How LOCI fits your loop.
One signal layer.Plan, Write, PR, Merge.Claude Code, Cursor, Copilot.One signal layer across four stages.Your coding agent calls LOCI at Plan, Write, PR and Merge. You see verdict, evidence, autonomy.Works with Claude Code, Cursor, Copilot, and your agentic flow.
LOCI demo step by step.
LOCI brings trust to your agentic workflow.
LOCI demo step by step.
LOCI brings trust to your agentic workflow.
- Verdict + evidence in seconds
- Trained on real CPU hardware traces
- No instrumentation, no runtime
- Claude Code · Cursor · Copilot · agent-agnostic
LOCI rides beside your terminal.
Like k9s for your coding agent — a cockpit that mirrors every catch and turns it into a quantified signal, live in the periphery. The agent stays your workspace; LOCI rides alongside.
One signal layer. Every stage of your loop.
Plug in at one stage or the full pipeline. Each stage runs LOCI and emits its own signal class.
Plan
loci preflight · MCP
agent loops with LOCI pre-commit
See the round-tripWrite
loci post-edit · MCP
same skill as /plan, fn-level as agent codes
See how /post-edit talks backPR
quality finding
Pushback / Pass · one click to forensics
See how the PR talks backMerge
contract envelope
blocks if the binary busts the envelope
See the contract envelopeEach stage is independently useful, or run the full layer for continuous coverage.
Set the ladder once. LOCI guards within it.
You decide when LOCI acts: silent, advisory, gating, or autonomous. Per gate, per repo.
Silent surface. Evidence available on demand. Zero PR noise.
PR comment with verdict + drill-down. Never blocks; you decide.
Blocks merge on critical-gate failure. Advises on the rest.
Takes corrective action (reject PR · open revert · escalate). Notifies you after.
You set the rung for Safety, Performance, Power, and AppSec independently. Every verdict is logged and reversible.
From the loop · what Claude says about LOCI
It's not just a timing tool. The execution-aware signaling trains you to think: every line of code is an instruction sequence with real hardware consequences. Variable sizes, memory lifetimes, call ordering — they all show up in the assembly.
How the PR talks back.
One verdict on the PR. One click to evidence. Reviewer and agent see the same data.
01 · OPEN
Agent opens the PR
Diff lands in GitHub or GitLab. Source-only. No behavior info. The reviewer can't see what's about to change at runtime.
02 · READ
LOCI reads the compiled binary
Worst-case timing, energy, stack pressure and side-channel risk measured against main. No instrumentation, no runs.
34,728 functions · 2 commits · <12s
03 · POST
Verdict lands on the PR
One comment. Pushback · Advisory · Proceed, with the one-line reason and a link to the full forensics.
04 · OPEN EVIDENCE
One click · evidence opens
The LOCI app opens to the exact view that defends the verdict. WCET bars per input, variance, attack model, traced hot path.
What the coding agent gets back & the engineer sees on the PR
ecdsa_sign() · constant-time property lost. Timing correlates with secret-bit count.WCET sweep across 64 input patterns: floor 30 ns · ceiling 105 ns · variance 3.3×. Matches CVE-2019-1547 signature recovery pattern.
View timing evidenceOne comment per PR. Verdict + one-line reason + a deep-link to the timing forensics. No noise, no spam.
What opens when they click “View timing evidence”
LOCI · timing evidence · ecdsa_sign · aarch64
ForensicsWCET per input pattern (64 sampled)
Higher bits → longer execution. Linear correlation = recoverable side-channel.
Variance
3.3×
floor → ceiling spread
Attack model
~219 sig
to recover the secret
Hot path
ecdsa_sign → scalar_mul → window_lookup
conditional branch on secret bits
Same artifact for human reviewer and coding agent. Both reason over the same evidence.
Built on the LCLM engine · evidence is reproducible · same binary in, same signals out.
How merge stays inside the envelope.
PR-time delivers a finding. Merge-time enforces the envelope. Block if the binary busts it.
4
Guarded
1
Proposed
0
Violations
0
Twin commits
T_IFS critical path envelope
135.00 µs
72.00 µs measured
RF + LL ISR combined
(RF_scheduleCmd path + Hwi_dispatchC + Swi_run)
RF command path (FSM + schedule + dispatch)
3.50 µs
2.42 µs measured
RF_fsmActiveState + RF_scheduleCmd + Hwi_dispatchC
ISR total latency
1.85 µs
1.19 µs measured
Hwi_dispatchC (≤ 1.2 µs) + Swi_run (≤ 650 ns) combined
OSAL heap alloc worst-case
0.25 µs
0.25 µs measured
osal_mem_alloc on CC2674P10 · LOCI-derived from osal_memory.c
Top heap sites (skeleton)
totalStaticB: 6,144 B
osal_mem_alloc → osal_pool_alloc (32 B)
Stack envelope
+
Add your envelope from loci.contract.toml
Energy envelope
+
Define mJ-per-event budgets the gate will enforce on merge
Real measurements · TI BLE5-Stack · CC2674P10
Install LOCI in minutes. Two paths, same engine.
Drop LOCI into your coding agent for write-time co-reasoning, or wire it into your CI to guard every PR. Same five signals, same evidence — at the loop stage that fits your team.
More install paths: Cursor · Copilot · Azure CI · MCP — see contact us for SaaS, enterprise, or self-hosted setups.
Know how your software behaves. before it runs.
Use LOCI to predict execution, guide decisions, and keep AI-generated software inside its quality contract.