v0.4.0 · the trust layer for agent-written code

Record who vetted
this change, and prove it.

A verifiable, policy-gated ledger of who reviewed what and at what confidence, keyed to commit SHAs and stored in git notes. Optionally Ed25519-signed. augur scores the risk; attest records the trust.

Get started Read the policy model

Zero setup: attest sign --reviewer agent:claude --confidence 0.92

attest log · commit 9f2c1a7b04
ok agent:claude verdict:proceed conf:92%
tests:ok · human:- · signed[ok]
ok human:leif verdict:review conf:95%
tests:ok · human:ok · signed[ok]
! human:leif verdict:proceed conf:99%
pinned reviewer · unsigned · rejected by signerPinning
attest verify · [x] FAIL · exit 1 : human:leif is pinned but this record is unsigned
  • 11
    policy rules
    all optional, permissive defaults
  • 0
    services
    stored in git notes, no DB, no backend
  • 1
    key, optional
    Ed25519, unsigned records still valid
  • 5
    subcommands
    sign · verify · log · export · keygen

sign → verify

Trust that travels with the repo.

An agent records its verdict; a human signs off; a policy gates the merge. The record lives in refs/notes/attest and moves with every git push.

attest sign records a signed attestation for the HEAD commit; attest log prints the colored ledger showing the reviewer, 92% confidence, passing tests and a valid signature; attest verify checks it against release.json and passes.

The loop

Score, record, gate.

Agents made code cheap; the scarce resource is now trust. attest is the missing primitive: a portable record an agent or a human can verify, and a policy CI can block on.

  • Step 1

    Record

    Capture who or what reviewed a change, at what confidence, keyed to the commit SHA.

    $ attest sign --reviewer agent:claude --from-augur -
    • augur pipe verdict + confidence auto-filled from augur's risk score
    • git notes stored in refs/notes/attest, no service, no database
  • Step 2 Ed25519

    Sign

    Attach a detached Ed25519 signature over a deterministic canonical form anyone can verify.

    $ attest keygen && attest sign … --sign
    • Optional unsigned records are still valid; signing is opt-in
    • Pinned identity signerPinning binds human:leif to a key, stopping spoofs
  • Step 3

    Gate

    Block a merge when a commit lacks the trust a policy demands, so an agent escalates instead of merging blind.

    $ attest verify --policy .attest.json
    • Exit-code gate non-zero on any violation; CI and agent loops gate on it
    • Audit export attest export: one stable JSON document for compliance

attest + augur

augur scores the risk.
attest records the trust.

augur answers how risky is this diff, and should a human look?, but that verdict is ephemeral. attest makes it durable: a portable, optionally-signed record of what vetted a change, and a policy CI and agents can gate on. They compose over a pipe; attest never links augur.

augur check --json | attest sign --from-augur -

--from-augur copies augur's verdict and maps its riskScore (0…100) to confidence = 1 − riskScore/100. A risk-45 review diff becomes a 0.55-confidence attestation.

Stop losing the trust trail.
Make provenance portable.

Build attest, record your first attestation, and verify it against a policy in under a minute.

swift build -c release && install .build/release/attest /usr/local/bin
Read the docs Signing & identity