v1.0.0 Free and open source

Structural trust for AI development loops

loopctl enforces that AI agents follow the process — not just promise to. Chain-of-custody verification, review enforcement, and progress tracking as API primitives.

Get Started View on GitHub

terminal

$ curl -s -H "Authorization: Bearer $KEY" \
  https://loopctl.com/api/v1/stories | jq

{
  "data": [
    {
      "id": "a3f1...",
      "title": "Landing page",
      "agent_status": "implementing",
      "verified_status": "unverified"
    }
  ]
}

Everything you need

Built for AI agent orchestration

Every primitive you need to enforce process integrity in multi-agent development workflows.

The model: Tenants own Projects, which contain Epics and Stories. Agents contract, implement, and report on stories. Orchestrators verify completions.

Chain of Custody: Immutable audit trail for every state transition. No agent marks their own work done.
MCP Integration: 50 typed tools for AI coding agents. No curl needed — agents interact through the MCP server.
Multi-Tenant RLS: PostgreSQL Row-Level Security isolates every tenant. Data boundaries enforced at the database level.
Review Enforcement: Stories cannot be verified without independent review evidence. Three identity gates prevent self-validation.
Progress Tracking: Two-tier status model separates agent self-reports from orchestrator verification. Trust is earned, not assumed.
Webhook Events: Subscribe to state transitions with configurable webhooks. Exponential backoff, delivery tracking, and replay.
Audit Trail: Every action recorded with actor, timestamp, and context. Replay the decision chain for any story.
OpenAPI Spec: Full OpenAPI 3.1 specification with Swagger UI. Every endpoint documented with schemas and examples.

Chain of Custody v2

How it keeps agents honest

loopctl prevents two agent failure modes: sneaky agents that bypass review to self-approve work, and lazy agents that declare incomplete work done.

L0 Human anchor

WebAuthn hardware key at signup. Agents can't press a button.

L1 Capability tokens

Signed, scoped, non-replayable. No cap = no operation.

L2 DB invariants

FK, triggers, hash chains. Invalid states are unrepresentable.

L3 Re-execution

Tests re-run independently. Self-reporting is not trusted.

L4 Role separation

Dispatch lineage + rotating verifier. No sock-puppets.

L5+L6 Detection & halt

Lazy scoring, witness divergence, automatic custody halt.

Full spec: loopctl.com/wiki/chain-of-custody

API-first design

One API call to enforce trust

Every operation is an API call. Register agents, contract stories, track progress, and verify completions. The MCP server wraps these calls so AI coding agents never need to write curl commands.

REST + MCP.: Full REST API with typed MCP tools. Agents use whichever interface fits their workflow.
Identity gates.: Three gates block self-reporting, self-reviewing, and self-verifying. Enforced at the API layer.
Change feed.: Poll for all state transitions since any timestamp. Build dashboards and alerts without webhooks.

# List stories for your project
$ curl -H "Authorization: Bearer $KEY" \
  https://loopctl.com/api/v1/stories

# Contract a story (commit to AC count)
$ curl -X POST \
  -H "Authorization: Bearer $KEY" \
  -d '{"story_title": "...", "ac_count": 12}' \
  https://loopctl.com/api/v1/stories/$ID/contract

# Claim and start work
$ curl -X POST \
  -H "Authorization: Bearer $KEY" \
  https://loopctl.com/api/v1/stories/$ID/claim

# Report story done (reviewer, not implementer)
$ curl -X POST \
  -H "Authorization: Bearer $REVIEWER_KEY" \
  https://loopctl.com/api/v1/stories/$ID/report

# Record review completion (with findings math)
$ curl -X POST \
  -H "Authorization: Bearer $REVIEWER_KEY" \
  -d '{"findings_count": 5, "fixes_count": 5}' \
  https://loopctl.com/api/v1/stories/$ID/review-complete

# Verify (orchestrator confirms)
$ curl -X POST \
  -H "Authorization: Bearer $ORCH_KEY" \
  https://loopctl.com/api/v1/stories/$ID/verify

Cost Intelligence

Agents can't hide their cost either

loopctl already ensures agents can't self-verify their work. Now it ensures they can't hide their cost either.

feature

Token usage reporting

Agents report input and output token counts with every story completion. Usage is linked to the agent identity, not just the session.

feature

Efficiency rankings + model mix

Per-agent tokens-per-story rankings expose which agents are consuming disproportionate resources and which model choices are cost-effective.

feature

Budgets and anomaly detection

Set per-agent or per-project token budgets. Automatic anomaly detection flags stories where token consumption deviates significantly from baseline.

feature

Skill cost regression detection

Track token cost per skill version. When a prompt update causes a 2x spike in tokens consumed, loopctl surfaces it before it reaches production.

cost-summary.sh project: my-app · sprint: 2026-w14

agent	tokens	stories	tok/story	model	budget%
worker-3	142,880	8	17,860	sonnet	43%
worker-1	219,450	9	24,383	sonnet	66%
worker-2	381,200	11	34,654	opus	91%
worker-4	512,000	7	73,142	opus	102%

worker-4 budget exceeded — anomaly flagged (4.1x above project mean)

"loopctl already ensures agents can't self-verify their work. Now it ensures they can't hide their cost either."

Knowledge Intelligence

Your codebase gets smarter with every review

loopctl captures patterns, conventions, and decisions from code reviews and organizes them into a searchable knowledge wiki. The wiki compounds automatically -- every review makes the next one smarter.

feature

Self-Learning Pipeline

Code reviews automatically extract reusable knowledge articles. Patterns, conventions, and decisions are captured as draft articles, then published to the wiki after review.

feature

Semantic + Keyword Search

Find knowledge by meaning, not just words. Combined search uses pgvector embeddings and PostgreSQL full-text search to surface the most relevant articles for any task.

feature

Knowledge Health Monitoring

Lint reports surface stale articles, orphaned content, contradiction clusters, and coverage gaps. Pipeline status shows extraction health and publish rates.

feature

Obsidian-Compatible Export

Export the entire wiki as an Obsidian-compatible ZIP with Markdown articles, backlinks, and an index file. Works with any Markdown-based knowledge tool.

"Review findings become reusable knowledge. Knowledge improves future reviews. The loop compounds."

Getting started

Up and running in 5 minutes

loopctl is free to use. No credit card required. Rate limit: 300 requests per API key per minute.

Register your tenant

# Visit https://loopctl.com/signup to create your tenant.
# Signup requires a hardware authenticator (YubiKey, Touch ID,
# or Windows Hello) — no API-based registration.

Save the raw_key from the response — it is your API key.

Create API keys for your agents

curl -X POST https://loopctl.com/api/v1/api_keys \
-H "Authorization: Bearer $YOUR_KEY" \
-d '{"name": "orchestrator", "role": "orchestrator"}'

curl -X POST https://loopctl.com/api/v1/api_keys \
-H "Authorization: Bearer $YOUR_KEY" \
-d '{"name": "agent", "role": "agent"}'

Three roles: user (admin), orchestrator (verify/reject), agent (implement).

Create a project and import stories

curl -X POST https://loopctl.com/api/v1/projects \
-H "Authorization: Bearer $YOUR_KEY" \
-d '{"name": "My App", "slug": "my-app"}'

Then import stories via POST /projects/:id/import with your epic/story JSON. Add ?merge=true to append to an epic that already exists.

Connect the MCP server (optional)

npm install loopctl-mcp-server

// Add to .mcp.json
{
"mcpServers": {
  "loopctl": {
    "command": "npx",
    "args": ["loopctl-mcp-server"],
    "env": {
      "LOOPCTL_SERVER": "https://loopctl.com",
      "LOOPCTL_ORCH_KEY": "lc_your_orchestrator_key",
      "LOOPCTL_AGENT_KEY": "lc_your_agent_key"
    }
  }
}
}

Install via npm install loopctl-mcp-server or run with npx loopctl-mcp-server. 50 typed tools for AI coding agents.

Explore the API View on GitHub