Integrations

One receipt format. Every platform. AIIR produces verifiable, content-addressed receipts whether you run it locally, in CI, or through an AI coding assistant.

CI/CD Platforms

AIIR ships native integrations for GitHub Actions and GitLab CI/CD, plus ready-to-use YAML templates for Azure Pipelines, Bitbucket, CircleCI, and Jenkins. Receipts are generated at build time and stored as pipeline artifacts — no external service required.

⚙️ GitHub Actions

Native composite action with SHA-pinned dependencies, OIDC Sigstore signing, and artifact attestation support.

invariant-systems-ai/aiir@v1

🦊 GitLab CI/CD

Published CI/CD Catalog component. One-line include: in your pipeline. Duo Chat integration via MCP.

CI/CD Catalog · Component

🔷 Azure Pipelines

Pipeline template with receipt generation, verification gate, and artifact publishing. Drop into any Azure DevOps project.

YAML template

🪣 Bitbucket Pipelines

Pipe-compatible step definition. Generates receipts and attaches them as build artifacts in Bitbucket Cloud.

YAML template

🔵 CircleCI

Orb-compatible job definition with receipt generation and artifact storage. Works with CircleCI Cloud and Server.

YAML template

🏗️ Jenkins

Declarative pipeline step. Install via pip in your agent, call aiir as a shell step.

Jenkinsfile template

All platforms produce the same receipt format. The AIIR receipt format is platform-independent. A receipt generated by GitHub Actions uses the same schema, verification logic, and content-addressing as one generated by Jenkins or locally. The generator field records which integration produced it. Verify anywhere: aiir verify receipt.json

AI Coding Assistants

AIIR ships an MCP server that works with every major AI coding assistant. Ask your assistant to "receipt the last commit" or "verify the receipt ledger" — it just works.

GitHub Copilot

VS Code MCP integration. Supports org-level MCP registry for enterprise rollout.

Claude

Claude Desktop and Claude Code. One-click MCP server configuration.

Cursor

Native MCP support. Add to your Cursor MCP config and use in any project.

Windsurf

MCP server integration. Works across Windsurf IDE and browser clients.

Continue

Open-source AI assistant. MCP server support via the VS Code Marketplace extension.

Cline

MCP Marketplace compatible. Works with Cline's autonomous coding workflow.

MCP Tools

Seven tools exposed over the standard MCP protocol:

Tool	Description
`aiir_receipt`	Generate a receipt for any commit or range
`aiir_verify`	Verify receipt integrity (content hash + receipt ID)
`aiir_stats`	Ledger statistics — receipt count, AI %, date range
`aiir_explain`	Human-readable verification explanation
`aiir_policy_check`	Evaluate ledger against policy constraints
`aiir_verify_release`	Produce a Verification Summary Attestation (VSA) for CI gates
`aiir_gitlab_summary`	GitLab Duo Chat / MR comment summary with optional SAST data

Install once, use everywhere. pip install aiir installs both the CLI and the MCP server. Run aiir-mcp-server --stdio or configure your assistant with the snippet from Docs.

AI Tools Detected

AIIR detects AI authorship signals from 16+ coding assistants — no configuration needed. Detection works by analyzing commit metadata, trailers, branch names, and authorship patterns.

Tool	Signals checked
GitHub Copilot	Commit trailers, author patterns, branch names
ChatGPT / OpenAI	Commit messages, author metadata
Claude / Anthropic	Author patterns, commit metadata, trailers
Cursor	Author patterns, cursor-specific trailers
GitLab Duo	Duo Code Suggestions, Duo Chat, co-authored-by trailers
Amazon Q / CodeWhisperer	Commit trailers, author metadata
Google Gemini	Author patterns, commit metadata, code assist signals
Devin	Author patterns, co-authored-by trailers, commit metadata
Tabnine	Commit trailers, authorship signals
Codeium / Windsurf	Author metadata, trailers
Sourcegraph Cody	Author patterns, commit metadata
Aider	Commit message prefix patterns
Replit AI	Author patterns, commit metadata
JetBrains AI	Author patterns, commit trailers
Supermaven	Author patterns, commit metadata
bolt.new / Lovable	Author patterns, commit metadata

Detection is best-effort and documented honestly — see Docs for caveats and false-positive handling.

Attestation & Verification

AIIR receipts are designed to feed into the broader software supply chain attestation ecosystem.

in-toto Statements

Verification Summary Attestations (VSA) wrap AIIR results as in-toto v1 Statements. Compatible with SLSA and any in-toto verifier.

Sigstore Signing

Keyless signing via Fulcio + Rekor transparency log. Non-repudiation without key management. Optional — works without signing too.

GitHub Attestations

AIIR SBOMs and attestations integrate with GitHub's gh attestation verify flow and predicate-type filtering.

Policy Engines

AIIR verification results are structured JSON — ready for OPA/Rego policies, Kyverno admission controllers, or any policy-as-code system.

How it fits together

AIIR is both an emitter and a verifier. In a typical deployment:

Developer commits (AI-assisted) →
CI pipeline runs aiir → receipt generated →
Receipt stored as artifact →
aiir verify-release --policy balanced →
VSA attestation produced →
Policy engine evaluates VSA → deploy gate decision

Every step uses the same open format (AIIR Commit Receipt v1). Every step can be verified independently. No vendor lock-in at any point.

Get started

pip install aiir          # CLI + MCP server, zero dependencies
aiir --pretty             # Receipt your latest commit
aiir verify receipt.json  # Verify any receipt

Read the docs → View on GitHub → GitLab Catalog →