Asagiri
Concepts

Trust & verification engine

Local-first confidence scoring, structured checks, and blocking gates before delivery.

Trust & verification engine

spec-my-B — deterministic validation layer between agent implementation and merge-ready delivery.

Principles

  • No implicit trust — every score ties to checks, contracts, flows, tests, or evidence.
  • Confidence ≠ correctness — high scores show coverage, not proof (ADR-021).
  • Composable checks — specialized runners aggregate into six dimensions.
  • Visible risk — blast radius, residual risk, and uncovered areas appear in reports.

Pipeline

implementation
  → verification checks (internal/trust/checks/)
  → confidence scoring (6 dimensions)
  → verification gates (config verification:)
  → review / work continuation

Six confidence dimensions

DimensionMeasures
ArchitectureContracts, layering, dependencies, blast radius
ImplementationTests, diff quality, stability estimates
Flow integrityStates, transitions, permissions, actions
ObservabilityLogs, metrics, traces, dashboards
SecurityAuth, permissions, secrets, destructive paths
RegressionImpacted flows, coverage, critical deps

Artefacts

Each run writes under .asagiri/trust/<trust-id>/:

  • report.md / report.json — human and machine-readable summary
  • replay.yaml — manifest for asa trust replay <id>

CLI

CommandPurpose
asa verify trustRun full pipeline on a product flow
asa trust gatesShow active gate profile and pass/fail
asa trust replayRe-run checks from a prior manifest
asa work --strict-trustBlock work when gates fail after implementation

Configuration

Gate thresholds live in verification inside .asagiri/config.yaml.

Code layout

internal/trust/
  engine.go
  report.go
  gates.go
  checks/
  confidence/
  replay/

Uses product assets (.asagiri/products/<id>/flows, contracts/) and analysis graphs when available.