DocsQuickstart: Pro (Attestation)

Quickstart: from detecting to proving (Pro)

You're already using the free tier: the merge gate detects breaking changes in AI-written code. Pro adds the proof — a signed, replayable attestation for every AI-assisted merge, plus the audit trail around it.

Free detects. Pro proves.

1

What the attestation is

Every gated run emits a delimit.attestation.v1 bundle: repo head before/after, changed files, gate results, and a signature. Anyone can verify it later — offline, or via its replay URL — without trusting the machine that produced it.

$ delimit wrap -- claude "fix the flaky test in tests/api.spec.ts"
✓ repo_diagnose
✓ security_audit 0 critical · 0 secrets
✓ test_smoke 165/165
✓ changed_files 1
✓ attestation signed att_a05050eb8e13277e
delimit.attestation.v1 · HMAC-SHA256
replay → https://delimit.ai/att/att_a05050eb8e13277e

delimit wrap gates any AI-assisted CLI invocation — advisory-first, like everything else. Bundles land in ~/.delimit/attestations/.

Verification is free and stays free, so the people you hand a receipt to don't need an account:

npx delimit-cli seal-verify receipt.json    # offline: Ed25519 signature + content pin

Or open the delimit.ai/att/<id> replay URL.

2

See it on real specs first

Before paying for anything, look at the worked examples — real, reproducible merge-gate runs against public API specs (Stripe, OpenAI, Anthropic, cal.com, and others):

You can also run the attestation methodology check locally against your own repo (preview only, writes .delimit/attestation-preview.json):

npx delimit-cli attest mcp
3

What Pro unlocks

On top of the free merge gate (lint, diff, semver, scan, ledger, local memory):

CapabilityTools
Evidence collectiondelimit_evidence_collect — signed evidence bundle after every gate event
Tamper verificationdelimit_evidence_verify — confirm a bundle hasn't been altered
Unlimited multi-model deliberationdelimit_deliberate (free tier: 3, then BYOK)
Security auditdependency scanning, secret detection, SAST
Test verificationconfirms tests actually ran, measures coverage
Semantic memory searchdelimit_memory_search — recall by meaning, across sessions and assistants

Downstream artifacts you can build from attestations, on any tier:

npx delimit-cli trust-page -o ./trust       # static public trust page from your attestations
npx delimit-cli ai-sbom -o ./ai-sbom.json   # CycloneDX-AI bill of materials
4

Activate

  1. Get a license key at delimit.ai/pricing
  2. Activate it:
npx delimit-cli activate <key>

3. Confirm:

npx delimit-cli status    # shows license state alongside the rest of your setup
npx delimit-cli doctor

For hosted multi-model deliberation (instead of BYOK):

npx delimit-cli signin
5

Honest scope

  • Attestations prove what the gate checked and what the result was, pinned to exact content. They don't prove the code is correct — they prove the checks ran and what they found.
  • delimit attest mcp is a local preview of the methodology check, not a signed report.
  • Verification (seal-verify, replay URLs) requires no license — proofs are only useful if anyone can check them.