Releases: bm1016bm-svg/evidrift
Release list
Evidrift v0.3.2
What's Changed
- docs: add Traditional Chinese release surface by @bm1016bm-svg in #6
Full Changelog: v0.3.1...v0.3.2
Evidrift v0.3.1
Code compiles. APIs drift.
Evidrift v0.3.1 makes the real failure path visible before asking anyone to configure a repository.
Try it
Run the complete PASS-to-FAIL fixture without a global install:
npx --yes evidrift@0.3.1 demoPin it in a repository or CI workflow:
npm install --save-dev evidrift@0.3.1
npx evidrift initNo Evidrift account, API key, cloud backend, package-code execution, or LLM judge is required.
The case this release demonstrates
A dependency changes one declaration from:
parseConfig(input: string, options?: ParseOptions): ParseResultto:
parseConfig(input: string, options: ParseOptions): ParseResultThe existing consumer already passes options, so TypeScript still compiles. Evidrift recomputes the recorded external contract and reports the old signature, current signature, affected line, Receipt ID, and a deterministic FAIL contract_mismatch.
Read the complete, reproduced case: TypeScript compiles, but the dependency signature has drifted.
What changed in v0.3.1
- Added a zero-install, self-contained
evidrift demopath. - Added a real 1200×675 GIF rendered from the captured deterministic CLI transcript.
- Added a static GitHub Pages discovery site, FAQ,
llms.txt, canonical metadata,robots.txt, and sitemap. - Made bare invocation and
evidrift initprint concrete demo, agent, commit, and CI next steps. - Aligned CLI, npm, GitHub, and MCP Registry metadata on
0.3.1.
Verification behavior and the Receipt schema did not change in this release.
Release map
- Changelog for v0.3.1
- npm package:
evidrift@0.3.1 - Complete TypeScript signature-drift case
- Captured CLI transcript
- Live documentation
- MCP Registry package
- Full diff: v0.3.0...v0.3.1
Boundary
Evidrift does not prove runtime correctness or decide whether a dependency change is good. It checks that a deterministic TypeScript or repository-local JSON contract previously recorded for an affected line still matches.
Evidrift v0.3.0
Code compiles. APIs drift.
Evidrift is the evidence lockfile for AI coding agents. v0.3 records the exact TypeScript overload selected at a real call site, or an exact value inside a repository-local JSON contract, then recomputes that evidence in CI.
No account. No cloud. No LLM judge. No package code execution.
Try it
npx --yes evidrift demoThe demo records an optional TypeScript parameter, verifies it, changes the dependency signature on purpose, and reports the deterministic mismatch with the claim, expected and current signatures, affected code location, Receipt ID, and next action.
What landed in v0.3
- Call-site overload resolution — point
--codeat the real call and TypeScript selects the overload that code actually uses.--overloadremains an explicit fallback for incomplete call sites. - JSON Pointer evidence — lock a value from repository-local OpenAPI JSON or JSON Schema with RFC 6901 pointers, including
~1and~0escapes. - One verification core — CLI and STDIO MCP tools create and revalidate the same content-addressed Receipts.
- Fail closed on deterministic mismatch — changed or missing selected contracts fail CI; unrelated source changes remain warnings.
The failure is reviewable
FAIL contract_mismatch sha256:...
Claim: parseConfig accepts an optional options parameter used by the demo.
Expected signature: parseConfig(input:string,options?:ParseOptions):ParseResult
Current signature: parseConfig(input:string,options:ParseOptions):ParseResult
Affected code location: app/src/index.ts:3
Action: Review the dependency change and affected code, then intentionally record a new receipt.
Trust boundary
Evidrift recomputes evidence from installed TypeScript declarations or repository-local JSON. Receipt files are treated as untrusted input. It does not fetch URLs, run shell commands, execute dependency JavaScript, or ask an LLM to decide whether CI should pass.
It does not prove runtime correctness or eliminate AI hallucinations. It proves evidence integrity and reports deterministic contract drift.
Evidrift v0.2.0
Code compiles. APIs drift.
Evidrift v0.2 lets a coding agent record one explicit TypeScript overload as a content-addressed Receipt, then makes CI resolve the installed dependency and recompute that contract before merge.
Try the entire PASS → deterministic FAIL loop:
npx --yes evidrift@0.2.0 demoWhat shipped
- Explicit 1-based
--overloadselection in the CLI and MCP tool. - Stable revalidation when declarations are reordered or unrelated overloads are added.
- Deterministic failure when the selected signature changes or disappears.
- A cross-file type-alias boss fight covered by automated acceptance tests.
evidrift mcp, so registries and agents launch the same core used by the CLI.- npm Trusted Publishing with OIDC provenance and an official MCP Registry entry.
No account. No cloud backend. No package JavaScript execution. No LLM judge in CI.
Boundaries
This release does not infer an overload from a call site, deeply expand every alias, implement json.pointer, or prove runtime correctness. It also has no dashboard, cloud service, or semantic LLM gate.
Evidrift v0.1.0
Evidrift is the lockfile for AI assumptions.
Included
- Deterministic ypescript.symbol Evidence Receipts
- CLI: init,
ecord, check, diff, explain, and demo - Local STDIO MCP server sharing the CLI verification core
- Integrity checks for untrusted Receipt input
- Reproducible PASS-to-FAIL signature-drift demo
Install
�ash npx --yes evidrift init npx --yes evidrift demo
Published package: https://www.npmjs.com/package/evidrift/v/0.1.0
