Skip to content

Releases: bm1016bm-svg/evidrift

Evidrift v0.3.2

Choose a tag to compare

@github-actions github-actions released this 17 Jul 07:22
6ece747

What's Changed

Full Changelog: v0.3.1...v0.3.2

Evidrift v0.3.1

Choose a tag to compare

@github-actions github-actions released this 17 Jul 05:50
113162c

Code compiles. APIs drift.

Evidrift v0.3.1 makes the real failure path visible before asking anyone to configure a repository.

Evidrift demo: a TypeScript signature passes, changes, and fails deterministically

Try it

Run the complete PASS-to-FAIL fixture without a global install:

npx --yes evidrift@0.3.1 demo

Pin it in a repository or CI workflow:

npm install --save-dev evidrift@0.3.1
npx evidrift init

No Evidrift account, API key, cloud backend, package-code execution, or LLM judge is required.

The case this release demonstrates

A dependency changes one declaration from:

parseConfig(input: string, options?: ParseOptions): ParseResult

to:

parseConfig(input: string, options: ParseOptions): ParseResult

The existing consumer already passes options, so TypeScript still compiles. Evidrift recomputes the recorded external contract and reports the old signature, current signature, affected line, Receipt ID, and a deterministic FAIL contract_mismatch.

Read the complete, reproduced case: TypeScript compiles, but the dependency signature has drifted.

What changed in v0.3.1

  • Added a zero-install, self-contained evidrift demo path.
  • Added a real 1200×675 GIF rendered from the captured deterministic CLI transcript.
  • Added a static GitHub Pages discovery site, FAQ, llms.txt, canonical metadata, robots.txt, and sitemap.
  • Made bare invocation and evidrift init print concrete demo, agent, commit, and CI next steps.
  • Aligned CLI, npm, GitHub, and MCP Registry metadata on 0.3.1.

Verification behavior and the Receipt schema did not change in this release.

Release map

Boundary

Evidrift does not prove runtime correctness or decide whether a dependency change is good. It checks that a deterministic TypeScript or repository-local JSON contract previously recorded for an affected line still matches.

Evidrift v0.3.0

Choose a tag to compare

@github-actions github-actions released this 16 Jul 09:17

Code compiles. APIs drift.

Evidrift is the evidence lockfile for AI coding agents. v0.3 records the exact TypeScript overload selected at a real call site, or an exact value inside a repository-local JSON contract, then recomputes that evidence in CI.

No account. No cloud. No LLM judge. No package code execution.

Try it

npx --yes evidrift demo

The demo records an optional TypeScript parameter, verifies it, changes the dependency signature on purpose, and reports the deterministic mismatch with the claim, expected and current signatures, affected code location, Receipt ID, and next action.

What landed in v0.3

  • Call-site overload resolution — point --code at the real call and TypeScript selects the overload that code actually uses. --overload remains an explicit fallback for incomplete call sites.
  • JSON Pointer evidence — lock a value from repository-local OpenAPI JSON or JSON Schema with RFC 6901 pointers, including ~1 and ~0 escapes.
  • One verification core — CLI and STDIO MCP tools create and revalidate the same content-addressed Receipts.
  • Fail closed on deterministic mismatch — changed or missing selected contracts fail CI; unrelated source changes remain warnings.

The failure is reviewable

FAIL contract_mismatch sha256:...
Claim: parseConfig accepts an optional options parameter used by the demo.
Expected signature: parseConfig(input:string,options?:ParseOptions):ParseResult
Current signature: parseConfig(input:string,options:ParseOptions):ParseResult
Affected code location: app/src/index.ts:3
Action: Review the dependency change and affected code, then intentionally record a new receipt.

Trust boundary

Evidrift recomputes evidence from installed TypeScript declarations or repository-local JSON. Receipt files are treated as untrusted input. It does not fetch URLs, run shell commands, execute dependency JavaScript, or ask an LLM to decide whether CI should pass.

It does not prove runtime correctness or eliminate AI hallucinations. It proves evidence integrity and reports deterministic contract drift.

Evidrift v0.2.0

Choose a tag to compare

@github-actions github-actions released this 16 Jul 07:10
ef0c2d3

Code compiles. APIs drift.

Evidrift v0.2 lets a coding agent record one explicit TypeScript overload as a content-addressed Receipt, then makes CI resolve the installed dependency and recompute that contract before merge.

Try the entire PASS → deterministic FAIL loop:

npx --yes evidrift@0.2.0 demo

What shipped

  • Explicit 1-based --overload selection in the CLI and MCP tool.
  • Stable revalidation when declarations are reordered or unrelated overloads are added.
  • Deterministic failure when the selected signature changes or disappears.
  • A cross-file type-alias boss fight covered by automated acceptance tests.
  • evidrift mcp, so registries and agents launch the same core used by the CLI.
  • npm Trusted Publishing with OIDC provenance and an official MCP Registry entry.

No account. No cloud backend. No package JavaScript execution. No LLM judge in CI.

Boundaries

This release does not infer an overload from a call site, deeply expand every alias, implement json.pointer, or prove runtime correctness. It also has no dashboard, cloud service, or semantic LLM gate.

Evidrift v0.1.0

Choose a tag to compare

@bm1016bm-svg bm1016bm-svg released this 15 Jul 06:10

Evidrift is the lockfile for AI assumptions.

Included

  • Deterministic ypescript.symbol Evidence Receipts
  • CLI: init,
    ecord, check, diff, explain, and demo
  • Local STDIO MCP server sharing the CLI verification core
  • Integrity checks for untrusted Receipt input
  • Reproducible PASS-to-FAIL signature-drift demo

Install

�ash npx --yes evidrift init npx --yes evidrift demo

Published package: https://www.npmjs.com/package/evidrift/v/0.1.0