No lies. No duplicates.

Early access · waitlist open

Your agent,
verified.

No lies. No duplicates. No surprises.

Cushio is the drop-in reliability layer between your AI agent and the real world. Every action is verified against the system it touched, retries are caught before they double-execute, and you can undo what it gets wrong.

The problem

Agents act. You get to hope.

Agents now send email, move money, and edit the systems your work runs on. And when they fail, they often report success anyway. So you babysit every run: re-checking each “done,” burning tokens on loops, hoping nothing slipped.

They lie about success

Tool-use hallucination is a named failure mode: the agent reports a write that never landed, then builds on that lie for the rest of the session.

They do things twice

Retries and loops become duplicate emails, double charges, and repeated updates. Most APIs won’t stop a confident agent from re-running the same action.

They can’t take it back

One bad bulk update and there’s no undo. Just a full restore that takes every legitimate change since down with it, if you even have one.

on the record Real incidents, all public
  • Replit’s coding agent deleted a production database during a code freeze, then claimed rollback was impossible. It wasn’t.

    replit · 2025
  • An OpenClaw assistant wiped the inbox of Meta’s AI-alignment director, despite explicit stop commands.

    openclaw · r/nottheonion
  • An agent deleted 25,000 documents, one of many first-person loss reports across agent communities.

    r/claudeai
  • The quiet version: an agent that’s 95% reliable per step finishes a 20-step task about a third of the time. Failures compound.

    0.95^20 ≈ 0.36
Different stacks, same gap: no verification, no duplicate check, no undo.

How it works

A safety net, not another platform

Cushio isn’t where you build agents. It’s the layer that makes their actions trustworthy, wherever they run.

  1. 01

    Plug it in

    Drop Cushio between your agent and its tools. MCP-compatible and adapter-based, so no rewrites and your agent keeps working exactly as before.

  2. 02

    Nothing runs unchecked

    Before it runs, Cushio checks each action’s permissions and catches duplicates. Reversible actions flow straight through; only the ones you flag as risky wait for your one-tap approval.

  3. 03

    Every write gets read back

    Every write is read back from the target system to confirm it landed. The agent gets the terminal truth, verified or failed, never its own assumption.

  4. 04

    Undo, and keep the record

    When a write goes wrong, undo the exact change, nothing else, no snapshot to restore. Everything lands in one ledger your team can audit and your agents can query.

See it undo

Just tell it to take it back

Your agent already talks to you. Cushio is what lets it actually undo: it reverts the exact change through MCP, then reports back the truth about what it did.

Features

Everything between “done” and “actually done”

The reliability primitives every acting agent is missing, in one drop-in layer.

Verified by read-back

Cushio reads every write back from the target system to confirm it truly landed. Not a signed log that the agent made the call, but proof the change is actually there. Success is verified, never assumed.

Duplicate protection

Outcome-aware idempotency: before it runs, Cushio checks whether the result is already true. When a retry or loop asks for something that’s already done, it answers “already correct” instead of doing it twice. No idempotency keys, and it works against any API.

Surgical undo

Cushio reverses a bad write by applying its exact inverse: deleting the row it added, restoring the value it changed. No snapshot to roll back to, and nothing else that happened since gets clobbered.

Dry-run before it’s real

Preview any write as an exact diff: which records change, from what to what, with nothing committed yet. A bad update gets caught while it’s still a proposal, not a cleanup.

Risk-tiered approvals

You decide what needs a look. By default, undoable actions run free, while the irreversible (send, charge, delete-forever) and the sweeping (a mass overwrite, a bulk delete) can wait for one tap. No approval fatigue.

An honest action ledger

One queryable history of what your agents actually did, with verification status on every entry. You audit it. Your agents query it to coordinate and never repeat work.

Open core, hosted comfort

Self-host the open-source core for free. The journal, receipts, idempotency, and undo are all yours. Or let the hosted tier run it: approvals in Slack or Telegram, a daily “what my agent did” digest, and undo from your phone.

Plus the fundamentals you’d expect:
  • Least-privilege scopes
  • Per-agent keys & identity
  • Injection & content guardrails
  • Sensitive-data redaction
  • Encrypted secrets
  • MCP-native

Gateways govern what an agent may call. Cushio guarantees what it actually did.

Who it’s for

Anyone whose agent touches real things

Personal-agent operators

Your assistant reads mail, books calendars, pays invoices. Get an honest feed of what it did, and undo it when it goes rogue.

Builders shipping agents

Claude Code, Cursor, custom stacks: add receipts, dedup, and undo without building your own control plane.

Ops & automation teams

Give agents write access to the CRM, the sheet, the inbox, with approvals where they matter and an audit trail for everything.

FAQ

Questions, answered honestly

What is Cushio, in one sentence?

A plug-and-drop reliability and safety layer that sits between your AI agent and the systems it acts on. It verifies every action, prevents duplicates, gates the irreversible, and undoes the rest.

Is it another agent framework?

No. Cushio doesn’t run your agent or replace your stack. It’s the layer your agent’s actions pass through. Your agent, your framework, and your tools stay exactly as they are.

My agent platform already has guardrails. Why Cushio?

Platforms retry failed steps, roll back workflow versions, and scan content. All useful, all around the action. What they don’t do: read a write back from the target system to prove it landed, recognize “already done” before re-executing, or undo one specific external change without rolling everything back. That action layer is Cushio’s whole job, under whatever platform your agent runs on.

Will it be open source?

Yes. The core (journal, receipts, idempotency, undo) ships as open source you can self-host. The hosted tier adds managed setup, approvals in chat, dashboards, and the daily action digest.

What will the hosted tier cost?

Pricing isn’t locked yet. The open-source core will be free to self-host (that’s a commitment, not a teaser), and the hosted tier will be paid. Early waitlist users will help set the price, which is part of why the waitlist exists.

What does it work with?

Cushio speaks MCP, so it drops into MCP-compatible agents out of the box, with adapters for the systems agents touch most: spreadsheets, CRMs, calendars, email. Waitlist members help pick which adapters land next.

Won’t verification slow my agent down?

Reads pass straight through. Writes add a read-back against the target system. One extra call, and the difference between “the agent says so” and “it actually landed.” For most actions the bottleneck is the action itself, not the receipt.

What about actions that can’t be undone?

Exactly the point. An email can’t be unsent and a charge can’t be un-charged, so Cushio uses reversibility as the risk signal: what’s undoable runs freely, and what isn’t can wait for your approval, on the rules you set.

When can I get in?

We’ll onboard from the waitlist in small waves. Joining takes ten seconds, and invites go out strictly in order.

Get early access

Stop hoping. Start verifying.

Join the waitlist and be first in line when Cushio opens early access.