Hosted private preview
Sign in with the approved GitHub identity, install the Conformative GitHub App, and choose the repositories the preview may observe.
Open ConformativeConformative derives a single map connecting product intent, implementation, stack, and drift. This guide covers private-preview onboarding, the implemented pre-release local interface, product surfaces, tool contracts, security posture, and availability.
The account-free embedded runtime is implemented; its public npm release is pending.
Every conclusion is tied to a scan, revision, graph, or spec.
Repository changes are proposals until a person authorizes them.
Get started
Hosted access is available to invited and allowlisted teams. The local CLI is implemented and release-tested, but its npm package is not public yet—do not install similarly named packages.
Sign in with the approved GitHub identity, install the Conformative GitHub App, and choose the repositories the preview may observe.
Open ConformativePackage publication is intentionally gated while final installation testing is completed. This page will publish the verified npm command at release.
npm package · not public yetUse the GitHub identity approved for the private preview.
Install the App and select the repositories to observe.
Accept or decline discovered PRD and Spec Kit sources before the first scan.
Run the exact-head scan, then review health, coverage, drift, and next actions.
A project is not shown as clear until a successful full scan has complete enough component, policy, detector, and intent coverage. Partial, stale, failed, or never-scanned evidence stays visibly uncertain.
Mental model
Each surface is a different view or detector over the same repository truth. The architecture deliberately avoids feature-specific copies of features, graphs, policies, or drift.
Feature + SpecLink
What the product promises.
Component + Edge
What the code actually contains.
StackProfile + PolicyRule
What the system relies on and allows.
DriftEvent + ProposedChange
Where evidence and claims diverge.
DriftEvent. Repository fixes flow through ProposedChange. Approval records authorization; only repository evidence and a confirming scan can establish a merge and resolution.Feature 01
Driftguard compares repository reality with normalized claims from agent context files. Deterministic checks run without an LLM; optional semantic analysis works over minimal derived context.
Feature 02
Cockpit turns the shared model into a PM-legible operating surface. It presents uncertainty explicitly and keeps every decision linked to its underlying evidence.
Safety verdict, freshness, coverage, recent change, and ranked next actions.
Architecture areas first, then files, symbols, relationships, intent, owners, policies, and risk.
Filterable context, intent, stack, and policy drift with status history and proposals.
Confirmed product intent, accepted implementation links, conformance, and archival.
Transition-backed opened/resolved history, MTTR, and scan-health evidence.
Constrained questions over features, current drift, and history—never free-form SQL.
Feature 03
Conformance asks whether accepted implementation still satisfies confirmed product intent. It reuses the same graph, event, proposal, transition, and notification machinery as context drift.
Feature 04
Guardrail gives coding agents a project-scoped read of the same map before they change code. Local stdio is part of the Community workflow; managed remote transport is called out separately.
Operate
Later product surfaces add timing, delivery, intake, and editor context without inventing new truth models.
Plans
Pro labels appear here to make deployment and plan choices explicit. Detectors remain plan-agnostic; hosted entitlements gate managed-service invocation.
Context-file drift detection and reviewable corrective changes.
Evidence-backed overview, semantic map, risks, features, trends, and policies.
Intent-to-implementation checks over confirmed product specifications.
Blast radius, stack policy, context, and proposed context updates on your machine.
Webhook-driven and hourly reconciled scans of connected GitHub projects.
entitlement: continuous_scans
Organization-scoped MCP over the managed HTTP transport.
entitlement: remote_mcp
Hosted LLM-assisted claim normalization, spec linking, and intent verdicts over derived context.
entitlement: semantic_analysis
Review and decide proposed changes from the API and Instrument.
entitlement: approvals
A playable, feature-scoped history derived from scans and drift transitions.
entitlement: story
Instant and digest notifications from the shared drift event spine.
entitlement: notifications
Append-only organization history for consequential user, token, and system actions.
entitlement: audit_history
Community: 1 project, 1 seat, 25 scans/month, no remote MCP calls.
Pro: 25 projects, 10 seats, 5,000 scans/month, 50,000 MCP calls/month.
Reference
This is the implemented local CLI surface. Its npm package is not public yet; these commands become available when the verified package is published.
| Command | Purpose |
|---|---|
| start [--no-open] | Start the daemon, database, Cockpit, and guided first run. |
| add <path> | Register, scan, and wire a project into supported tools. |
| scan <name> | --all | Run a serialized full scan at an immutable local snapshot. |
| list | Show tracked projects and recorded drift counts. |
| mcp [name] | Start the project-scoped stdio MCP server. |
| doctor | Read-only diagnostics for the runtime, projects, hooks, and MCP wiring. |
| remove <name> [--purge] | Unwire and stop tracking one project. |
| stop | Stop the daemon and its Cockpit child. |
| uninstall --yes | Remove Conformative-owned hooks, MCP entries, and local state. |
Reference
Every tool resolves a repository inside the authenticated organization or local project scope. Policy denials can join the same event stream; repository writes still become proposals.
Traverse graph edges from a file or `path#symbol` and report affected components and Features.
Check a proposed dependency or stack change against derived PolicyRules.
Return bounded stack, conventions, policies, and health context for an agent.
Create a reviewable context proposal without writing to the repository.
Reference
The versioned API is the contract used by Instrument. Send a per-organization `cf_` bearer token and, where relevant, a `repo` query parameter.
Authorization: Bearer cf_<token>
X-Conformative-Api: v1GET /api/v1/featuresFeature intent and accepted implementation links.
GET /api/v1/driftOrganization-scoped drift feed.
GET /api/v1/blast-radiusEvidence-backed impact analysis.
GET /api/v1/healthConservative project-health contract.
GET|POST /api/v1/approvalsProApproval queue and decisions.
GET /api/v1/storyProWindowed project storyline.
Cacheable reads return an ETag and honor If-None-Match. Authentication failures return 401; cross-organization repositories are indistinguishable from missing repositories; unavailable entitlements return 403 with an upgrade hint.
Reference
Most users can start with no configuration. These are the main controls used when operating or extending the platform.
Repository policy for Gatekeeper mode and severity threshold, feature issue label, and issue lifecycle behavior.
gate: report
severityThreshold: medium
featureLabel: featureLocal source and packaged runtimes can use their own `ANTHROPIC_API_KEY`; managed hosted semantic analysis requires Pro. `LLM_DISABLED` and `LLM_MAX_CALLS` provide controls. Raw files are not sent by default.
`CONFORMATIVE_HOME` changes local state; `CONFORMATIVE_COCKPIT_PORT` changes the preferred port; `CONFORMATIVE_SWEEP_MINUTES=0` disables sweeps.
`CONFORMATIVE_MODE=hosted` enables fail-closed membership and managed-service gates. Auth, GitHub App, billing, and private service tokens are operator configuration.
Trust
Conformative makes uncertain evidence visible, keeps tenant boundaries explicit, and minimizes the authority granted to automation.
Semantic steps receive minimal derived summaries rather than whole source files by default.
Scans and approvals do not imply a merge. A confirming repository observation establishes resolution.
Membership, project queries, REST tokens, and remote MCP sessions are organization-confined.
MCP and invitation tokens are hashed at rest and plaintext is shown only once.
Missing hosted auth, membership, billing, or private service configuration never grants elevated access.
Core pages are server-rendered, keyboard operable, color-independent, reduced-motion aware, and covered by axe.
Help
Start with the evidence Conformative already records. Avoid treating a missing result as a clean result.
From a source checkout, run `pnpm --filter @conformative/cli conformative doctor`. After the npm release, run `conformative doctor` through the verified package. Check daemon and Cockpit liveness, then inspect the reported log path.
Open Overview and inspect coverage. Confirm intent, link uncovered Features, and rerun a successful full scan.
Verify the API key and controls. A disabled, exhausted, or malformed semantic pass cannot resolve earlier semantic evidence.
Run `doctor`, then re-run `add <path>`. Conformative preserves existing tool configuration and reports manual wiring when needed.
Refresh GitHub access, verify the installation and repository identity, then retry the exact-head scan from onboarding.
Return to the quickstart or open the Cockpit.