signed provenance (in-toto / SLSA)AI vs Human attributionN-of-M human gatecross-forge · tamper-evident
👋 Welcome to OpenFab Web
This runs entirely in your browser — it generates a small app, checks it, and produces a signed AI-BOM, with nothing installed. First, add an LLM provider so OpenFab has a model to use. Your API key stays in this browser (it's only sent to the provider you choose).
OpenRouter is the easiest zero-install option.
1 What do you want to build?
Base & mode
Advanced — forge · models · approval policy
The base writes the spec + acceptance criteria, then builds it.
Your apps (each new intent = a new app)
No apps yet — fabricate one above.
2 Live workflow
idle
SpecGenerateVerifySignGate
Click a step to inspect what it produced.
The decision log streams here as the fab works.
3 Try the product & inspect its provenance
▶ Run the software
Try it before you approve.
run a custom command
📦 Publish — the pushed repo is the durable, versioned record
re-run acceptance in the sandbox + re-verify signatures + hash the source — trust nothing, verify everything.
📦 Signed artifact bundle
↻ Refine this app — re-authors the spec & rebuilds (v→v+1)
⚡ Draft — fast iteration, un-attested
Drafts are un-attested — iterate freely; Promote runs the full trust ceremony once.
↻ Refine this draft — describe a change; re-authors the spec & re-drafts