Security-aware spec-driven development for AI agents.
SpecIA covers the full spectrum — from a 15-second PR scan to a complete compliance workflow with state persistence and audit trails:
| Mode | Command | Use Case | Cost |
|---|---|---|---|
| Quick scan | specia scan --last-merge |
PR review, zero setup | ~$0.01 |
| Lite review | vt-review-lite skill |
Quick STRIDE check, no Node needed | ~$0.009 |
| Lite audit | vt-audit-lite skill |
Static post-impl check | ~$0.020 |
| Full workflow | specia new → … → specia done |
Release gate, compliance | ~$0.35 |
git clone https://gitlab.veritran.net/appsec/specia.git
cd specia/full
./install.shInstalls the specia CLI binary plus all skills/agents for your AI editor (Copilot CLI, Claude Code, OpenCode, or VS Code).
No Node.js? Copy
full/skills/copilot/vt-review-lite/SKILL.mdorvt-audit-lite/SKILL.mddirectly into your AI editor's skills folder — no build required.
To enable the optional MCP server:
./install.sh --mcpSee full/README.md for detailed setup.
cd your-project
specia scan --last-merge # scan last merged PR in this repo
specia scan --pr <url> # fetch + scan a GitHub PR or GitLab MR by URL
specia scan --diff main..HEAD # scan any diff rangeScans auto-call Claude/GPT if an API key is set, save results to /tmp/specia-scans/, and store findings to Alejandría memory if available.
Add a .speciaignore file in your project root to exclude lock files, generated code, etc.:
*.lock
dist/**
node_modules/**
specia history # weekly findings trend (last 90 days)
specia history --since 30d --format jsonAsk your AI agent:
Run vt-review-lite on oauth-spec.md
Returns a BLOCK/WARN/PASS recommendation in ~15 seconds.
cd your-project
specia init
# Start a new change
specia new add-oauth-login
# Follow the workflow
specia continue # Runs: propose → spec → review → tasks
specia apply # Implements code (via vt-apply agent)
specia audit # Verifies implementation
specia done # Archives changeSee full/README.md for detailed documentation.
specia/
├── full/ # SpecIA (CLI + MCP server + all skills)
│ ├── agents/ # Copilot, Claude Code, OpenCode agents
│ ├── skills/ # All skills (includes vt-review-lite, vt-audit-lite)
│ ├── src/ # TypeScript CLI + MCP server
│ ├── test/ # 812 tests
│ └── install.sh # Installer
│
├── ci-templates/ # GitHub Actions + GitLab CI templates
│
├── docs/ # Architecture, workflow, migration guides
│
└── lite/ # ⚠️ Deprecated — skills moved to full/skills/copilot/
- Full README — Complete SpecIA documentation
- Workflow Guide — Complete workflow explanation with security focus
- v1 → v2 Migration Guide — Upgrade path, token economics, ROI analysis
- Guardian Layer 4 — Spec-aware validation deep dive
- Troubleshooting — Common installation issues and fixes
- CHANGELOG — Release notes
MIT — See LICENSE
See CONTRIBUTING.md
- Issues: GitLab Issues
- Discussions: GitLab Discussions
Current: v2.6.0 — See CHANGELOG.md for release history.