-
Notifications
You must be signed in to change notification settings - Fork 0
feat: Dorian Claim Warrants for Claude Code (v1.3.0) #24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
99bca9b
feat: add Claude Code claim-warrants scaffolder
ajay-dev-2112 2e6265f
test: cover claim-warrants scaffolder, hook, and wheel packaging
ajay-dev-2112 a3777a7
docs: Dorian claim warrants for Claude Code + Agent Receipts distinction
ajay-dev-2112 1d326c5
release: prepare v1.3.0 (claim-warrants integration) + dogfood warrant
ajay-dev-2112 1bf8780
docs: add v1.3.0 release notes
ajay-dev-2112 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| # Dorian claim warrants vs Agent Receipts | ||
|
|
||
| Two projects with adjacent names answer **different questions**. They are | ||
| complementary, not substitutes. This page keeps them distinct so you pick the right | ||
| tool — and so Dorian's "receipt" metaphor is never mistaken for the Agent Receipts | ||
| protocol. | ||
|
|
||
| ## Two different questions | ||
|
|
||
| | | **Agent Receipts** / Obsigna | **Dorian claim warrants** | | ||
| |---|---|---| | ||
| | Core question | *What did the agent do, on whose authority, with what inputs — and was the log tampered with?* | *Is this specific engineering claim true now, and will it revoke when later code makes it false?* | | ||
| | Unit of record | An **action** (a tool call the agent made) | A **claim** (a checkable fact a change asserts) | | ||
| | Mechanism | A daemon records a tamper-evident **receipt for every tool call**, structured as a W3C Verifiable Credential (`type AgentReceipt`), **signed with Ed25519** and **hash-chained** to the previous receipt | A deterministic checker (AST/regex/file-symbol/`pytest`/data) seals a passing claim into a git `.warrant`; later drift folds it to `REVOKED` | | ||
| | Trust property | Integrity of the **action log** (it can't be silently altered) | Truth of the **stated claim** (it can't silently rot as code drifts) | | ||
| | When it runs | Continuously, as the agent acts | At seal time, then on later diffs — **token-free**, no model | | ||
| | Cryptography | Ed25519 signatures, hash-chain | Content-addressed warrant id (SHA-256); **unsigned** today | | ||
| | Surface | Obsigna ecosystem: hook, MCP proxy, SDKs (Go/TS/Python), dashboard | Local-first CLI + GitHub Action; no SaaS, no dashboard | | ||
|
|
||
| > Facts about Agent Receipts above are from agentreceipts.ai (verified 2026-06-27): | ||
| > "a tamper-evident receipt for every tool call your agent makes", "structured as a | ||
| > W3C Verifiable Credential with type AgentReceipt", "signed with Ed25519", "hash | ||
| > link to the previous receipt, forming a tamper-evident sequence". | ||
|
|
||
| ## Why "receipt" here is a metaphor, not a brand | ||
|
|
||
| Dorian claim warrants are **receipts for checkable engineering claims, not receipts | ||
| for agent actions.** The word describes the artifact ("proof this stated fact held | ||
| when sealed, and an alarm if it later breaks"). Dorian does **not**: | ||
|
|
||
| - record every tool call the agent made, | ||
| - prove *what the agent did* or *who authorized it*, | ||
| - produce a signed, hash-chained action audit trail, | ||
| - replace Agent Receipts, Sigstore, SLSA, in-toto, or audit logs. | ||
|
|
||
| So the product name is **claim warrants**, never "agent receipts". | ||
|
|
||
| ## They are complementary | ||
|
|
||
| - **Agent Receipts** can prove the agent actually called `Edit`/`Write`/`Run` — the | ||
| provenance of the *actions*. | ||
| - **Dorian** can prove the agent's stated engineering *claim* ("the default is still | ||
| `False`", "`requires-python` is `>=3.11`") was true when sealed, and detect when a | ||
| later commit silently makes it false. | ||
|
|
||
| An action log tells you *that the agent did something*. A claim warrant tells you | ||
| *whether what it said it accomplished is still true*. Used together: Agent Receipts | ||
| for action provenance, Dorian for claim truth over time. | ||
|
|
||
| ## What Dorian deliberately is not | ||
|
|
||
| Dorian is local-first, git-native, deterministic, and token-free at check time. It | ||
| is **not** a sandbox (`C4`/`C5` checkers execute code — trusted repos only), not an | ||
| LLM judge, not a SaaS, not a dashboard, and not a generic agent-action recorder. See | ||
| [`SECURITY_BOUNDARY.md`](SECURITY_BOUNDARY.md) and | ||
| [`VALIDATION_HONESTY.md`](VALIDATION_HONESTY.md). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Fix broken inline code span across line break.
The command on Line 314-315 uses single backticks (inline code span) but spans a line break inside a blockquote. In standard markdown, inline code cannot contain newlines — the backtick pair ends at the newline, so
--binding-gate=warnrenders as plain text rather than code. Use a fenced code block or keep the command on one line.📝 Proposed fix
Replace the inline backticks with a fenced code block inside the blockquote:
📝 Committable suggestion
🤖 Prompt for AI Agents