01
Human-gated by design
The Coordinator remains the load-bearing actor. Models propose, review, and verify; humans approve advancement through each gate.
Pre-release workflow tool
Structure for vibe coding.
Anvil is a human-gated workflow for AI-assisted development: adversarial cross-vendor review at every gate, provenance on every artifact, and explicit discipline for moving from idea to shipped code.
AI coding done with gates, not guesswork.
Anvil is not trying to be another coding agent. It is the workflow around agents: the structure that makes output reviewable, attributable, and shippable.
02
Adversarial review
Artifacts are reviewed by models from different families before they advance, reducing single-model blind spots and rubber-stamped output.
03
Provenance everywhere
Audit records and provenance graphs make the reason behind every decision visible instead of burying it in chat history.
Discuss → Plan → Build → Ship.
The workflow is the product. Each stage creates explicit artifacts, review packets, dispositions, approvals, and an audit trail.
Discuss
Use an Interlocutor session to clarify the project, surface requirements, and render a Charter packet.
Plan
Generate a phased plan with dependencies, acceptance criteria, hinge tests, and evaluation impacts.
Build
Execute each phase through Coder implementation, review briefing, reviewer findings, verification, and disposition.
Ship
Advance only when gates are satisfied, rollback paths are known, and provenance remains intact.
CLI-first architecture with an app-ready core.
Anvil v1 is planned as a Rust CLI with a Go sidecar for provider integration. The Vault is designed as a clean Rust library so a future app can consume the same workflow engine.
CLI: anvil
Subcommand dispatch, setup wizard, workflow gates, status, audit, metrics, and ship surfaces.
Vault: anvil-core
State machine, audit store, provenance graph, policy enforcement, and frontend-independent trust boundaries.
Contract: gRPC / protobuf
Versioned schema between Vault and sidecar with mandatory handshake and typed error classes.
Sidecar: Go daemon
Workspace-scoped provider adapter process for Anthropic, OpenAI, Google AI Studio, and future providers.
Trust boundaries that hold.
The plan locks several implementation rules as hard constraints, not aspirations. They keep the workflow from becoming another unstructured agent loop.
No partial commits
The Vault never commits artifacts or audit state from partial or invalid sidecar output. Only final, valid results can advance state.
Stateless sidecar
The sidecar holds no persistent application-layer memory between calls. Session context and authority live in the Vault.
Frontend is not authority
CLI today and app tomorrow are UI surfaces. The Vault enforces invariants regardless of where input originates.
Built as a phased system.
The implementation plan decomposes v1 into fifteen phases: bootstrap, configuration, audit/provenance, contract, sidecar, setup, workflow stages, ship/rollback, metrics, hinge tests, and dogfooding documentation.
Status: pre-release
The repository describes Anvil as pre-release. The plan separates implementation completion from public-ship evidence: live dogfooding, an external pilot, and release packaging remain explicit public-ship gates.
Primary v1 deliverable
Experienced developers using terminal workflows first: a CLI surface where gates, findings, approvals, and artifacts are explicit files and commands.
P0 BootstrapP1 ConfigP2 AuditP3 Contract + SidecarP4 SetupP5 CharterP6 Review RotationP7 PlanP8 BuildP9 ShipP10 Metrics + HingeP11 Dogfooding