Skip to content

CorvidLabs/fledge-plugin-attest

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

8 Commits
.github/workflows
.github/workflows
ย 
ย 
Sources/fledge-attest
Sources/fledge-attest
ย 
ย 
site
site
ย 
ย 
.gitignore
.gitignore
ย 
ย 
CHANGELOG.md
CHANGELOG.md
ย 
ย 
LICENSE
LICENSE
ย 
ย 
Package.resolved
Package.resolved
ย 
ย 
Package.swift
Package.swift
ย 
ย 
README.md
README.md
ย 
ย 
fledge.toml
fledge.toml
ย 
ย 
plugin.toml
plugin.toml
ย 
ย 

Repository files navigation

fledge-plugin-attest

๐Ÿ” Run attest, a signed provenance ledger for code changes, as a first-class fledge attest command.

A plugin for fledge.

It records who or what reviewed a change and at what confidence, keyed to git commit SHAs and stored portably in git notes (refs/notes/attest), so the trust record travels with the repository across every git host. Signing is optional (an unsigned attestation is still a valid record), so the plugin works with zero setup. A policy in .attest.json lets CI and agent loops gate on the recorded trust.

This plugin links AttestKit directly, so it is self-contained: there is no separate attest binary to install. It drives the same engine types the upstream CLI uses, so behaviour and storage are identical.

macOS-only. attest/AttestKit target macOS 13+, so this plugin does too. No Linux/Windows support.

Dependency. This plugin depends on CorvidLabs/attest via Swift Package Manager, 0.1.0 or newer. swift build resolves it transitively; you need read access to that repository for the build to fetch it.

Install

fledge plugins install CorvidLabs/fledge-plugin-attest

Usage

# Record an attestation on HEAD (unsigned, zero setup)
fledge attest sign --reviewer agent:claude --confidence 0.9 --verdict proceed

# Record that a human approved a change, and sign it
fledge attest sign --reviewer human:leif --human-approved --sign

# Pipe an augur verdict straight in (auto-fills verdict + confidence)
augur check --json | fledge attest sign --reviewer agent:claude --from-augur -

# Gate a range against .attest.json, exits non-zero on any violation (CI / agents)
fledge attest verify --range main..HEAD

# List the recorded ledger (add --json for machine output)
fledge attest log

# Emit a single stable JSON audit document for a range
fledge attest export --range main..HEAD --policy .attest.json

Subcommands

Command Purpose
sign Record an attestation for a commit, written to git notes.
verify Exit non-zero if any commit in a range violates policy (CI / agent gating).
log List recorded attestations, human-readable or JSON.
export Emit the complete provenance trail across a range as one stable JSON audit document.

Signing uses the key from attest keygen (~/.config/attest/key). Generate one with the upstream attest CLI if you want signed attestations; unsigned attestations need no key.

Git notes are not pushed by default; share the ledger with git push origin "refs/notes/*".

License

MIT

About

๐Ÿ” Record and verify signed provenance as `fledge attest`: who reviewed which commit, kept in git notes.

corvidlabs.github.io/fledge-plugin-attest/

Topics

swift cli provenance attest fledge fledge-plugin

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

fledge-plugin-attest v0.1.0 Latest
Jun 10, 2026

Packages

 
 
 

Contributors

Languages