Start here

Four tools,
one pipeline.

CorvidLabs builds a small, composable toolchain for shipping software you can trust, whether a human or an agent wrote it. A change flows through four layers: a contract you can check, a lifecycle that runs the checks, a risk read on the diff, and a signed trust record. This page wires all four together in about ten minutes.

Get started → All projects

The pipeline

Each tool is a layer the next one builds on. You can adopt them one at a time, left to right.

01 The contract

spec-sync

Write what a module does in a *.spec.md file. spec-sync proves the code still matches it (in both directions) and fails CI on drift.

$ specsync check 02 The lifecycle

fledge

One CLI runs your whole loop: build, test, spec-check, release. fledge lanes run verify is the single gate every CorvidLabs repo shares.

$ fledge lanes run verify 03 The risk read

augur

Every diff gets a deterministic verdict (proceed, review, or block) with no API key and no LLM. Gate humans and agents on the same number.

$ augur gate --threshold block 04 The trust record

attest

Record who (or what) reviewed a commit and at what confidence, signed and stored in git notes. attest verify turns that record into a CI gate.

$ attest verify --commit HEAD

Four steps to a gated repo

From an empty machine to a change that's checked, risk-scored, and recorded.

Install the toolchain

Everything ships through the Homebrew tap. fledge and spec-sync are the substrate; augur and attest layer on top.

# one tap, four tools
$ brew tap CorvidLabs/tap
$ brew install fledge spec-sync augur attest

Check your machine

fledge doctor is the first command a new contributor runs. It validates the toolchain, the config, and surfaces anything missing.

$ fledge doctor
✓ toolchain healthy
✓ fledge.toml valid · 4 tasks, 1 lane

Run the single gate

fledge composes your tasks into a verify lane, including spec-sync's drift check. This is what CI runs on every PR.

$ fledge lanes run verify
✓ fmt-check 120ms
✓ test 18.1s
✓ spec-check 240ms
→ verify passed

Score the change, record the trust

augur reads the diff and returns a verdict; pipe it into attest to write a signed, commit-keyed provenance record. CI (or an agent) can then gate on it.

# assess, then attest in one line
$ augur check --range main..HEAD --json \
| attest sign --commit HEAD --reviewer agent:ci --from-augur -
✓ recorded agent:ci on 9f2a1c4e · verdict proceed

Put it in CI

spec-sync, augur, and attest each ship a GitHub Action. A trust gate on every PR is three steps.

# .github/workflows/trust.yml
steps:
  - uses: actions/checkout@v4
    with: { fetch-depth: 0 }
  - uses: CorvidLabs/spec-sync@v4  # contract holds
  - uses: CorvidLabs/augur@v0     # risk under threshold
    with: { threshold: block }
  - uses: CorvidLabs/attest@v0    # trust recorded

Why it's shaped this way

Deterministic by default

spec-sync and augur reach a verdict with no model call. Same input, same answer: reproducible in CI and in review.

Built for agents and humans

The same gates that fail a human's PR give an autonomous agent a stop condition, and attest leaves an audit trail of what decided what.

Portable, no lock-in

Single binaries, plain files: `*.spec.md`, `fledge.toml`, `.augur.toml`, `.attest.json`, git notes. Nothing to host; it travels with the repo.

Pick a layer and go deeper

Each tool has its own page with concepts, commands, and a quickstart.

spec-sync fledge augur attest

Four tools, one pipeline.