Statewright

Statewright

State machine guardrails for AI agents

Statewright

Prompt-based instructions are suggestions that agents routinely ignore under pressure. Your agent has access to every tool, every file, every command... simultaneously. A planning phase that shouldn't allow edits? The agent edits anyway. A testing phase that shouldn't touch production? One bad tool call and you're doing disaster recovery at 2am.

I built statewright after watching agents with 40+ tools spend entire context windows figuring out what to do, then doing it in the wrong order. State machines aren't DAGs — they loop, retry, and enforce. Statewright brings that to AI agents.

{
  "states": {
    "planning": {
      "allowed_tools": ["Read", "Grep", "Glob"],
      "max_iterations": 10,
      "instructions": "Read and understand the code. Do not edit.",
      "on": { "READY": "implementing" }
    },
    "implementing": {
      "allowed_tools": ["Read", "Edit", "Write"],
      "max_edit_lines": 20,
      "on": { "DONE": "testing", "FAIL": "planning" }
    }
  }
}

Each state declares which tools are available. If the agent calls something that isn't listed, the gateway rejects it with a concrete error (not a polite suggestion). Here's what that looks like:

Tool 'Edit' is not available in the 'planning' phase.
Allowed tools: Read, Grep, Glob.
To advance, call statewright_transition with: READY -> implementing.

Not a prompt. A gate.

What You Get

Tools are gated per state, not suggested. The agent can't call what isn't listed. And the workflow is just a JSON file. Define it by hand, build it in the visual editor, or have your agent call statewright_search_docs("schema") to pull the full JSON schema and generate one from context.

Guards and approval gates let you require programmatic conditions (test results, coverage thresholds) or human sign-off before transitions fire.

Run history captures every tool call, transition rationale, and phase context. When Bash is allowed but Write/Edit are not, redirects (>/>>), destructive ops (rm/shred), and in-place edits (sed -i) are blocked automatically. allowed_commands adds prefix-matched whitelisting on top.

Install

claude /plugin marketplace add statewright/statewright
claude /plugin install statewright

The plugin opens statewright.ai for signup and prompts you for an API key. Then /statewright start bugfix to run your first workflow.

Full Install Guide

Quick Start

Core Concepts

Schema Reference

Install & Setup

Get statewright running in Claude Code in under 2 minutes

On this page

StatewrightWhat You GetInstall