Install

Get Started

All open-source packages are Apache 2.0. No license keys. No telemetry. No expiration. Start with guardspine-kernel and add components as needed.

# Quickest start - just the kernel
npm install @guardspine/kernel

guardspine-kernel

Trust anchor - start here

GitHub →

Install

npm install @guardspine/kernel

Requires: Node.js 18+

What You Get

  • sealBundle() - create tamper-evident evidence bundles
  • verifyBundle() - offline integrity validation
  • computeContentHash() - SHA-256 from canonical JSON (RFC 8785)

Quick Start

import { sealBundle, verifyBundle } from '@guardspine/kernel';

const bundle = sealBundle([
  { item_id: 'review-1', content_type: 'approval', content: { decision: 'approved', approver: 'alice' } },
  { item_id: 'diff-1', content_type: 'diff', content: { file: 'main.ts', hunks: ['+line1'] } },
]);

const result = verifyBundle(bundle);
console.log(result.valid); // true

guardspine-verify

CLI verifier

GitHub →

Install

pip install guardspine-verify

Requires: Python 3.9+

What You Get

  • Verify any evidence bundle from the command line (JSON or ZIP)
  • Python API: verify_bundle(path) and verify_bundle_data(dict)
  • Checks: hash chain, root hash, content hashes, signatures, sequence, AI provenance
  • Zero network calls - fully offline

Quick Start

# Verify a bundle file
guardspine-verify bundle.json

# Verify a ZIP export
guardspine-verify bundle.zip

# Verbose output with JSON format
guardspine-verify bundle.json --verbose --format json

# Exit codes: 0=verified, 1=failed, 2=invalid input

guardspine-adapter-webhook

Evidence bundle delivery to Slack, Teams, Discord

GitHub →

Install

npm install @guardspine/adapter-webhook

Requires: Node.js 18+

What You Get

  • Deliver evidence bundles to Slack, Teams, Discord, and custom endpoints
  • Ingest webhooks from GitHub (HMAC-SHA256), GitLab (token), or custom sources
  • Automatic risk tier inference from labels and file paths
  • Extensible WebhookProvider interface for custom sources

Quick Start

import { WebhookHandler, GitHubProvider, BundleEmitter } from '@guardspine/adapter-webhook';

const handler = new WebhookHandler([new GitHubProvider({ secret: process.env.GH_SECRET })]);
const emitter = new BundleEmitter({ defaultRiskTier: 'L1' });

// In your webhook handler:
const event = handler.handle(headers, body);
const bundle = emitter.emit(event);

guardspine-local-council

Local AI review - no cloud

GitHub →

Install

pip install guardspine-local-council

Requires: Python 3.10+, Ollama

What You Get

  • Multi-model code review councils using local Ollama
  • No API keys, no tokens, no data leaves your network
  • Confidence-weighted majority voting with quorum enforcement

Quick Start

from guardspine_local_council import LocalCouncil, OllamaProvider, SimpleAggregator

council = LocalCouncil(
    providers=[OllamaProvider("llama3.1"), OllamaProvider("codellama"), OllamaProvider("mistral")],
    aggregator=SimpleAggregator(quorum=3, consensus_threshold=0.66),
)

result = council.review("Review this diff for security issues:\n" + diff_text)
print(result.decision, result.confidence)

rlm-docsync

Self-updating docs with proofs

GitHub →

Install

pip install rlm-docsync

Requires: Python 3.9+

What You Get

  • Spec-first mode: docs as truth, detect code violations
  • Reality-first mode: code as truth, auto-update docs
  • SHA-256 hash-chained evidence packs with manifest snapshots

Quick Start

# Run docsync with a manifest (spec-first or reality-first)
docsync run --manifest guardspine.docs.yaml

# Verify an evidence pack's hash chain
docsync verify --pack evidence-pack.json

n8n-nodes-guardspine

n8n workflow nodes

GitHub →

Install

npm install n8n-nodes-guardspine

Requires: n8n instance

What You Get

  • GuardSpine Gate node - evaluate artifacts against rubrics
  • Beads Create node - create work items in the task spine
  • Pass/Block routing based on risk tier

Quick Start

// In your n8n instance:
// 1. Install: npm install n8n-nodes-guardspine
// 2. Add GUARDSPINE_API_KEY credential
// 3. Set Base URL to your GuardSpine API
// 4. Drag "GuardSpine Gate" node into workflow
// 5. Connect Pass output to next step, Block to error handler

guardspine-connector-template

Build custom connectors

GitHub →

Install

git clone https://github.com/DNYoussef/guardspine-connector-template && pip install -e .

Requires: Python 3.9+

What You Get

  • BaseConnector abstract class for integrating any document source
  • AsyncIterator-based change watching with get_diff()
  • BundleEmitter helper for evidence bundle creation
  • Example connectors: GitHub, SharePoint, Jira, Slack

Quick Start

from guardspine_connector import BaseConnector, BundleEmitter

class MyConnector(BaseConnector):
    async def watch_changes(self):
        # Yield ChangeEvent objects from your source
        ...

    async def get_diff(self, event):
        # Return diff dict for a change event
        ...

    async def get_artifact_metadata(self, artifact_id):
        # Return metadata for an artifact
        ...

Next Steps

Full API Reference

Detailed docs for every function and type.

Open-Core Model

What's open, what's premium, and why.

Artifacts

Spec PDFs, schemas, and executive research.

Enterprise Demo

See the full governance engine in action.