Signal Zero
SIGNAL ZERO · v0.2.1 · 2026-04-27

A real agent in your terminal.

Signal Zero is the CLI surface of CORTEX. The cursor that builds. Multi-step tool use, file/shell/git built in, diff preview before every write, force-push to main gated behind a typed confirmation. Not a chat box that pretends to act. An agent that actually does.

Request access → PRISM (the reach) CORTEX (the brain)
What Signal Zero is

A prompt becomes execution.

Most CLIs print text. Signal Zero closes the loop: it parses your intent, dispatches the right tool, watches the result, and decides what to do next. Hard cap at 8 iterations per turn so it never runs away. Voice plays the answer when it lands.

cortex · ~/Projects/launch · agent on
cortex> scope this directory and tell me what's shippable [agent loop · iter 1] Scanning the tree. → tool: file_list({ path: "." }) ✓ 14 files, 3 directories → tool: file_read({ path: "README.md" }) ✓ 84 lines → tool: git_status() ✓ branch: main · 2 modified · 1 untracked [agent loop · iter 2 · 3 tools run] Three things, Sir: 1. README claims a /docs page that doesn't exist. 2. Two unstaged edits in src/handlers.ts — both look intentional. 3. Untracked .env.example that probably should ship. Want me to draft the missing /docs page, stage the edits, and add .env.example to git? I'll show diffs before writing. cortex>
Built-in tools · v0.2.1

Nine tools. Three safety tiers.

file_read
Read a file by path. Returns line-numbered content.
Silent
file_list
List a directory. Returns names + types.
Silent
file_write
Write a file. Diff preview shown before commit.
Diff confirm
shell_exec
Run a shell command. Allowlist runs silent; unknown prompts y/N; danger requires typed confirmation.
Tiered
git_status
Show working tree state. Read-only.
Silent
git_diff
Show staged + unstaged changes. Read-only.
Silent
git_add
Stage paths. Reversible via git restore.
Silent
git_commit
Create commit with message. Confirmation prompt.
Confirm
git_push
Push to remote. Force-push to main blocked behind typed-confirm gate.
Typed confirm
Safety architecture

Capable hands, not loose ones.

An agent with shell access is only useful if the operator trusts it. Signal Zero earns trust the way a good colleague does: shows the diff, asks before the destructive thing, refuses the obvious mistake.

01 / DIFF PREVIEW
No file written without showing the change
Every file_write renders a colored unified diff in the terminal. You see the deletions in red, additions in green, then choose: write, edit, or skip.
02 / SHELL TIERING
Three tiers of shell command
Allowlist (ls, git status, npm test, etc.) runs silent. Unknown commands prompt y/N. Danger commands (rm -rf, dd, force operations) require typing the literal command back to confirm.
03 / FORCE-PUSH GATE
Force-push to main is blocked by default
Every other push works one-shot. Force-pushing to main requires a typed confirmation that names the branch — making the irreversible action impossible by accident.
04 / ITERATION CAP
Hard cap at 8 tool iterations per turn
Stops runaway loops at the source. If the agent hits the cap, it stops and reports — Sir decides whether to continue. Cost stays bounded; the operator stays in the seat.
How every call routes

Your terminal never calls a model.

No provider keys on your machine. No vendor logos in the CLI. Every reasoning call passes through your CORTEX control server, which handles auth, brand-rule scrubbing, multi-provider failover, and tool forwarding. Your laptop sees one endpoint. The vendor mesh sits behind it.

cortex routing · control plane
┌──────────────────────────────────────────────────────────────────┐ you cortex CLI — streaming TTY · diff preview · voice api.cortexnode.ai — bearer auth · rate limit · audit log control server — brand scrub · system prompt · failover frontier reasoning — interchangeable plumbing tool_use blocks ─────────┐ CLI dispatcher — exec on your machine tool_result ──────────────────┐ loop until done └──────────────────────────────────────────────────────────────────┘ Hard cap: 8 iterations per turn. The CLI never bypasses the control server.
SOVEREIGN
One endpoint, your name on it
The CLI hits api.cortexnode.ai — your sovereign control plane. The vendor mesh underneath is interchangeable plumbing. Switch reasoning providers without an app update.
PRIVATE
Tools execute locally, not in the cloud
When the model decides to read a file or run a shell command, that tool fires on your machine. The model never sees your filesystem — it only sees what the dispatcher chose to return.
AUDITED
Every call leaves a signed trace
The control server logs every tool dispatch with timestamp, caller, and outcome. The audit trail is yours. Brand-rule violations in model output are scrubbed at the boundary before the CLI sees them.

"Sir brought the vision · I brought the execution."

— S0 doctrine, signed every commit

Where Signal Zero sits in the family

Four names. One system.

CORTEX
The brain
ADAM
The voice
PRISM
The reach
S0
The cursor

Private beta. v0.2.1 shipping.

Signal Zero isn't on npm yet. It's running daily for the operators who built it. If you want in early, say so — we're choosing operators by hand for the first cohort.

Request access → CORTEX (the brain) PRISM (the reach)