Enterprise-grade software engineering for every developer
Build production-ready software with AI. Your AI writes the code; Enterprise Skills checks every change, gathers the proof it's safe, and blocks anything that isn't, whether you're launching your first SaaS or scaling an engineering organization.
Code assistants write. CI tests. Enterprise Skills decides: one deterministic, signed verdict on every change, verifiable by anyone.
All required evidence present
Deterministic decision · commit-bound · Ed25519-countersigned
A real decision from this product's own merge gate, not a mockup.
Works with the tools you already use
New to these words?Tap any term for a plain-English explanation.
Want the full beginner walkthrough? Visit the Help hub
Built for every software developer
Three kinds of builders, one platform. Pick your door: everything underneath is the same engineering discipline.
Independent AI Builders
Build and launch software with enterprise-grade engineering practices, even if you’ve never worked at a software company.
- Architecture reviews before weak foundations set in
- Security checks on every change
- API and database validation
- Production-readiness checks before you launch
- Guided workflows: describe what you want, skills do the rest
- Release confidence: a clear go / no-go before you ship
Software Developers
Build faster with AI without sacrificing engineering quality.
- AI code reviews that catch what rushed reviews miss
- Pull request validation as a required check
- Automated testing and test-gap analysis
- Infrastructure and CI/CD quality checks
- Consistent engineering standards on every model and editor
- Deterministic release decisions with proof attached
Engineering Teams
Scale engineering excellence across every developer.
- One governed standard across the whole team
- Policy enforcement that no model can talk its way past
- Compliance mapping: SOC 2, HIPAA, GDPR, ISO 27001
- Audit evidence collected automatically, signed and verifiable
- Release quality gates on every repository
- Deployment tracking from merge to production
The platform grows with you, no migrations, no product switching.
Same skills, same gates, same evidence: the platform simply expands as your engineering maturity increases.
How it works
How a governed pull request ships
Here's what happens every time your AI finishes a change: risk decides the checks, evidence decides the verdict, and every step leaves a provable record.
- 01
Pull request opens
The GitHub App's webhook creates a pending required check on the exact commit. New pushes supersede prior evidence: nothing stale ever decides.
- 02
The diff is risk-classified
A deterministic classifier reads the actual change (paths, file types, hunk contents) and labels it. Each label maps to the evidence domains that change must produce.
db-migration · auth · api-contract · infra · dependency · ui-only · docs-only
- 03
Evidence gets produced
Your CI and your own coding agents produce only the evidence this change requires, never every check on every change. Agent output is evidence; it can never touch policy.
es agents run · JUnit · skill outputs
- 04
The Governor decides
A pure function scores the evidence against your versioned policy: same inputs, same decision, replayable forever. Missing evidence fails closed. No model can talk its way past it.
PASS / FAIL · policy as code
- 05
The decision is recorded
The required check completes and the decision lands in an append-only, Ed25519-countersigned ledger: verifiable offline against the published public key.
- 06
Deploy and promote, gated
The same commit is tracked through deploy and runtime verification; the promotion gate holds anything whose decision, deploy, or smoke evidence isn't green.
es deploy record · es deploy gate
The whole loop runs in your CI with your credentials: nothing hosted touches your source. Uninstalling the App is a complete off-switch.
The product, not a promise
See the gate that governs this very repository
Both panels are real output from our own required merge check. The same deterministic Governor (risk-classified diff, evidence on disk, one explainable decision) runs on your pull requests.
- codecode-review · dependency-audit · test-gap-analyzer
- securitysecurity-audit
A dependency-labeled change with code + security evidence on disk: PASS, merge unblocked.
- codecode-review · dependency-audit · test-gap-analyzer
- apimissing
- securitysecurity-audit
required domain 'api' has no evidence (policy: on_missing=fail)
A change classified as needing api evidence that had none: FAIL, closed by policy, until the evidence landed.
The record behind that PASS
Countersigned- Repository
- mawebb001/cursor-enterprise-skills
- Commit
- 7130db516034
- Decision
- PASS · 100/100
- Policy
- enterprise-skills/default@1.0.0 · risk 1.0.0
- Signing key
- Ed25519 · 9a05918b3742d1b3
- Verify offline
- /api/evidence/public-key
136 decisions recorded across 7 repositories · 74 countersigned ledger entries: counted live from the ledger, not typed into this page.
Unedited lines from the release-governor check on our own pull requests #85 and #84 (a few metadata lines omitted for width). Decisions are commit-bound, Ed25519-countersigned, and verifiable offline against the published public key.
A harness engineering platform, not a marketplace
97 reusable harness modules with deterministic phases, safety gates, sensors, and execution evidence across every IDE.
Browse all 97 skills →Deterministic Execution
Authority packs ensure every AI agent follows your rules, not its own. Preflight resolution scores and selects the right skill for every task, deterministically, every time. And every skill executes in defined phases with safety gates and execution evidence, so you spend your time building, not re-checking the AI's work.
Governed Skill Refinement
Execution traces and user corrections become governed refinement proposals, so the harness improves without uncontrolled prompt drift, and you walk into any security review with evidence, not screenshots.
Multi-IDE Portability
8 IDE adapters. One canonical library. No vendor lock-in. Cursor, VS Code, Claude Code, JetBrains, Windsurf, Neovim, Xcode, and CLI: all from a single source, whether your editor runs Claude, Codex, or Gemini. Switch editors or models without losing your standards.
Compliance Ready
SOC 2, HIPAA, GDPR, and ISO 27001 mapping built in. Security-scanned harness modules and enterprise governance profiles help teams prepare evidence for review, so SOC 2 and HIPAA conversations start from proof of controls, not promises.
Risk-scored release gates
One deterministic go/no-go across ten quality domains (security, API, mobile, performance, data, observability, and more), scored 0 to 100 from evidence on disk. It never passes on a claim, and hard-stops on security, data, or rollback failures. Shipping becomes an objective go/no-go, not a gut feeling.
Anti-hallucination controls
A three-layer verification protocol keeps agents grounded in real evidence (files, command output, live probes), so claims are checked before they ship rather than asserted. Invented APIs and phantom fixes get caught before they reach your codebase.
Why Enterprise Skills
Cursor, Copilot, and raw Claude or GPT are powerful engines, but they start from zero every session, behave differently on every model, and have no idea whether your code is safe to ship. Enterprise Skills is the governance layer on top: your standards, an expert skill library, and a real release gate, in every IDE, on every model.
You keep your model and your editor. Enterprise Skills makes them consistent, safe, and accountable.
Governed deployments across every cloud you ship on.
One tenant manifest. Plan, approve, apply, verify across Stripe, GitHub, Cloudflare, Vercel, Supabase, and AWS - with audit-grade Launch Reports.
Works with your stack
One canonical library, rendered natively into your editors, your coding agents, and whatever model you're driving. No extension conflicts, no lock-in.
New here? Just run enterprise-skills init : it auto-detects your editor(s) and configures them. The commands below are only for forcing a specific one.
IDEs & editors
Agent apps & CLIs
Cursor
Free+Native skills + rules via .cursor/skills/ and .cursor/rules/
enterprise-skills init --ide cursorYour model
Auto-matchedThe same standards, conditioned per model from each vendor's own guidance.
- Anthropic
- Claude Opus 4.8 · Claude Opus 4.7 · Claude Opus 4.5 · Claude Sonnet 4.6 · Claude Sonnet 4.5 · Claude Haiku 4.5
- OpenAI
- GPT-5 · GPT-5 Codex · Codex 5.6 Sol · o-series (reasoning)
- Gemini
Nothing to configure. A constant operating posture stays fixed across every model; per-model conditioning swaps automatically with the model you're on.
Every feature ships with deterministic QA
One command. Production build. Full desktop browser matrix. Pass/fail evidence. Not "we test on 6 browsers." We prove the UI actually works.
Zero-Config Production Launcher
One command builds, starts a production server, runs the full browser matrix, and tears down, no manual steps, no flaky dev servers.
Deterministic Stateful Verification
Readiness hooks gate every interaction. Assertions prove the UI actually works, not just that it rendered. Controlled inputs, workflow state, derived text: all verified.
Reusable Governed Standards
Every project inherits the same QA baseline from the hub. Config templates, launcher scripts, and test patterns: adopt them in your own projects.
Evidence-Grade Audit Trail
Pass/fail results, screenshots on failure, traces on retry. QA evidence feeds directly into compliance and procurement workflows.
Desktop-First Browser Matrix
Chromium + WebKit desktop as the mandatory default. Mobile coverage is opt-in regression insurance.
Simple, transparent pricing
Start free with Community harness modules. Upgrade when you need the full harness library, release gates, sensor packs, more IDEs, or team governance.
Community
Core skills for individual developers. Cursor-only adapter. No governance, no CLI. Top-of-funnel for the platform.
- 8 included harness modules
- 1 adapter(s)
- Governance profile: none
- Support: none
- Best-fit bundle: Guided first-project experience with starter pack orchestration, templates, and learning path.
Pro
Every standard skill, CLI tool, 4 adapters, standard governance, and skill compiler. For professional developers and freelancers.
- 93 included harness modules
- 4 adapter(s)
- Governance profile: standard
- Support: 48h response
- Best-fit bundle: Workflow-first bundle for build, test, review, refactor, and release readiness.
Team
Everything in Pro plus all 8 IDE adapters, team governance dashboard, cross-project intelligence, execution logging, feedback capture, and the customer Evidence Center with 90-day retention. For engineering teams of 5-50.
- 93 included harness modules
- 8 adapter(s)
- Governance profile: enterprise
- Support: 24h response
- Best-fit bundle: Policy gates, role-based access, evidence dashboards, procurement responses, and compliance control surfaces.
- Minimum 5 seats
- Includes cross project intelligence
Enterprise
All skills, all governance features, all adapters, plus compliance mapping, incident response, IP scanning, SSO, verified Evidence Center exports, one-year evidence retention, custom skill development, and on-premise deployment.
- 97 included harness modules
- 9 adapter(s)
- Governance profile: maximum
- Support: 4h response
- Best-fit bundle: Policy gates, role-based access, evidence dashboards, procurement responses, and compliance control surfaces.
- Minimum 10 seats
- Includes cross project intelligence
Volume discounts available: 15% off for 6-20 seats, 25% off for 21-50 seats, 35% off for 51-100 seats.
Add a harness around your AI coding agents
Start with the free Cursor harness modules. Upgrade for the full harness library, release gates, sensor packs, and multi-IDE governance.