AI Change Assurance

Did the patch deliver what the Issue promised?

PatchVow reads the Issue, PRD, and acceptance criteria behind every pull request — then proves, line by line, what the change actually implemented, tested, and left undone before it merges.

GitHub & GitLab Read-only by default Pre-merge checks
acme/checkout · PR #482Needs review

"Workspace owners can restrict SSO access to approved email domains."

P

Promise · Issue #311Restrict SSO to approved domains

source
C

Patch · 4 filesdomain allow-list added to auth

mapped
B

Behavior · allowed / blocked2 of 4 paths verified

partial
T

Testsunauthorized-user path untested

gap
The Proof Fold

Unfold one change from promise to proof.

It's a single Change Proof Sheet, not a wall of cards. Click through each fold — every panel is right here, no scrolling required.

"Workspace owners can restrict SSO access to approved email domains."

Issue #311PRD · Access ControlAcceptance: 4 criteria

evidence://brief/311 · locked as PR baseline

diff · mapped to Issue #311requirement-linked
# auth/sso.py
+ ALLOWED_DOMAINS = workspace.approved_domains
+ if email.split("@")[1] not in ALLOWED_DOMAINS:
+     raise SSOAccessDenied(email)
- return authenticate(email)
+ return authenticate(email, restricted=True)

Requirement → code

Every hunk is folded out of the flat diff and connected to the requirement it serves — so a reviewer reads by intent, not by filename.

3 hunks mapped 1 unexplained change
Approved domain signs in
acme.com → authenticate(restricted=True)
verified
Disallowed domain blocked
gmail.com → SSOAccessDenied
verified
Unauthorized user path
revoked member retains access?
untested
Old-config migration
workspaces with no domain list
missing
BehaviorNormalPermissionNull / emptyMigration
Approved domain~
Disallowed domain
Revoked member

Test Forge builds this matrix from the promise, then shows which cells your existing tests already cover.

72%Verified
2Implemented & verified
1Partially covered
1Missing test
1Needs review

Change Proof #cp-482 · traceable · attaches to the PR before merge

Change assurance for teams shipping every day
platform teamsfintechinfraAPI companiesagencies
What happens on every PR

Import a Pull Request. Get back what it actually did.

PatchVow pulls the Issue, PRD, and review discussion, maps each requirement to the diff, and checks behavior, tests, and risk before your team decides to merge.

01

Extract intent

Build a testable Change Brief from Issue & PRD.

02

Map the diff

Connect every hunk to the requirement it serves.

03

Check coverage

Done, partial, or missing — per requirement.

04

Probe risk

Find behavior that changed outside the ticket.

05

Prove it

Attach a Change Proof before merge.

Requirement Coverage

See what's done, partial, or missing at a glance.

Each requirement sits on the outer ring; its code, tests, and verification evidence sit inside. Fully connected means Verified. Anything short of that is impossible to miss.

  • Verified · Partially covered · Missing · Needs clarification
  • Catches Non-Goals implemented by accident
  • Flags old behavior removed without notice
VerifiedPartialMissingNeeds clarification
Risk Lens

Find the behavior that changed outside the ticket.

A patch rarely stays inside its own lines. Risk Lens traces the ripple — shared data structures, permission logic, public APIs, and user flows the change can reach — and separates confirmed risk from speculation.

  • Unintended behavior · backward compatibility
  • Permission change · migration risk · missing validation
  • Dismiss false positives with a recorded reason
Public API · /v1/tokens
old clients bypass new domain check
confirmed
Permission logic
admin override path reachable
likely
Shared config loader
3 services read the same flag
speculative
Every patch should keep its promise

Stop merging changes you can only hope are correct.

Connect a repo, open a pull request, and PatchVow returns a Change Proof: what the Issue promised, what the patch delivered, and what still needs review.