Provasign

Certified delivery
for AI coding agents.

Every AI-generated commit signed, tested, and traceable to the prompt that created it. Pre-commit gates. Ed25519-signed certificates. Full audit replay. One binary. No services to run. No CI loop.

Certified delivery How it works Use cases
▶  Agent Setup Manual Install GitHub ↗
provasign.dev MIT · AGPL-3.0 · Local-first · No telemetry
auth.go Login() validate() User session.go NewSession() auth_test.go defines calls tests imports
The problem

AI agents write code.
Nobody built what happens next.

Every agent still delivers through a PR → CI loop designed for humans. When an agent opens a PR, CI finds an issue. You send it back. CI finds another. Each loop costs 5–15 minutes of human attention and the agent has lost context by the second iteration. Multiply by the number of agent PRs your team merges each week.

Provasign moves the quality gate into the agent's loop. Sub-10s findings — build, tests, coverage, secrets, SAST — returned as structured results before the agent opens any PR. The agent self-corrects. CI becomes a formality, not a gatekeeper.

When compliance asks what the agent did — there's no answer. The PR says "refactor auth." CI shows green. The agent session is gone, the original prompt is gone. Nobody knows which gates ran, what the agent was asked to do, or what was suppressed. This is a compliance gap today, and a regulatory exposure under the EU AI Act.

Provasign captures the verbatim user prompt as a signed YAML intent before any code is written. Every admission carries an Ed25519-signed certificate over the exact changeset, toolchain, policy config, and gate results. provasign cert replay re-runs the gates at any time and returns a cryptographic verdict.
The product

One binary.
The complete delivery layer for AI coding agents.

provasign · AGPL-3.0

Provasign

Certified delivery for AI coding agents. Intent capture, pre-commit gates, Ed25519-signed admission certificates, and cryptographic audit replay — all in one local-first binary.

  • Captures the verbatim user prompt as a signed YAML intent before coding starts
  • Runs build, tests, coverage, secrets, SAST, dep audit — in the agent's loop, not after a PR
  • Issues Ed25519-signed certificates: what gates ran, what config was in force, what toolchain version
  • Audit replay: provasign cert replay re-runs gates against any historical commit
  • MCP integration — agent calls provasign_check automatically before every PR
  • Powered by Grove — an embedded code knowledge graph that maps symbols, blast radius, and test coverage for every change
Full docs →

Also open source, built on Grove:

Prism — graph-ranked context delivery for any AI agent. Cuts token use 35–92% on first reads, ~99% on re-reads. Free, MIT licensed.   ·   Fuse — symbol-aware Git merge driver. Resolves ~85% of false conflicts automatically. Free, MIT licensed.

Install

Get started in minutes.

# In Claude Code — the agent detects your platform, fetches the latest release,
# verifies checksums, and wires everything into your project:
claude "Follow the setup instructions at https://provasign.dev/assets/AGENT_SETUP_PROMPT.md"

# In any other MCP agent — paste this URL and say "follow the setup instructions":
# https://provasign.dev/assets/AGENT_SETUP_PROMPT.md
# Provasign bundles Grove as a library — one binary, no services, no ports, no tokens.
curl -fsSL https://provasign.dev/assets/install.sh | GROVE_SUITE_PRODUCTS=provasign bash

cd /your/project
provasign init --stack=auto   # scaffolds policy, generates Ed25519 key,
                           # writes agent instructions into CLAUDE.md, .cursorrules, etc.
provasign hook install        # git pre-push backstop
git add .provasign/ && git commit -m "Add Provasign configuration"
# Each product is a standalone binary — install whichever you want.
curl -fsSL https://provasign.dev/assets/install.sh | bash

cd /your/project
provasign init --stack=auto && provasign hook install   # certified delivery
prism init && prism index                       # token-efficient context
fuse install                                     # symbol-level merge
echo "*.go merge=fuse" >> .gitattributes