript
curl curl -fsSL https://deadreckon.sh/install.sh | sh

open source · MIT licensed · v0.3.1

Supervises the agent CLI you already run
Claude Code Codex Gemini GitHub Copilot OpenCode Pi
Why it's different

Three things deadreckon adds that your agent CLI can't.

01

It can't fake the finish.

You define "done" in plain English. deadreckon turns it into checks only a separate watchdog can mark passed, so the agent can't sign off its own work.

dr-gate · watchdog 
$ deadreckon def-done "sign up, log in, save a drawing"
  compiled  3 checks: cargo_test, file_exists, content_match

# the agent tries to accept its own work
agent$ echo '{"ok":true}' > proofs/turn-acceptance.json
agent$ deadreckon finish latest
refused: marker stamp does not match the run nonce

# dr-gate, outside the sandbox, stamps only when checks pass
$ dr-gate sign
  checks   3/3 passed
  stamped ✓
02

Walk away for real.

Every turn is saved to disk. Close the laptop, lose the network, kill the model, then attach from another terminal and resume from the last completed turn. Worst case, you redo one turn.

deadreckon attach latest 
┌─ run m7q3 · build the app ─────────────┐
│ turn 14   wall 1h:42m   spend  $4.18   │
│ provider  cli:codex     ctx 38% / 200k │
├─ acceptance ───────────────────────────┤
▰▰▰▰▰ cargo_test      passed           │
▰▰▰▰▰ file_exists     passed           │
▰▰▰▰▰ content_match   passed           │
▰▰▰▱▱ build_success   running...       │
├─ activity ─────────────────────────────┤
│ 14:33  edit  src/auth/mod.rs           │
│ 14:35        dr-gate stamping marker...
└────────────────────────────────────────┘
Ctrl-D detach · Ctrl-C never (use `deadreckon kill`)
03

Evidence, not a transcript.

Every finished run becomes a record you read like a pull request: what changed, why, which prompt touched which file, and what it cost. attach --view narrative shows it live.

RUN-NARRATIVE.md (excerpt) 
## What changed

Added password-based signup, login, and a saved-
drawing route in src/auth/ and src/drawings/.

## Why

Turn 4 found an existing `User` model in
`src/db/users.rs` and reused it.

## Files touched (provenance.jsonl)

  src/auth/session.rs    turns 3, 5, 7, 9
  src/drawings/save.rs   turns 11, 12
  tests/auth_test.rs     turns 6, 8, 10
How it works

The agent owns the coding. deadreckon owns the boundary.

Your repo never moves. Everything happens in an isolated worktree, gated before it lands.

How deadreckon works An untouched repo feeds an isolated worktree where the agent loops turn by turn. When checks pass, the separate dr-gate process stamps the marker; a matching stamp promotes the run to a reviewable artifact. A failed check sends the run back to the worktree for another turn. YOUR REPO untouched ISOLATED WORKTREE branch · dr/build-the-app ~/.deadreckon/worktrees/<run>/ events.jsonl spend.jsonl provenance.jsonl snapshots/turn-N/ each turn writes to disk checks fail? another turn checks pass? dr-gate separate process · holds the nonce reads gate/nonce stamps the marker the agent has no read path stamped PROMOTED ARTIFACT RUN-NARRATIVE.md RUN-DECISIONS.md RUN-AS-BUILT.md manifest.json + full provenance trail apply · export · extend · abandon

The whole tool is five commands: start · attach · status · list · finish. Everything else is optional.

Multi-agent

Run more than one agent. Let them check each other.

Mix CLIs. Add a reviewer.

orchestrate review runs a coder, then a fresh reviewer that fixes its work before anything promotes. Point each role at a different CLI.

orchestrate full-plan splits a goal into child runs and merges them, fixing conflicts on its own.

deadreckon orchestrate review 
$ deadreckon orchestrate review "build the drawing app" \
  --coder-provider cli:claude-code \
  --reviewer-provider cli:codex
  plan      m9k2-review-3c7a
  coder     cli:claude-code   ▰▰▰▰▰ done
  reviewer  cli:codex         2 fixes applied
  gate      marker stamped · ready to promote

Or run a whole campaign.

deadreckon campaign turns one goal into up to six independent orchestrations, each gated on its own, then composes them into a single result.

How a campaign works deadreckon campaign splits one goal into several independent orchestrators that each run gated on their own slice, then composes their results into one. one goal · N independent orchestrators · one composed result ONE GOAL rebuild billing, notifications, admin billing its own gated run ✓ notifications its own gated run ✓ admin its own gated run ✓ COMPOSE merge + repair CAMPAIGN RESULT one merged result provenance for each leg deadreckon campaign · depth-capped at 2
Providers

Bring the CLI you already pay for.

Subscription CLIs run on your seat, API routes on your key, smoke on nothing. Same supervision either way.

Subscription CLI Claude Code cli:claude-code
Subscription CLI OpenAI Codex cli:codex
Subscription CLI Gemini cli:gemini
Subscription CLI OpenCode cli:opencode
Subscription CLI GitHub Copilot cli:copilot
Subscription CLI Pi cli:pi
Direct API Anthropic anthropic
Direct API OpenAI openai
Direct API OpenAI-compatible openai-compatible
Keyless Smoke --smoke

Switching in? deadreckon import pulls your claude-code, codex, and cursor history in read-only.

Install

Install the RC. Prove the harness. Then pick a provider.

install · prove · run 
# install the current RC from GitHub Release assets
$ curl -fsSL https://deadreckon.sh/install.sh | sh

# check local setup and available providers
$ deadreckon doctor

# prove the harness without provider keys
$ deadreckon try

# go
$ deadreckon start "make a small safe change"
$ deadreckon attach latest
$ deadreckon finish latest
Requirements

macOS or Linux, plus curl or wget. The installer resolves the newest release from github.com/gregce/deadreckon and verifies it against SHA256SUMS; no Rust toolchain needed. Current release: a release candidate, not a 1.0.

Pin the version

Pipe a tag into the installer: curl -fsSL https://deadreckon.sh/install.sh | DEADRECKON_TAG=v0.3.1 sh.

Prove it without keys

deadreckon try runs a keyless proof. For a full throwaway run, DEADRECKON_HOME=$PWD/.dr-smoke deadreckon run "tiny hello rust" --smoke --sandbox none --max-spend 1 fakes only the model; the worktree, sandbox, snapshots, and the gate are real.

Checksums & state

The installer verifies assets against SHA256SUMS when present; best-effort, not enforced. State writes under ~/.deadreckon/; set DEADRECKON_HOME to sandbox a throwaway run.

FAQ

Honest answers, including the ones that make this look smaller.

Does deadreckon replace Claude Code or Codex?

No. It runs the CLI you already use inside an isolated, sandboxed worktree and supervises the loop. deadreckon owns the boundary; the agent owns the intelligence.

Is the gate stamp real cryptography?

No, and we won't pretend it is. It's a plain hash, not real cryptography. It works because the secret behind it sits outside the agent's sandbox, where the agent can't read it. Run --sandbox none and you lose that.

What happens if the run crashes mid-turn?

deadreckon resume picks up from the last completed turn. It snapshots every turn, so the worst you lose is one. Use deadreckon resume latest --from-turn N to choose where to start.

Can I import what I already have in other tools?

Read-only. deadreckon import pulls your claude-code, codex, gemini, opencode, copilot, pi, and cursor history into searchable runs. It never writes back to those tools.

What's still rough?

Native sandboxing is macOS and Linux only; on Windows you'd use the docker backend. It's a release candidate (v0.3.1), not a shipped 1.0, so pin the tag if you need stability. For ordered steps, deadreckon chain gates each one and stops at the first failure by default.