witness
Installation
SKILL.md
Witness — cryptographic fix-regression tracking
The witness toolkit lets you ship every release with a signed manifest that lists every documented fix in your codebase along with a sha256 + marker substring. Anyone with the same git commit can re-derive the public key and verify the signature without a committed private key.
A temporal history (JSONL) tracks how the fix population evolves across releases — so when a regression appears, you can pinpoint the commit that introduced it, not just "it's broken now."
This skill works two ways:
- Inside ruflo — used by ruflo's own CI to gate publishes (see
.github/workflows/v3-ci.ymljobwitness-verify). - In your own project — copy
plugins/ruflo-core/scripts/witness/into your repo, runinit.mjs, register your fixes inwitness-fixes.json, and callregen.mjsfrom your release pipeline.
Quick start (any project)
Related skills
More from ruvnet/ruflo
agent-swarm
Agent skill for swarm - invoke with $agent-swarm
401agent-workflow
Agent skill for workflow - invoke with $agent-workflow
400workflow-automation
>
389agent-arch-system-design
Agent skill for arch-system-design - invoke with $agent-arch-system-design
384security-audit
>
373agent-architecture
Agent skill for architecture - invoke with $agent-architecture
353