Every Claude Code session becomes a Run Passport — a verified record of what changed, what was tested, what's risky, and what still needs a human eye.
Fix OAuth token refresh race
✓ edit app/models/token.rb
✓ run rails test
● touch config/oauth.yml
Why StaffOS
Claude Code, Cursor, Codex — they produce invisible, hard-to-audit work. Diffs land without context, tests pass without evidence, and decisions vanish when the session ends. Teams need a way to trust, review, govern, and remember AI-written code.
The model
Three concepts, anchored to the git workflow you already know.
feature/…)
One Claude Code run. Edits, commands, tests — captured as events.
Proof of that work: readiness %, risk level, files, test evidence.
Each new session stamps the passport again (v1 → v2 → v3…)
↑ When the branch merges, the workstream's docs & decisions promote up to the project
What you get
A readiness score, risk level, files touched, and test evidence for every session. Versioned as the work evolves.
Auth files, payment paths, infra changes — flagged by rules you control. No LLM required to know what's dangerous.
Six personas review the change: Staff Engineer, SRE, Security, PM, Devil's Advocate, Writing Coach. Opt-in, per passport.
Every edit, command, and test run captured as events — the story of the session, in order, replayable.
Decision logs, ADRs, and project memory that survive the branch. Merged workstreams promote their knowledge up.
Hooks send metadata, not source. Your code stays on your machine — that's the default, not a setting.
The flow
A workstream is created for your git branch, automatically.
File edits, commands, tests — captured as events via hooks.
A passport is generated: readiness, risk, and recommendations.
Run the AI Council, generate docs, export the PR summary.
One token, one command, and every session starts leaving a paper trail.
Get started