GitHub - Neelagiri65/equiv: Deterministic checker for behaviour-preserving code changes. Signed, re-runnable receipts; PR gate; single static binary. · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

Neelagiri65

equiv

Public

Notifications<br>You must be signed in to change notification settings

Fork

Star

Use this GitHub action with your project<br>Add this Action to an existing workflow or create a new one<br>View on Marketplace

main

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>5 Commits<br>5 Commits

.github/workflows

.github/workflows

assets

assets

conformance/valid

conformance/valid

crates

crates

docs

docs

examples

examples

scripts

scripts

.equiv-review

.equiv-review

.equiv-review.example

.equiv-review.example

.gitignore

.gitignore

AGENTS.md

AGENTS.md

Cargo.lock

Cargo.lock

Cargo.toml

Cargo.toml

LICENSE

LICENSE

README.md

README.md

action.yml

action.yml

View all files

Repository files navigation

equiv

An LLM should not be the only thing reviewing LLM-written code.

equiv runs a changed function against its previous version on the same<br>deterministically generated inputs and reports whether the behaviour changed. If<br>it did, you get the exact input where they differ. Either way you get a<br>reproducible, signed receipt: re-run the check on any machine and you get the same<br>answer, byte for byte, without trusting any model's opinion.

Most code is now written by AI and reviewed by AI. A model saying "this looks<br>fine" is not verification. A deterministic check you can re-run yourself is.

Quickstart: the PR gate

List the functions whose behaviour must be preserved across a PR in a manifest<br>at the repository root. The format of each line is<br>: : , where arg types are int, str, or<br>list[int], comma separated:

src/math.py : total : int

Add the workflow at .github/workflows/equiv-review.yml:

on: pull_request<br>permissions: { contents: read, pull-requests: write, id-token: write }<br>jobs:<br>review:<br>runs-on: ubuntu-latest<br>steps:<br>- uses: actions/checkout@v4<br>with: { fetch-depth: 0 }<br>- uses: Neelagiri65/equiv@v0.1.0<br>with: { keyless: "true" }

Pin to a released tag (@v0.1.0) rather than @main so runs are reproducible<br>and do not change under you.

Each PR receives a comment. Every changed function is tested against its version<br>on the base branch. A change that preserves behaviour passes. A change that does<br>not is reported with the input that distinguishes the two versions. That<br>fails the check. Receipts are signed with Sigstore keyless signing, which stores<br>no key. They can be verified with cosign.

CLI

curl --proto '=https' --tlsv1.2 -LsSf \<br>https://github.com/Neelagiri65/equiv/releases/latest/download/equiv-cli-installer.sh | sh

equiv verify-receipt ">equiv review candidate.py reference.py<br>equiv verify-receipt

Exit codes: 0 equivalent, 1 diverges with a printed counterexample, 2<br>could not check.

Scope

equiv checks behavioural equivalence of a function against a reference, on<br>deterministically generated inputs. This is bounded random testing, not<br>exhaustive verification: a pass means no divergence was found on the generated<br>inputs. It can still miss an edge case that only shows up for an input that<br>was not generated. It does not check intent, architecture, security. It<br>cannot judge new functionality that has no reference to compare against. A<br>passing result means behaviour was preserved on the tested inputs. It does not<br>mean the change is correct. Supported input types in this version are int,<br>str and list[int].

How it works

Input generation and the verdict are computed in Rust from a fixed seed. The<br>language runtime is used only as an evaluator and never decides anything that<br>reaches the receipt. Receipts are identical across hosts. Receipts can be<br>signed with a local ed25519 key or with keyless Sigstore (OIDC). The keyless<br>path binds the signature to a verifiable CI identity rather than a stored<br>secret. The tool is a single static binary with no runtime dependencies,<br>prebuilt for macOS, Linux and Windows.

Documentation

docs/signing-model.md: receipt signing with ed25519...