features · cross-section

Six layers. One careful junior that ships while you sleep.

We took the parts of an AI coding agent that usually go wrong — the polling, the runtime, the side-effects, the audit, the trust — and made each one boring on purpose. Here’s a tour of what’s inside.

6 layers · 4 with live demosread-only by defaultdesktop beta · macOS · Win · Linux

What you’re about to see is a teaser.The real agent runs on your machine, against your repo, behind your own AI session. These vignettes are mock datasets — enough to feel the shape, not enough to replace the download.

01pollingReads your Project, not your screen 02runtimeUses the AI you already pay for 03gatesSide-effect-free by default 04rulesYour project, your contract 05auditEvery action is logged, attributed, reversible 06localYour code never leaves the machine

hover a layer · scroll for the tour

01polling

Reads your Project, not your screen

Syntaxis polls GitHub Projects v2 for items assigned to its bot and matching your status rules. No screen-scraping. No dashboards to babysit. No copy-paste of Jira tickets at 2 a.m.

github projects v2assignee filterstatus rulesno-screen-scrape

github / projects · axum-bones/server

polling · 30s interval

demo dataset · 🦀 rust web server

Backlog2

epic: rewrite middleware layer

epic

flaky test in `axum::ws::ping`

test

Ready for AI3

add structured logging to /healthz

good-first@syntaxis-bot

docs: regen openapi schema

docs@syntaxis-bot

fix: handle `Content-Length: 0` on POST

bug@syntaxis-bot

In Progress1

feat: tracing exporter for tokio-console

feature

In Review1

chore: bump `tower` 0.5

chore

syntaxis queue live

waiting for matches…

filter: status = Ready for AI · assignee = @syntaxis-bot

Without polling

You become the queue.

Someone has to watch the board, decide which tickets the agent should attempt, and feed them in one by one. That someone is always you.

✗lost tickets in the cracks

✗agent works on stale specs

✗“did I assign that?”

02runtime

Uses the AI you already pay for

Syntaxis talks to whatever Codex or Claude session is logged in on this machine. Your code never moves through a third-party endpoint we control. If you switch models, we just notice.

codex (chatgpt) · betaclaude code · soonlocal llms · laterBYO session

runtime · session.sock

bound to claude code

demo dataset · click a lamp

0 keys held · 0 outbound proxies · the agent talks to Claude Code’s own session⚠ demo: real toggle requires the chosen runtime to be logged in

Without local runtimes

Your code becomes their telemetry.

Most AI coding tools relay your repo through their own servers. Even with “zero retention,” your prompts and patches sit briefly on infrastructure that isn’t yours.

✗api keys in 4 places

✗compliance review for every tool

✗no audit of who saw what

03gates

Side-effect-free by default

Branch creation, file writes, shell commands, commits, pushes, PRs — every action with a side effect waits in a single approval inbox until you tap approve. The agent is a careful junior, not a cowboy.

branch · patch/writevalidation shellcommit · push · PRallow-list per repo

syntaxis · approval inbox

mutations awaiting decision

demo dataset · try the A / D keys

branch

create branch feat/auth-refresh

starts the work on item #324: “feat: refresh JWT on rotate”

write

patch file src/auth/refresh.ts

adds 38 lines, removes 4 — new exported function `rotateAndIssue()`

shell

run command pnpm test --filter auth

before pushing — verifies the new branch is green

✓ 0 approved today✗ 0 denied·6 in queue

Without approval gates

The agent learns by breaking prod.

Auto-approving agents are dazzling for thirty minutes and disastrous in the second hour. Revert PRs, force-pushes, surprise migrations — you'll know them by name.

✗surprise force-pushes

✗“why is main red?”

✗rollback PRs every friday

04rules

Your project, your contract

Tell Syntaxis what "Ready for AI" looks like in your project. Pick the assignee. Pick the branch pattern, the commit prefix, the PR draft state. Most teams do this once, on day one.

status → stagebranch patterncommit prefixpr draft default

rules · status → stage

editing live

demo dataset · click a row on each side

github status

bind

syntaxis stage

active mapping:Backlog → Wait ·Ready for AI → Plan ·In Progress → Build ·In Review → Verify

Without contract rules

You change yourself to fit the tool.

Hard-coded workflows force a team that ships hotfixes on a Wednesday at 4pm to pretend they do two-week sprints. Eventually you stop using the tool altogether.

✗agent picks the wrong tickets

✗PRs land on main, not staging

✗commit log full of “update.”

05audit

Every action is logged, attributed, reversible

PRs are opened by syntaxis-bot[bot] with you as the human attribution. Approvals, denials, patches, branches, shell commands — kept in a local audit log you can grep, replay, or roll back, one line at a time.

grep-able .jsonlattribution headersone-tap revertno server log

audit · ~/.syntaxis/audit.jsonl

tailing live

demo dataset · nothing here leaves your machine

grep12 / 12

09:02:14gatequeued branch:create feat/healthz-logs

09:02:18okapproved branch:create by @you

09:02:41gatequeued file:write src/routes/healthz.rs

09:02:49okapproved file:write +18/-2

09:03:11gatequeued shell:run cargo test --lib

09:03:48okapproved shell:run exit 0 · 12 passed

09:04:02gatequeued commit feat: structured logs on /healthz

09:04:09denydenied commit message rewritten by you

09:04:33gatequeued commit feat(healthz): structured logs · #324

09:04:35okapproved commit

09:05:04okapproved push origin feat/healthz-logs

09:05:18mergeopened PR #641 draft · against main

Without audit

It happened, but nobody knows when.

Agents that don't keep their own records leave you reading git blame on a Sunday, trying to remember which PR was a “quick fix” vs which was the actual problem.

✗no answer in postmortems

✗“who approved this?”

✗undo only via git

06local

Your code never leaves the machine

Syntaxis runs as a desktop daemon. The repo, the diffs, the file context: all stays on your laptop or sandbox VM. Outbound traffic limited to your AI runtime's own session and the GitHub APIs you tell it to use.

desktop daemon0 outbound to ussandbox vm okself-host capable

local · syntaxisd (pid 4128)

airlock sealed

demo dataset · 0 outbound to syntaxis

airlock · local-only operations

door · locked

chamber · packing context

01:00reading src/routes/healthz.rs · 142 bytes
02:11sandbox vm: cargo test · ephemeral fs
03:22git status: 2 unstaged · branch feat/healthz-logs
04:33audit append: file:write queued · .jsonl
05:44cargo metadata cache hit · 0 ms

door · locked

network monitor silent · 0 outbound

outbound → syntaxis.devruntime + github

0 B to us

14.2 KB to your runtime

3.1 KB to github

Without local-first

Trust falls on a privacy policy you'll never read.

Hosted agents need your code to do anything. Even "we don't store it" pipes it through machines, regions, and providers you can't audit from your laptop.

✗code in someone else’s logs

✗compliance signs nothing

✗“is this in the training set?”

a day with syntaxis

Six hours of decisions. Done in twelve taps.

This is a calendar view of a typical day on a real backlog — not a benchmark, just what the rhythm feels like. The agent polls, queues, waits. You sip coffee and tap approve or deny. Nothing happens out of band.

● poll● approval gate● merge / PR

now00:00

Stop describing your agent. Run it.

Everything you just saw runs locally on your laptop, against your repo, using your own AI session. Pick a plan, point it at a Project, and watch the gates start filling.

Download Syntaxis See pricing Talk to a human