Verification & Safety
14 tools an AI agent uses to prove a change is safe — before and after it edits code. Behavior- and contract-preservation checks across two versions, side-effect and diff-semantics diffs, test-impact selection, cross-language port parity, and the security surfaces (taint flow, secret-touching code, unsafe constructs). Unlike the read-only query tools, these answer “did this change break anything, leak anything, or diverge from the source?” They range from Free to Enterprise — see the License column and the Feature Matrix.
| Tool | Description | Parameters | License |
|---|---|---|---|
bisect_regression |
Semantic git-bisect: walk good_ref..bad_ref oldest-to-newest, apply verify_diff_semantics to each adjacent commit pair for the target symbol, and return the first commit that introduced a Behavior hunk. Returns BisectResult { target, file, culprit: { commit, author } | null, scanned, modeled_kinds }. Pairs where the file is absent at either revision are skipped. Params: file (string), target (string), good_ref (string), bad_ref (string) | file (string, repo-root-relative path), target (string, function/method name), good_ref (string, last-known-good git ref), bad_ref (string, currently-failing git ref) |
Architecture |
gate |
Deterministic merge gate: discover changed functions from the git diff (working tree vs HEAD, or vs merge-base of base_ref), run verify_diff_semantics + verify_test_impact + verify_side_effects per function, and synthesize MERGE | REVIEW | BLOCK | UNKNOWN per function and overall — UNKNOWN is never presented as MERGE; unmodeled dimensions and tier-blocked files degrade to UNKNOWN with the evidence quoted. receipts: write verification receipts to .act/receipts/ (consumption of valid receipts is always on). Params: none [, base_ref (string), root (string), receipts (boolean)] | none [, base_ref (string), root (string)] |
Engineering |
generate_test_harness |
Generate a test scaffold for a target function — extracts the Contract (signature, guards, raises) and synthesises a test file with one happy-path case + one case per guard + one case per error path. Supported across tier-1+ programming languages (TypeScript/TSX, JavaScript, Python, Rust, Go, Java, Kotlin, C#, Swift, Ruby, C, C++, PHP, Scala); grammars with no unit-test idiom return supported:false (documented opt-out). Params: file (string), target (string) | file (string, path to source file), target (string, function name) |
Engineering |
scan |
Scan a repository for AI-code security issues (hardcoded credentials, .cursorrules backdoors, MCP-config RCE) and return an AI-Code Health Score + remediation bundle (JSON). Private repos require an act101 scan entitlement; public repos are free. Coverage auto-discovery: conventional lcov reports (coverage/lcov.info, lcov.info, target/coverage/lcov.info) are probed and, when found, test-gap statuses are coverage-evidence-based with the report named (and stale-flagged) in the coverage record. Params: none [, root (string), visibility ("public"|"private"), files (string[] — path-scoped scan; report gains scope section, scores cover the selected files only; conflicts with baseline_write), baseline (string — compare against a committed baseline; report gains new/baselined partition), baseline_write (string — record current findings as the baseline; full scans only), base_ref (string — diff-scoped scan vs merge-base(ref, HEAD); report gains scope section; conflicts with baseline_write)] | none [, root (string), visibility ("public"|"private"), files (string[] — path-scoped scan; report gains scope section, scores cover the selected files only; conflicts with baseline_write), baseline (string — compare against a committed baseline; report gains new/baselined partition), baseline_write (string — record current findings as the baseline; full scans only), base_ref (string — diff-scoped scan vs merge-base(ref, HEAD); report gains scope section; conflicts with baseline_write)] |
Builder |
secret_surface |
Surface secret-touching code in a file — credential params, token vars, signing keys, env-secret reads, and hardcoded secret literals — with per-item confidence. Heuristic; LSP upgrades confidence. Params: file (string) | file (string) |
Engineering |
summarize_pr |
Summarize a changed file by composing verify_diff_semantics across changed symbols and tallying signature, behavior, and format-only changes. Params: file (string) [, base_ref (string)='HEAD', before (string), after (string), targets (string[])] | file (string) [, base_ref (string)='HEAD', before (string), after (string), targets (string[])]. |
Engineering |
taint_flow |
Trace tainted (untrusted) data from sources (request params, env/file reads, argv) to dangerous sinks (raw SQL, eval, command exec, fs path, deserialization) across the call graph, with per-flow steps and the unresolved-call frontier. Params: target (string), file (string) [, max_depth (u32), max_nodes (u32)] | target (string), file (string) [, max_depth (u32), max_nodes (u32)] |
Architecture |
unsafe_surface |
Surface dangerous constructs in a file — unsafe blocks, dynamic eval, raw SQL sinks, FFI calls, reflective invocation, unsafe deserialization — with per-item confidence. Params: file (string) | file (string) |
Builder |
verify_behavioral_equivalence |
Verify two versions of a function have equivalent behavior by structural CFG diff (same branch/loop/exception/return shape). Verdict: equivalent | changed{dimensions} | unknown{reason}. scope='refactor' (default, Engineering) or 'port' (Enterprise, cross-language). Params: target (string), file (string) [, base_ref (string)='HEAD', before (string), after (string), scope (string)='refactor'] | — | Engineering |
verify_contract_preserved |
Verify a function's public + behavioral contract (signature, effects, control-flow shape, return shape, guards, raises) is preserved across two versions. Verdict: preserved | broken{dimensions} | unknown{dimensions} — never claims preserved on a dimension the grammar does not model. Params: target (string), file (string) [, base_ref (string)='HEAD', before (string), after (string)] | — | Engineering |
verify_diff_semantics |
Classify how a function changed across two versions: each hunk as format | signature | behavior (rename/move when symbol-identity is available). Uses model diffs (signature via interface, behavior via CFG/effect diff, format via AST-equal-but-text-different). Params: target (string), file (string) [, base_ref (string)='HEAD', before (string), after (string)] | — | Engineering |
verify_port_parity |
Cross-language contract equivalence check (v1): compare the source and ported symbol's signature arity, return presence, effect-kind set, CFG shape, and raise count. A dimension that either grammar doesn't model contributes no evidence — never a false Preserved. Verdict: 'diverged' if any compared dimension differs (dominates); 'preserved' only if all compared dimensions match AND at least two dimensions were jointly modeled (matching signature arity alone is not parity evidence); 'unknown' when too few dimensions are jointly modeled to claim parity (e.g. only signature was comparable). Tier-1 contract analysis runs by default — no code execution. OPT-IN Tier-2: pass execute=true to ALSO run subprocess differential execution for interpreter languages whose runtime is present (node, python3) and a JSON-able source signature — it generates inputs, runs both functions under a ulimit resource cap (CPU/address-space/file-size) in a throwaway temp CWD, and diffs their JSON outputs; verified_by becomes 'execution' and an executed output divergence forces 'diverged'. This is a RESOURCE boundary, NOT a security sandbox (no network isolation). When execution is not eligible (compiled language, absent runtime, non-JSON-able signature) it falls back to Tier-1 cleanly with no false parity claim. Returns ParityReport { verdict: preserved|diverged|unknown, dimensions_checked, mismatches, verified_by: 'contract'|'execution', modeled_kinds, execution?: { cases_run, mismatches, note } }. Params: source_file (string), source_target (string), ported_file (string), ported_target (string), execute (bool, optional, default false) | source_file (string), source_target (string), ported_file (string), ported_target (string), execute (bool, optional, default false) |
Enterprise |
verify_side_effects |
Diff a function's side effects between two versions (git working-tree vs HEAD by default, or an explicit before/after pair) — added/removed effects plus the dropped-cleanup class (a removed write/blocking call while an allocation is kept). Params: target (string), file (string) [, base_ref (string)='HEAD', before (string), after (string)] | — | Engineering |
verify_test_impact |
The minimal set of tests whose call graph reaches a change — pass `target` for one changed symbol, or omit it to derive the changed set from the file's before/after symbol diff (git working-tree vs base_ref, or explicit before/after). Composes the call-graph engine + test-file detection. Params: file (string) [, target (string), base_ref (string)='HEAD', before (string), after (string), max_depth (u32)=32] | file (string) [, target (string), base_ref (string)='HEAD', before (string), after (string), max_depth (u32)=32]. |
Engineering |