SRT-1 Docs
SRT-1 is a 7-stage codebase intelligence pipeline that produces a verified Code Manifest. It gives any AI assistant a ground-truth map of your codebase — with every function tagged by architectural role and risk profile.
Start with the Quickstart to get indexed in under a minute, then read the Architecture guide to understand the pipeline stages.
Guides
⚡ Quickstart
Install, index your first repo, and verify the manifest.
🏗️ Architecture
The 7-stage SCIA pipeline from scan to signed manifest.
🔐 Trust Layer
Integrity hashing, trust chains, and manifest verification.
📖 API Reference
SRT1CodeIndexer class, CLI flags, and manifest schema.
📱 Mobile PWA
Set up the mobile dashboard and remote auth tokens.
🧠 AI Context Injection
How AGENTS.md and CLAUDE.md give AI complete repo comprehension.
🔏 Signing (SeedSignature)
Cryptographic provenance via the signing authority.
📦 SCIA Packages
scia_security and scia_memory — shared infrastructure across tiers.
⚡ Engine API
HTTP endpoints on port 7483 for dashboard and automation.
⚡ Quickstart
Get your first verified Code Manifest in under 60 seconds.
1. Install
pip install srt1-code-indexer
2. Index your repository
srt1-code-indexer --repo_path /path/to/your/repo
3. Verify the manifest
from srt1_code_indexer import SRT1CodeIndexer indexer = SRT1CodeIndexer(repo_path=".") manifest = indexer.index_repository() # Check the manifest integrity print(manifest["integrity"]["manifest_hash"]) # SHA-256 hash
The indexer produces three outputs:
- code_manifest.json — The complete codebase intelligence map
- AGENTS.md — AI context file (auto-consumed by Cursor, Copilot, Claude)
- CLAUDE.md / .cursorrules — Tool-specific context files
🏗️ Architecture
The SCIA (Seed-Class Intelligence Architecture) pipeline processes your repository through 7 deterministic stages. Each stage produces a cryptographically chained output.
Walk directory tree, catalogue files, compute SHA-256 content hashes
AST extraction for Python, regex + structure for JS, Go, Rust, Java, C#, C/C++
Detect duplicate files, overlapping functions, and structural issues
Tag every symbol with architectural role and risk profile
Build SHA-256 chained hash across all pipeline stages
Assemble signed JSON manifest with all intelligence data
Generate AI context files and print integrity verification report
🔐 Trust Layer
Every Code Manifest includes a cryptographic trust chain that proves the manifest was produced by a clean, uninterrupted pipeline run.
Trust Chain Structure
Each pipeline stage appends a chained SHA-256 hash to the trust chain. The final signature combines all 7 stage hashes into a single verifiable root.
# Verify a manifest's integrity import json, hashlib manifest = json.load(open("srt1_code_manifest.json")) integrity = manifest["integrity"] print(integrity["manifest_hash"][:16]) # Integrity hash
Integrity Verification
Every artifact produced by SRT-1 carries an integrity hash — a SHA-256 digest of the full content. If any component has been modified, the hash will not match, detecting tampering or drift.
📖 API Reference
SRT1CodeIndexer
The main class for indexing repositories.
SRT1CodeIndexer(repo_path: str) # Methods .index_repository() # Run full 7-stage pipeline, return verified manifest # The manifest dict contains: manifest["metadata"] # File counts, symbol counts, timestamps manifest["file_manifest"] # SHA-256 hashes for every file manifest["symbol_table"] # Classes, functions, dependencies manifest["curation_report"] # Duplicates and overlaps manifest["reflections"] # Role + risk tags per symbol manifest["trust_chain"] # 7-stage SHA-256 chain manifest["integrity"] # SHA-256 integrity verification
CLI Flags
| Flag | Description | Default |
|---|---|---|
| --repo_path | Path to repository root | . (current dir) |
| --port | Dashboard server port | 7483 |
| --watch | Enable file-watching mode | True |
| --no-serve | Index only, don't start server | False |
📱 Mobile PWA
SRT-1 includes a Progressive Web App that lets you monitor your codebase, plant seeds, and view coherence scores from your phone.
Setup
- Start the SRT-1 middleware:
srt1-code-indexer --repo_path . - Open
localhost:7483/mobileon your phone (same network) - Tap "Install App" to add to your home screen
- Generate a remote auth token from the Admin Dashboard for secure access
The mobile PWA works offline for seed planting and caches the latest coherence snapshot. Live data syncs when connectivity is restored.
🧠 AI Context Injection
When SRT-1 indexes your codebase, it generates context files that give any AI assistant complete comprehension of your repository — without re-reading every file.
Generated Files
| File | Consumed By | Location |
|---|---|---|
| AGENTS.md | Gemini CLI, Jules | repo root |
| CLAUDE.md | Claude Code | repo root |
| .cursorrules | Cursor AI | repo root |
| copilot-instructions.md | GitHub Copilot | .github/ |
| context.md | Any tool (canonical copy) | .srt1/ |
What the Context Contains
Each context file is identical — the same document generated from the manifest. It contains:
- Project Synopsis — plain-English description of the entire codebase
- Codebase Map — every class and function with line numbers, parameters, and docstrings
- Call Flow — cross-file call chains showing who calls what
- Risk Tags —
AUTH_SENSITIVE,FILE_IO,WRITES_TO_DBon every symbol - Curation Warnings — duplicate functions, overlapping code that AI must not recreate
- Enforcement Blocks — active violations AI must resolve before proceeding
When an AI assistant reads this context, it immediately knows your full architecture, patterns, and constraints — without scanning every file. This is the anti-hallucination layer.
🔏 Signing (SeedSignature)
Every artifact produced by SRT-1 is signed by the SeedSignature authority — a standalone cryptographic signing service. Signing provides tamper-proof provenance: proof of what was produced, when, and by whom.
How It Works
SRT-1 calls the signing service through SigningServiceClient from the scia_security package. The service URL is configured via environment variable — no hardcoded references.
from scia_security.signing_client import SigningServiceClient client = SigningServiceClient(os.environ["SCIA_SIGNING_SERVICE_URL"]) result = client.sign({"code_index": "abc123"}, phase="production")
What Gets Signed
| Artifact | Phase | When |
|---|---|---|
| Trust bootstrap entry | bootstrap | Engine startup after indexing |
| Enforcement violations | enforcement | When violations are detected |
| Context documents | context_generation | After AGENTS.md is written |
| Violation resolutions | enforcement_resolve | When developer resolves a block |
| Violation overrides | enforcement_override | When developer overrides with justification |
| Consumer reflections | consumer_reflection | Every Seed Reflections output |
Signature Envelope
Each signed artifact receives a sealed envelope containing a composite SHA-256 hash (content + semantic + timestamp), a unique SCIA-[hash] signature ID, and a chain link to the previous signature. The signing authority verifies via a three-pillar model: content integrity, registry presence, and digest validation.
📦 SCIA Packages
SRT-1 is built on two foundational packages from the Seed-Class Intelligence Architecture. These are shared infrastructure used across all tiers — SRT-1 Core, Seed Reflections, and SRT-1 Enterprise.
scia_security
The security and provenance layer. Provides:
| Class | Purpose |
|---|---|
| SigningServiceClient | Calls the SeedSignature authority to sign artifacts |
| IntegrityValidator | SHA-256 content hashing, tamper detection, file verification |
| DataEncryptor | AES-256-GCM encryption at rest for sensitive data |
| AccessAuditLog | Append-only SQLite audit trail of all actions |
| ExecutionGraph | DAG-based operation tracking across pipeline stages |
scia_memory
The memory and intelligence layer. Provides:
| Class | Purpose |
|---|---|
| ReflexMemory | Fast pattern matching for immediate responses |
| RegenerativeMemory | Self-improving long-term memory with consolidation |
| AdvancedMemorySystem | 5-tier storage (reflex, working, episodic, semantic, procedural) |
| MemoryOrchestratorV2 | Unified interface across all memory tiers |
Tier Access
| Component | Core | Seed Reflections | Enterprise |
|---|---|---|---|
| SigningServiceClient | ✓ | ✓ | ✓ |
| DataEncryptor | — | ✓ | ✓ |
| AccessAuditLog | — | ✓ | ✓ |
| IntegrityValidator | — | — | ✓ |
| ExecutionGraph | — | — | ✓ |
| Full scia_memory | — | — | ✓ |
⚡ Engine API (Port 7483)
The SRT-1 engine exposes a local HTTP API on port 7483. The developer dashboard and mobile PWA communicate through these endpoints.
GET Endpoints
| Endpoint | Returns |
|---|---|
| GET /status | Full engine state: manifest summary, trust chain, enforcement stats, uptime |
| GET /manifest | Complete code manifest JSON |
| GET /seeds | All seeds in the queue with lifecycle stage |
| GET /enforcement | Active blocks, compliance scorecard, violation history |
POST Endpoints
| Endpoint | Body | Action |
|---|---|---|
| POST /task | {"task": "..."} | Plant a seed and optionally dispatch |
| POST /operation | {"description": "..."} | Log an operation with enforcement check |
| POST /enforcement/resolve | {"event_id": "..."} | Mark a violation as resolved |
| POST /enforcement/override | {"event_id": "...", "reason": "..."} | Override with justification (signed) |
| POST /blueprint | {"seed": "..."} | Generate implementation blueprint from seed |
All enforcement responses include a _provenance field when the signing service is connected — cryptographic proof of the action.