Documentation
attest records signed attestations (who or what reviewed a change, and at what
confidence) keyed to git commit SHAs and stored in git notes (refs/notes/attest), so the
trail travels with your repository across every git host. It is the trust-record companion to
augur: augur scores the risk; attest records the
trust.
Start here
- Quickstart: install, record your first attestation, and verify it against a policy in under a minute.
- Policy reference: every one of the 11 rules, with JSON examples and
the
WhenVerdictAtLeastsemantics. - CLI reference:
sign,verify,log,export,keygen, every flag and exit code. - Signing & identity: Ed25519,
keygen,trustedKeys/signerPinning, and preventing reviewer spoofing. - CI integration: the
attest-verifyaction, the augur → attest pipeline, and audit export. - Architecture: the
AttestKitvs CLI split, canonical serialization, git-notes storage, and the verify / export flow.
The shape of a record
An Attestation is a provenance record keyed to a commit SHA: a reviewer
(agent:claude, human:leif), a confidence (0…1), an optional verdict
(proceed / review / block), testsPassed and humanApproved flags, a timestamp, an
optional note, and (when signed) a base64 Ed25519 signature and publicKey.
Signing is optional: an unsigned attestation is a fully valid record. Signing is what lets a policy trust a record and bind it to an identity.
Why it exists
Agents made code cheap to produce; the scarce resource is now trust. When an agent lands a change, there is no native, portable record of which agent or human vetted it, and that context is lost the moment the PR merges. attest is that missing primitive:
- Humans get an auditable trail: who signed off on what, and how sure they were.
- Agents get a gate:
attest verifyexits non-zero when a commit lacks the trust a policy demands, so an agent escalates instead of merging blind.