Sigil Logic HOARDE
The AI platform for rigorous engineering.
HOARDE brings formal methods to your most critical systems, so every change is traceable and correct.
Want a walkthrough? Request a demo.
Verification throughout
HOARDE keeps verification tools, review outcomes, requirements, contracts, tests, proofs, and evidence aligned.
Evidence by default
Every serious change leaves a trail: what changed, which checks ran, what failed, and whether the work is ready to merge.
Formal methods, connected
Built on a rigorous-engineering methodology refined over decades on nationally critical systems.
The Issue
More code. Less assurance.
LLMs write more of the codebase every week. Review queues, test suites, and CI pipelines were sized for human throughput. They are now downstream of a machine.
HOARDE is engineered around the principle that the assurance case has to keep pace with the code, however it gets written. The code is not done until the evidence is done.
What HOARDE Is
Hierarchical Orchestration of Autonomous Rigorous Digital Entities
HOARDE wraps AI-assisted engineering in a methodology built for rigor.
It coordinates formal methods, specialist AI review, and the assurance artifacts that make your system correct and maintainable.
HOARDE produces the case for why your code works: requirements, design intent, contract checks, test evidence, proof results where appropriate, provenance, and thorough reviews on every pull request.
Three Pillars
AI-assisted engineering made trustworthy
HOARDE keeps the assurance picture current.
Formal methods, visible only when needed.
Verification throughout
Formal methods are plural. Some properties belong in contracts. Others in model checkers, solver-backed languages, theorem provers, or protocol analyzers.
HOARDE routes each piece of work to the right class of tool. Where formal proof isn't the right instrument, HOARDE helps you make the strongest available assurance argument.
The audit trail is produced as the work happens.
Evidence By Construction
Every HOARDE action leaves a provenanced record: what was done, by which agent, against which artifact, with which tool, and with what result.
Bidirectional traceability between domain models, requirements, architecture, design, code, tests, and proofs stays current. The artifacts an auditor would ask for get produced while the context is still fresh.
Defined roles, traceable findings, explicit dispositions.
AI-Augmented Review
Specialist AI review examines changes across code quality, contract coverage, methodology conformance, traceability, test adequacy, and more.
HOARDE reconciles those reviews into fixes, follow-up issues, or explicit rejections with rationale.
NINJA
Non-Intrusive Judicious Assurance
Formal methods, invisible.connected.
HOARDE inherits the disposition of "Secret Ninja Formal Methods": "invisible to the user, except to report that something is not right."
Citation: NIST IR 8151, Dramatically Reducing Software Vulnerabilities, 2016.
NINJA is a refinement-centered methodology that combines applied formal methods with model-based engineering. It builds systems from intent to implementation as linked layers, without losing the thread.
NINJA gives HOARDE its operating discipline: connected refinement, rigor calibrated to risk, and artifacts that are checked because they are part of the system.
Formal methods, connected.
| # | Block | Description |
|---|---|---|
| 1 | DOMAIN | Concepts, relationships, invariants |
| 2 | REQUIREMENTS | Obligations & observable scenarios |
| 3 | PRODUCT LINE | Valid variability, rejectable configs |
| 4 | ARCHITECTURE | Components, interfaces, quality intent |
| 5 | DESIGN | Contracts, pre/post, invariants |
| 6 | DEVELOPMENT | Implement with trace & contract checks |
| 7 | SECURITY | Trust boundaries, adversary-aware |
| 8 | V & V | Continuous verification against obligations |
| 9 | Evolution | Traceable change, isolated impact, preserved knowledge |
A connected chain
Each NINJA layer refines the one above and is refined by the one below. A change anywhere in the chain becomes visible everywhere it matters.
Rigor on a dial
Heavyweight verification where risk demands it. Lighter structured assurance where it doesn't. The practice scales to what you're building.
Load-bearing artifacts
A NINJA artifact is a structural artifact, referenced by another layer, checked by a tool, refined into the next level of detail, or traced through the chain.
Pull Request Quality Gate
On every pull request: the full assurance picture.
HOARDE reports merge-readiness across six dimensions: contracts, coverage, traceability, documentation, specification consistency, and proof coverage.
The quality report sits alongside the traceability matrix, and the evidence record. It's built for the reviewer working the PR today and the auditor a year from now.
| Dimension | Green | Amber | Red |
|---|---|---|---|
| Contract pass rate | 100% | 90-99% | Below 90% |
| Code coverage | 91-100% | 71-90% | 70% or below |
| Traceability | 100% | 90-99% | Below 90% |
| Documentation | 95-100% | 80-94% | Below 80% |
| Spec consistency | Required consistency checks pass | Warnings or deferred checks have owners | Unresolved contradiction or failed required check |
| FM proof coverage | Required proof obligations discharged or explicitly waived | Known gaps are recorded and accepted for this change | Required obligation missing, failing, or unaccounted for |
Numeric thresholds are project-configurable. The values shown are the canonical NINJA defaults. Specification consistency and proof coverage are configured gates.
Everyday Workflows
What HOARDE does in the workday.
The formal-methods machinery stays close to the work engineers already do.
When you open a pull request
HOARDE coordinates specialist review across all artifacts. Findings are reconciled into fixes, follow-up issues, or explicit rejections with rationale.
When a spec changes
HOARDE identifies the affected requirements, architecture, design contracts, code or tests. Broken links surface while the context is still fresh.
When you expose a public API
HOARDE checks for stated promises: preconditions, postconditions, invariants, runtime enforcement, and trace links back to the design.
Before merging the pull request
HOARDE produces stoplight results across contract pass rate, coverage, traceability, documentation, spec consistency, and proof coverage.
How It Fits Your Stack
Designed to fit the stack serious teams already have.
Multi-vendor by architecture, local-first by design, embedded in the collaborative development environments where engineering work already happens.
Multi-vendor by architecture
No single model family owns the review. HOARDE coordinates specialized agents with distinct review responsibilities, backed by a plethora of deterministic checkers.
Local-first path
HOARDE supports local workflows and open-weight models for IP-sensitive work. Restricted-environment and air-gapped topologies are part of the core architecture.
Bring your own coding agent
Use HOARDE directly, or expose HOARDE's methodology, toolset, and evidence services to the AI platforms your team already uses.
Lives in your repositories
HOARDE can interact through Github issues, pull requests, project metadata, and comments. Support for additional CDEs is in progress.
Deployment Path
Built for places where ordinary AI tools cannot go.
For the most sensitive environments, HOARDE is designed around local control, constrained capabilities, open standards, and deployment paths built for regulation. The architecture supports managed service, enterprise, and air-gapped topologies without assuming cloud access.
Open-weight local models are first-class in the design, so teams in IP-sensitive, regulated, or restricted environments have a path that doesn't depend on sending their work to a public model endpoint.
Workstation
Local developer workflow, user-controlled credentials, CLI and CDE integration.
Cloud
Sigil-hosted services for teams participating as active design partners.
Enterprise path
Team-scale orchestration, policy, evidence, and administration.
Air-gapped path
Local-only operation with open-weight models and self-hosted development infrastructure.
Cryptography Showcase
We start with cryptography.
The bar is high there for a reason.
HOARDE's bundled cryptography pack demonstrates natural-language orchestration of formal tools, solver results, and evidence generation. A cryptography engineer can use HOARDE to produce formally assured cryptographic code, with the right formal tools brought in where appropriate.
Private demos are available by request.
Request A Demo
Bring evidence into the AI-assisted workflow.
See HOARDE on a project that looks like yours.
HOARDE is in active development with teams that need traceability, verification, and defensible engineering records. If you're building software where correctness, security, or auditability matter, request early access.
Want a walkthrough? Request a demo.