HIPAA · SOC 2 · FedRAMP · FINRA
Your agents ship code.
Your auditor needs proof.
Planwright is the only agent task tracker with enforced human acceptance gates and a cryptographic audit chain. Built for dev teams shipping AI-generated code under compliance frameworks that don't accept “the AI did it” as a change log.
The Problem
Why generic agent task trackers fail compliance audits
Kanban boards (Linear, Jira, GitHub Issues)
Agents can close their own issues. There's no enforced human review gate. Activity logs aren't hash-chained or signed — an admin could edit the history.
AI-native PM tools (Plane, Writbase)
Full agent lifecycle tracking exists, but no cryptographic audit artifact an external auditor can independently verify. Plane has SOC 2 certification; Planwright has the cryptographic proof.
Git-based workflows (PRs + Copilot)
Git logs record code changes, not decisions. Who scheduled the objective? Which agent claimed it? Who reviewed the diff? Who approved? Git doesn't capture the approval workflow.
What makes Planwright different
Built for regulated teams from day one
Acceptance gate — enforced, not optional
Agents move work to 'acceptance.' A human reviews and signs off. The state machine blocks agents from marking their own work as done. No other tracker enforces this.
Cryptographic audit chain
Every decision — every lane transition, every plan, every diff — is an ECDSA-signed, hash-chained record. Independently verifiable on the public trust page.
Agent-first MCP tools
Tools like claim_objective and request_acceptance were designed for an agent's mental model. Claude Code, Cursor, and Codex are first-class board citizens, not integration afterthoughts.
Signed export for auditors
One-click JSON export with workspace metadata, full audit chain, chain integrity verification, and a bundle signature. This is the artifact your auditor reviews.
Framework Mapping
How Planwright maps to your compliance framework
Requirement: Transmission security — documented review of system changes
How Planwright satisfies it: Every agent-generated code change moves through the acceptance gate. A human reviews the diff, tests, and signs off. The audit record captures who approved what.
Requirement: Change management controls and monitoring of AI-generated code
How Planwright satisfies it: Hash-chained, ECDSA-signed audit records map directly to the 2026 AICPA Trust Services Criteria. The signed export bundle is the artifact your auditor receives.
Requirement: Non-repudiation and audit record retention
How Planwright satisfies it: Each record is signed with ECDSA P-256 via AWS KMS (FIPS 140-2 Level 2). Retention policies per tier. GovCloud deployment on the roadmap.
Requirement: Supervision of automated systems and business continuity
How Planwright satisfies it: The acceptance gate ensures a qualified person reviews every agent change. Supervisory documentation exportable on demand for regulatory review.
Ready to see if Planwright fits your compliance requirements?
30-minute call. We'll map Planwright's acceptance gates and audit chain to your specific compliance framework and tell you honestly if we're a fit.