SRT-1 is a 7-stage codebase intelligence pipeline that produces a verified Code Manifest. It gives any AI assistant a ground-truth map of your codebase — with every function tagged by architectural role and risk profile.
Start with the Quickstart to get indexed in under a minute, then read the Architecture guide to understand the pipeline stages.
Install, index your first repo, and verify the manifest.
The 7-stage SCIA pipeline from scan to signed manifest.
Integrity hashing, trust chains, and manifest verification.
SRT1CodeIndexer class, CLI flags, and manifest schema.
Set up the mobile dashboard and remote auth tokens.
How AGENTS.md and CLAUDE.md give AI complete repo comprehension.
Cryptographic provenance via the signing authority.
scia_security and scia_memory — shared infrastructure across tiers.
HTTP endpoints on port 7483 for dashboard and automation.
Get your first verified Code Manifest in under 60 seconds.
pip install srt1-core
srt1-index --repo_path /path/to/your/repo
from srt1_code_indexer import SRT1CodeIndexer indexer = SRT1CodeIndexer(repo_path=".") manifest = indexer.index_repository() # Check the manifest integrity print(manifest["integrity"]["manifest_hash"]) # SHA-256 hash
The indexer produces three outputs:
The SCIA (Seed-Class Intelligence Architecture) pipeline processes your repository through 7 deterministic stages. Each stage produces a cryptographically chained output.
Every Code Manifest includes a cryptographic trust chain that proves the manifest was produced by a clean, uninterrupted pipeline run.
Each pipeline stage appends a chained SHA-256 hash to the trust chain. The final signature combines all 7 stage hashes into a single verifiable root.
# Verify a manifest's integrity import json, hashlib manifest = json.load(open("srt1_code_manifest.json")) integrity = manifest["integrity"] print(integrity["manifest_hash"][:16]) # Integrity hash
Every artifact produced by SRT-1 carries an integrity hash — a SHA-256 digest of the full content. If any component has been modified, the hash will not match, detecting tampering or drift.
The main class for indexing repositories.
SRT1CodeIndexer(repo_path: str) # Methods .index_repository() # Run full 7-stage pipeline, return verified manifest # The manifest dict contains: manifest["metadata"] # File counts, symbol counts, timestamps manifest["file_manifest"] # SHA-256 hashes for every file manifest["symbol_table"] # Classes, functions, dependencies manifest["curation_report"] # Duplicates and overlaps manifest["reflections"] # Role + risk tags per symbol manifest["trust_chain"] # 7-stage SHA-256 chain manifest["integrity"] # SHA-256 integrity verification
| Flag | Description | Default |
|---|---|---|
| --repo_path | Path to repository root | . (current dir) |
| --port | Dashboard server port | 7483 |
| --watch | Enable file-watching mode | True |
| --no-serve | Index only, don't start server | False |
SRT-1 includes a Progressive Web App that lets you monitor your codebase, plant seeds, and view coherence scores from your phone.
srt1-code-indexer --repo_path .The mobile PWA works offline for seed planting and caches the latest coherence snapshot. Live data syncs when connectivity is restored.
When SRT-1 indexes your codebase, it generates context files that give any AI assistant complete comprehension of your repository — without re-reading every file.
| File | Consumed By | Location |
|---|---|---|
| AGENTS.md | Gemini CLI, Jules | repo root |
| CLAUDE.md | Claude Code | repo root |
| .cursorrules | Cursor AI | repo root |
| copilot-instructions.md | GitHub Copilot | .github/ |
| context.md | Any tool (canonical copy) | .srt1/ |
Each context file is identical — the same document generated from the manifest. It contains:
AUTH_SENSITIVE, FILE_IO, WRITES_TO_DB on every symbolWhen an AI assistant reads this context, it immediately knows your full architecture, patterns, and constraints — without scanning every file. This is the anti-hallucination layer.
Every artifact produced by SRT-1 is signed by the SeedSignature authority — a standalone cryptographic signing service. Signing provides tamper-proof provenance: proof of what was produced, when, and by whom.
SRT-1 calls the signing service through SigningServiceClient from the scia_security package. The service URL is configured via environment variable — no hardcoded references.
from scia_security.signing_client import SigningServiceClient client = SigningServiceClient(os.environ["SCIA_SIGNING_SERVICE_URL"]) result = client.sign({"code_index": "abc123"}, phase="production")
| Artifact | Phase | When |
|---|---|---|
| Trust bootstrap entry | bootstrap | Engine startup after indexing |
| Enforcement violations | enforcement | When violations are detected |
| Context documents | context_generation | After AGENTS.md is written |
| Violation resolutions | enforcement_resolve | When developer resolves a block |
| Violation overrides | enforcement_override | When developer overrides with justification |
| Consumer reflections | consumer_reflection | Every Seed Reflections output |
Each signed artifact receives a sealed envelope containing a composite SHA-256 hash (content + semantic + timestamp), a unique SCIA-[hash] signature ID, and a chain link to the previous signature. The signing authority verifies via a three-pillar model: content integrity, registry presence, and digest validation.
SRT-1 is built on two foundational packages from the Seed-Class Intelligence Architecture. These are shared infrastructure used across all tiers — SRT-1 Core, Seed Reflections, and SRT-1 Enterprise.
The security and provenance layer. Provides:
| Class | Purpose |
|---|---|
| SigningServiceClient | Calls the SeedSignature authority to sign artifacts |
| IntegrityValidator | SHA-256 content hashing, tamper detection, file verification |
| DataEncryptor | AES-256-GCM encryption at rest for sensitive data |
| AccessAuditLog | Append-only SQLite audit trail of all actions |
| ExecutionGraph | DAG-based operation tracking across pipeline stages |
The memory and intelligence layer. Provides:
| Class | Purpose |
|---|---|
| ReflexMemory | Fast pattern matching for immediate responses |
| RegenerativeMemory | Self-improving long-term memory with consolidation |
| AdvancedMemorySystem | 5-tier storage (reflex, working, episodic, semantic, procedural) |
| MemoryOrchestratorV2 | Unified interface across all memory tiers |
| Component | Core | Seed Reflections | Enterprise |
|---|---|---|---|
| SigningServiceClient | ✓ | ✓ | ✓ |
| DataEncryptor | — | ✓ | ✓ |
| AccessAuditLog | — | ✓ | ✓ |
| IntegrityValidator | — | — | ✓ |
| ExecutionGraph | — | — | ✓ |
| Full scia_memory | — | — | ✓ |
The SRT-1 engine exposes a local HTTP API on port 7483. The developer dashboard and mobile PWA communicate through these endpoints.
| Endpoint | Returns |
|---|---|
| GET /status | Full engine state: manifest summary, trust chain, enforcement stats, uptime |
| GET /manifest | Complete code manifest JSON |
| GET /seeds | All seeds in the queue with lifecycle stage |
| GET /enforcement | Active blocks, compliance scorecard, violation history |
| Endpoint | Body | Action |
|---|---|---|
| POST /task | {"task": "..."} | Plant a seed and optionally dispatch |
| POST /operation | {"description": "..."} | Log an operation with enforcement check |
| POST /enforcement/resolve | {"event_id": "..."} | Mark a violation as resolved |
| POST /enforcement/override | {"event_id": "...", "reason": "..."} | Override with justification (signed) |
| POST /blueprint | {"seed": "..."} | Generate implementation blueprint from seed |
All enforcement responses include a _provenance field when the signing service is connected — cryptographic proof of the action.