{"slug": "equiv-check-that-an-ai-refactor-did-not-change-what-your-code-does", "title": "Equiv, check that an AI refactor did not change what your code does", "summary": "Equiv, a new open-source tool, checks that an AI refactor did not change what code does by running changed functions against previous versions on deterministically generated inputs and reporting behavioral differences. It provides signed receipts for verification, addressing the need for deterministic checks in AI-written code review. The tool supports int, str, and list[int] inputs and integrates with GitHub Actions.", "body_md": "**An LLM should not be the only thing reviewing LLM-written code.**\n\n`equiv`\n\nruns a changed function against its previous version on the same\ndeterministically generated inputs and reports whether the behaviour changed. If\nit did, you get the exact input where they differ. Either way you get a\nreproducible, signed receipt: re-run the check on any machine and you get the same\nanswer, byte for byte, without trusting any model's opinion.\n\nMost code is now written by AI and reviewed by AI. A model saying \"this looks fine\" is not verification. A deterministic check you can re-run yourself is.\n\nList the functions whose behaviour must be preserved across a PR in a manifest\nat the repository root. The format of each line is\n`<file> : <function> : <arg types>`\n\n, where arg types are `int`\n\n, `str`\n\n, or\n`list[int]`\n\n, comma separated:\n\n```\nsrc/math.py : total : int\n```\n\nAdd the workflow at `.github/workflows/equiv-review.yml`\n\n:\n\n```\non: pull_request\npermissions: { contents: read, pull-requests: write, id-token: write }\njobs:\n  review:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n        with: { fetch-depth: 0 }\n      - uses: Neelagiri65/equiv@v0.1.0\n        with: { keyless: \"true\" }\n```\n\nPin to a released tag (`@v0.1.0`\n\n) rather than `@main`\n\nso runs are reproducible\nand do not change under you.\n\nEach PR receives a comment. Every changed function is tested against its version\non the base branch. A change that preserves behaviour passes. A change that does\nnot is reported with the input that distinguishes the two versions. That\nfails the check. Receipts are signed with Sigstore keyless signing, which stores\nno key. They can be verified with `cosign`\n\n.\n\n```\ncurl --proto '=https' --tlsv1.2 -LsSf \\\n  https://github.com/Neelagiri65/equiv/releases/latest/download/equiv-cli-installer.sh | sh\nequiv review candidate.py reference.py <function> <arg types>\nequiv verify-receipt <signed-receipt-hex>\n```\n\nExit codes: `0`\n\nequivalent, `1`\n\ndiverges with a printed counterexample, `2`\n\ncould not check.\n\n`equiv`\n\nchecks behavioural equivalence of a function against a reference, on\ndeterministically generated inputs. This is bounded random testing, not\nexhaustive verification: a pass means no divergence was found on the generated\ninputs. It can still miss an edge case that only shows up for an input that\nwas not generated. It does not check intent, architecture, security. It\ncannot judge new functionality that has no reference to compare against. A\npassing result means behaviour was preserved on the tested inputs. It does not\nmean the change is correct. Supported input types in this version are `int`\n\n,\n`str`\n\nand `list[int]`\n\n.\n\nInput generation and the verdict are computed in Rust from a fixed seed. The language runtime is used only as an evaluator and never decides anything that reaches the receipt. Receipts are identical across hosts. Receipts can be signed with a local ed25519 key or with keyless Sigstore (OIDC). The keyless path binds the signature to a verifiable CI identity rather than a stored secret. The tool is a single static binary with no runtime dependencies, prebuilt for macOS, Linux and Windows.\n\n`docs/signing-model.md`\n\n: receipt signing with ed25519 and keyless Sigstore.`docs/RELEASING.md`\n\n: building prebuilt binaries with cargo-dist.`crates/`\n\n: the Rust workspace (`equiv-core`\n\n,`equiv-engine`\n\n,`equiv-review`\n\n,`equiv-cli`\n\n).\n\nLicense: Apache-2.0.", "url": "https://wpnews.pro/news/equiv-check-that-an-ai-refactor-did-not-change-what-your-code-does", "canonical_source": "https://github.com/Neelagiri65/equiv", "published_at": "2026-06-13 10:46:39+00:00", "updated_at": "2026-06-13 11:20:26.794198+00:00", "lang": "en", "topics": ["developer-tools", "ai-tools", "ai-safety", "large-language-models"], "entities": ["Equiv", "Sigstore", "GitHub Actions", "Rust", "cosign", "Neelagiri65"], "alternates": {"html": "https://wpnews.pro/news/equiv-check-that-an-ai-refactor-did-not-change-what-your-code-does", "markdown": "https://wpnews.pro/news/equiv-check-that-an-ai-refactor-did-not-change-what-your-code-does.md", "text": "https://wpnews.pro/news/equiv-check-that-an-ai-refactor-did-not-change-what-your-code-does.txt", "jsonld": "https://wpnews.pro/news/equiv-check-that-an-ai-refactor-did-not-change-what-your-code-does.jsonld"}}