Agents find the work. Nexus decides what ships.

Domain-specialized agents build new products or improve existing codebases. All governed by Nexus. Supervised or fully autonomous.

dashboard-illustration

Continuous execution. Governed by your standards.

Connect a repo and PermaShip starts working immediately. Agents scan for vulnerabilities, write missing tests, catch performance issues, propose features, and identify technical debt. Every proposal goes through Nexus, which applies your organization's strategic alignment, risk tolerance, and engineering standards before anything moves.

Choose your autonomy level. In supervised mode, Nexus surfaces vetted proposals for your review before execution. In autonomous mode, Nexus acts independently and briefs you after. Change the setting anytime.

nexus-governs-through-night
The Roster

Domain Specialists. All governed by Nexus.

Each agent owns a domain. They run continuously, surface findings, and submit proposals to Nexus. They don't wait to be asked. They just can't act alone.
CISO Agent — Security

CISO Agent, Security

Continuously scans for vulnerabilities, exposed secrets, auth gaps, and dependency risk. Proposes fixes before CVEs age out and escalates critical findings to Slack before they become incidents.
CISO Agent, Security
SRE Agent — Reliability

SRE Agent, Reliability

Monitors error budgets, infra drift, and patterns that precede outages. Proposes fixes proactively. Doesn't wait for something to break in prod.
SRE Agent, Reliability
QA Agent — Test Coverage

QA Agent, Test Coverage

Identifies uncovered paths, flaky tests, and assertion gaps. Writes tests that match your conventions and proposes them as PRs without being asked.
QA Agent, Test Coverage
CI_CD Agent — Pipeline Health

CI/CD Agent, Pipeline Health

Keeps your pipeline clean. Fixes failing checks, removes stale configs, and catches build performance regressions before they slow the team down.
CI/CD Agent, Pipeline Health
Performance Agent — Speed and Efficiency

Performance Agent, Speed and Efficiency

Catches N+1s, memory leaks, and inefficient patterns continuously. Proposes targeted fixes scoped to the problem without touching unrelated code.
Performance Agent, Speed and Efficiency
FinOps Agent — Cost Efficiency

FinOps Agent, Cost Efficiency

Finds over-provisioned resources and cost hotspots before they show up in the bill. Proposes changes with attribution so you know exactly where the waste came from.
FinOps Agent, Cost Efficiency
UX Agent — Frontend Quality

UX Agent, Frontend Quality

Scans frontend code for accessibility violations, component drift, and UX inconsistencies. Keeps the user-facing layer held to the same standard as the backend.
UX Agent, Frontend Quality
Product Manager Agent — Scope and Alignment

Product Manager Agent, Scope and Alignment

Continuously reviews implementation against stated product direction. Flags drift, catches decisions that conflict with what was agreed, and surfaces alignment issues before they compound.
Product Manager Agent, Scope and Alignment
AgentOps Agent — Agent Health

AgentOps Agent, Agent Health

Monitors the performance and output quality of the full agent roster. Keeps PermaShip calibrated and improving over time.

AgentOps Agent, Agent Health
The Executive Agent

Only Nexus can create a ticket. Everything else has to earn it.

Nexus governs and applies your organization's strategic alignment, risk posture, and values to every proposal before anything moves. Every agent submits findings and makes their case. Nexus decides whether it's worth doing, at the right time, for the right reason.

Gatekeeps the execution pipeline

Only Nexus can create tickets in PermaShip. Every other agent has to present its case and satisfy Nexus's criteria before work moves forward. This means your team only sees what's genuinely worth their attention.

Get Started

Validates sensibility before anything gets built 

Before anything is ever executed, Nexus makes sure it's even sensible to ask for the thing to be built. Bad ideas don't make it to the PR stage.

Get Started

Runs cross-agent review 

A security finding gets pressure-tested by the SRE and CI/CD agents before it moves forward. A QA proposal gets reviewed for performance impact. Nothing is a single agent's opinion.

Get Started

Performant Website

Low-risk, high-confidence proposals, dependency updates, lint fixes, test additions, can be auto-approved based on criteria your team defines. Higher-stakes findings route to human review. You decide where the line is.

Get Started

Builds organizational memory 

Every approval, rejection, and modification your team makes feeds back into Nexus's understanding of what your organization values. Over time, PermaShip gets more accurate, more relevant, and harder to replace.

Get Started

Works for technical and non-technical users

Nexus can be a customer's only interaction point with PermaShip. It fields proposals from agents and requests from humans. A technical founder and a non-technical operator can both use it without friction.

Get Started
The Architecture

Purpose-built. Not stitched together.

Every component in PermaShip is built for autonomous execution at scale. From governance to sandboxed runners to the integrations your team already uses.

Control

Control

Dashboard and API. Review proposals, set auto-approve criteria, manage budgets, and track every action PermaShip has taken. With full audit trail.

Agents and Nexus

Agents (Nexus)

The governing intelligence. Nexus oversees the full agent roster, applies your organization's strategic alignment and risk posture, runs cross-agent peer review, and gates the execution pipeline. Nothing moves without clearing Nexus.

Runners

Runners

Every job runs in its own isolated container. No shared runtimes between jobs. No cross-tenant access. Disposable workspaces, nothing persists between runs.

MCP Integration Gateway

MCP Integration Gateway

Connect external tools and services into PermaShip's execution context directly from the dashboard. Installable integrations that extend what agents can act on.



MCP Integration Gateway
Comms

Comms

Slack and Discord. Your team gets briefed where they already work.
Comms
the integrations

Plugs into your stack. No new process.

Version control, CI/CD, notifications, and project management. Connect once and PermaShip works with the tools your team already uses.

security-not-bolted

Built secure. Not bolted on

Engineered by security experts, here's exactly how PermaShip handles agents connecting to your codebase.

Organization and project boundaries are enforced at every layer. Row-level security scoping on all data access. Cross-tenant data access is prevented at the architectural level.. Data residency controls available for enterprise accounts.

Access is scoped to what PermaShip needs and nothing more. High-risk actions gate behind explicit human approval. Autonomy levels are configurable per action type. New integrations start with minimum access. Budget guardrails with usage attribution prevent runaway costs.

Every job runs in its own isolated container runtime. No shared runtimes between executions. Network egress controlled via explicit allowlists. Filesystem isolation means disposable workspaces per run with nothing persisting between sessions. CPU, memory, and time resource limits enforced per job. Optional microVM isolation available on enterprise tier.

Secrets are injected at runtime via vault-style architecture and never persisted to disk, logs, or generated code. Scoped per project with no global access. Automatic redaction in all output streams. Rotation support with zero-downtime re-injection.

Every execution produces a complete evidence package: diffs, logs, check results, and approval records. Proof of what changed, who approved, and what evidence supports it. Exportable for compliance reviews and external audits. Immutable records that cannot be modified after creation.

Every action recorded: triggers, approvals, code changes, merges. Immutable audit trail with no ability to modify or delete entries. Export to your SIEM or log aggregator on Enterprise. User attribution on every event.

 

SOC 2 Type II in progress. GDPR-compliant data handling and deletion. Data processing agreements available. Regular third-party penetration testing. Security questionnaire responses available on request.

Ready to Install

Ready to see what your codebase has been meaning to tell you?

Get Started Talk to Us