Your agent,
verified.
No lies. No duplicates. No surprises.
Cushio is the drop-in reliability layer between your AI agent and the real world. Every action is verified against the system it touched, retries are caught before they double-execute, and you can undo what it gets wrong.
The problem
Agents act. You get to hope.
Agents now send email, move money, and edit the systems your work runs on. And when they fail, they often report success anyway. So you babysit every run: re-checking each “done,” burning tokens on loops, hoping nothing slipped.
They lie about success
Tool-use hallucination is a named failure mode: the agent reports a write that never landed, then builds on that lie for the rest of the session.
They do things twice
Retries and loops become duplicate emails, double charges, and repeated updates. Most APIs won’t stop a confident agent from re-running the same action.
They can’t take it back
One bad bulk update and there’s no undo. Just a full restore that takes every legitimate change since down with it, if you even have one.
-
Replit’s coding agent deleted a production database during a code freeze, then claimed rollback was impossible. It wasn’t.
replit · 2025 -
An OpenClaw assistant wiped the inbox of Meta’s AI-alignment director, despite explicit stop commands.
openclaw · r/nottheonion -
An agent deleted 25,000 documents, one of many first-person loss reports across agent communities.
r/claudeai -
The quiet version: an agent that’s 95% reliable per step finishes a 20-step task about a third of the time. Failures compound.
0.95^20 ≈ 0.36
How it works
A safety net, not another platform
Cushio isn’t where you build agents. It’s the layer that makes their actions trustworthy, wherever they run.
-
01
Plug it in
Drop Cushio between your agent and its tools. MCP-compatible and adapter-based, so no rewrites and your agent keeps working exactly as before.
-
02
Nothing runs unchecked
Before it runs, Cushio checks each action’s permissions and catches duplicates. Reversible actions flow straight through; only the ones you flag as risky wait for your one-tap approval.
-
03
Every write gets read back
Every write is read back from the target system to confirm it landed. The agent gets the terminal truth, verified or failed, never its own assumption.
-
04
Undo, and keep the record
When a write goes wrong, undo the exact change, nothing else, no snapshot to restore. Everything lands in one ledger your team can audit and your agents can query.
See it undo
Just tell it to take it back
Your agent already talks to you. Cushio is what lets it actually undo: it reverts the exact change through MCP, then reports back the truth about what it did.
Features
Everything between “done” and “actually done”
The reliability primitives every acting agent is missing, in one drop-in layer.
Verified by read-back
Cushio reads every write back from the target system to confirm it truly landed. Not a signed log that the agent made the call, but proof the change is actually there. Success is verified, never assumed.
Duplicate protection
Outcome-aware idempotency: before it runs, Cushio checks whether the result is already true. When a retry or loop asks for something that’s already done, it answers “already correct” instead of doing it twice. No idempotency keys, and it works against any API.
Surgical undo
Cushio reverses a bad write by applying its exact inverse: deleting the row it added, restoring the value it changed. No snapshot to roll back to, and nothing else that happened since gets clobbered.
Dry-run before it’s real
Preview any write as an exact diff: which records change, from what to what, with nothing committed yet. A bad update gets caught while it’s still a proposal, not a cleanup.
Risk-tiered approvals
You decide what needs a look. By default, undoable actions run free, while the irreversible (send, charge, delete-forever) and the sweeping (a mass overwrite, a bulk delete) can wait for one tap. No approval fatigue.
An honest action ledger
One queryable history of what your agents actually did, with verification status on every entry. You audit it. Your agents query it to coordinate and never repeat work.
Open core, hosted comfort
Self-host the open-source core for free. The journal, receipts, idempotency, and undo are all yours. Or let the hosted tier run it: approvals in Slack or Telegram, a daily “what my agent did” digest, and undo from your phone.
- Least-privilege scopes
- Per-agent keys & identity
- Injection & content guardrails
- Sensitive-data redaction
- Encrypted secrets
- MCP-native
Gateways govern what an agent may call. Cushio guarantees what it actually did.
Who it’s for
Anyone whose agent touches real things
Personal-agent operators
Your assistant reads mail, books calendars, pays invoices. Get an honest feed of what it did, and undo it when it goes rogue.
Builders shipping agents
Claude Code, Cursor, custom stacks: add receipts, dedup, and undo without building your own control plane.
Ops & automation teams
Give agents write access to the CRM, the sheet, the inbox, with approvals where they matter and an audit trail for everything.
FAQ
Questions, answered honestly
What is Cushio, in one sentence?
A plug-and-drop reliability and safety layer that sits between your AI agent and the systems it acts on. It verifies every action, prevents duplicates, gates the irreversible, and undoes the rest.
Is it another agent framework?
No. Cushio doesn’t run your agent or replace your stack. It’s the layer your agent’s actions pass through. Your agent, your framework, and your tools stay exactly as they are.
My agent platform already has guardrails. Why Cushio?
Platforms retry failed steps, roll back workflow versions, and scan content. All useful, all around the action. What they don’t do: read a write back from the target system to prove it landed, recognize “already done” before re-executing, or undo one specific external change without rolling everything back. That action layer is Cushio’s whole job, under whatever platform your agent runs on.
Will it be open source?
Yes. The core (journal, receipts, idempotency, undo) ships as open source you can self-host. The hosted tier adds managed setup, approvals in chat, dashboards, and the daily action digest.
What will the hosted tier cost?
Pricing isn’t locked yet. The open-source core will be free to self-host (that’s a commitment, not a teaser), and the hosted tier will be paid. Early waitlist users will help set the price, which is part of why the waitlist exists.
What does it work with?
Cushio speaks MCP, so it drops into MCP-compatible agents out of the box, with adapters for the systems agents touch most: spreadsheets, CRMs, calendars, email. Waitlist members help pick which adapters land next.
Won’t verification slow my agent down?
Reads pass straight through. Writes add a read-back against the target system. One extra call, and the difference between “the agent says so” and “it actually landed.” For most actions the bottleneck is the action itself, not the receipt.
What about actions that can’t be undone?
Exactly the point. An email can’t be unsent and a charge can’t be un-charged, so Cushio uses reversibility as the risk signal: what’s undoable runs freely, and what isn’t can wait for your approval, on the rules you set.
When can I get in?
We’ll onboard from the waitlist in small waves. Joining takes ten seconds, and invites go out strictly in order.
Get early access
Stop hoping. Start verifying.
Join the waitlist and be first in line when Cushio opens early access.