Quickstart: from detecting to proving (Pro)
You're already using the free tier: the merge gate detects breaking changes in AI-written code. Pro adds the proof — a signed, replayable attestation for every AI-assisted merge, plus the audit trail around it.
Free detects. Pro proves.
What the attestation is
Every gated run emits a delimit.attestation.v1 bundle: repo head before/after, changed files, gate results, and a signature. Anyone can verify it later — offline, or via its replay URL — without trusting the machine that produced it.
delimit wrap gates any AI-assisted CLI invocation — advisory-first, like everything else. Bundles land in ~/.delimit/attestations/.
Verification is free and stays free, so the people you hand a receipt to don't need an account:
npx delimit-cli seal-verify receipt.json # offline: Ed25519 signature + content pin
Or open the delimit.ai/att/<id> replay URL.
See it on real specs first
Before paying for anything, look at the worked examples — real, reproducible merge-gate runs against public API specs (Stripe, OpenAI, Anthropic, cal.com, and others):
- Index: delimit.ai/reports
- Schema and signing methodology behind every report: delimit.ai/methodology/mcp-attestation
You can also run the attestation methodology check locally against your own repo (preview only, writes .delimit/attestation-preview.json):
npx delimit-cli attest mcp
What Pro unlocks
On top of the free merge gate (lint, diff, semver, scan, ledger, local memory):
| Capability | Tools |
|---|---|
| Evidence collection | delimit_evidence_collect — signed evidence bundle after every gate event |
| Tamper verification | delimit_evidence_verify — confirm a bundle hasn't been altered |
| Unlimited multi-model deliberation | delimit_deliberate (free tier: 3, then BYOK) |
| Security audit | dependency scanning, secret detection, SAST |
| Test verification | confirms tests actually ran, measures coverage |
| Semantic memory search | delimit_memory_search — recall by meaning, across sessions and assistants |
Downstream artifacts you can build from attestations, on any tier:
npx delimit-cli trust-page -o ./trust # static public trust page from your attestations npx delimit-cli ai-sbom -o ./ai-sbom.json # CycloneDX-AI bill of materials
Activate
- Get a license key at delimit.ai/pricing
- Activate it:
npx delimit-cli activate <key>
3. Confirm:
npx delimit-cli status # shows license state alongside the rest of your setup npx delimit-cli doctor
For hosted multi-model deliberation (instead of BYOK):
npx delimit-cli signin
Honest scope
- Attestations prove what the gate checked and what the result was, pinned to exact content. They don't prove the code is correct — they prove the checks ran and what they found.
delimit attest mcpis a local preview of the methodology check, not a signed report.- Verification (
seal-verify, replay URLs) requires no license — proofs are only useful if anyone can check them.