🔮 v0.4.0 · no API key · no LLM

Graded trust
for code changes.

`augur` reads a diff and tells you how risky it is, and whether a human should look, as a deterministic, scriptable verdict: proceed, review, or block.

PROCEED REVIEW BLOCK
Get started See the signals

Build it: swift build -c release · macOS & Linux · Swift 6 · git

Colored, TTY-aware output: --color auto|always|never, honors NO_COLOR; piped & JSON stay plain.

Running augur check on a working-tree change: it returns a REVIEW verdict at risk 35 of 100 because the edited file matches the sensitive 'secrets' category.
  • 3
    verdicts
    proceed · review · block
  • 8
    signals
    all from git + the filesystem
  • 0
    API keys
    no LLM in the core, ever
  • 0
    third-party deps
    AugurKit is Foundation-only

Why it exists

Agents made code cheap.
The scarce resource is now trust.

`augur` turns the senior-engineer instinct ("this part is fine, that part needs a careful look") into a deterministic artifact both humans and agents can act on.

  • Humans triage

    Spend review attention on the risky 10% of a 40-file PR. `augur` sorts the files riskiest-first and tells you exactly which signal fired.

  • Agents gate

    augur gate exits non-zero so an agent escalates to a human instead of merging blind. Drop it in a CI step or an agent loop.

  • Deterministic & grounded

    Every signal is derived from git history and the filesystem. No model, no network. A history calibration reports whether a score is guessing or grounded.

Eight signals, one verdict.

Read the signal reference

Each signal is a pure function over the change surface and git history, contributing a documented weight to a transparent blend. No opaque numbers.

  • sensitivity

    Touches secrets, auth, crypto, payments, migrations, infra, CI, or dependency manifests.

  • test-gap

    Code changed with no test in the changeset, or, with coverage, the uncovered fraction of changed lines.

  • churn

    Hot files that change constantly are fragile.

  • coupling

    A file's usual co-change partner is absent from the change.

  • diff-shape

    Large single-file edits are harder to review.

  • ownership

    Bus-factor (single author) or diffuse ownership (many authors).

  • incident

    The file's own history of reverts / hotfixes.

  • codeowners

    A changed file with no declared owner in the repo's CODEOWNERS.

Trust pipeline

augur scores the risk.
attest records the trust.

A verdict from `augur` is ephemeral: it lives for one CI run and is gone. Its sibling attest makes it durable: a signed-or-unsigned provenance note, keyed to the commit SHA, of who or what reviewed a change and at what confidence. They compose over a pipe and never link to each other.

augur check --json | attest sign --from-augur -   # record the trust
attest verify --policy .attest.json               # gate on it
CI integration & SARIF

Stop merging on vibes.
Get a verdict.

Build augur and run your first risk assessment in under a minute.

augur check --range main..HEAD
Read the docs View on GitHub