Did the patch deliver what the Issue promised?
PatchVow reads the Issue, PRD, and acceptance criteria behind every pull request — then proves, line by line, what the change actually implemented, tested, and left undone before it merges.
"Workspace owners can restrict SSO access to approved email domains."
Promise · Issue #311Restrict SSO to approved domains
sourcePatch · 4 filesdomain allow-list added to auth
mappedBehavior · allowed / blocked2 of 4 paths verified
partialTestsunauthorized-user path untested
gapUnfold one change from promise to proof.
It's a single Change Proof Sheet, not a wall of cards. Click through each fold — every panel is right here, no scrolling required.
"Workspace owners can restrict SSO access to approved email domains."
evidence://brief/311 · locked as PR baseline
# auth/sso.py + ALLOWED_DOMAINS = workspace.approved_domains + if email.split("@")[1] not in ALLOWED_DOMAINS: + raise SSOAccessDenied(email) - return authenticate(email) + return authenticate(email, restricted=True)
Requirement → code
Every hunk is folded out of the flat diff and connected to the requirement it serves — so a reviewer reads by intent, not by filename.
acme.com → authenticate(restricted=True)
gmail.com → SSOAccessDenied
revoked member retains access?
workspaces with no domain list
| Behavior | Normal | Permission | Null / empty | Migration |
|---|---|---|---|---|
| Approved domain | ✓ | ✓ | ✓ | ~ |
| Disallowed domain | ✓ | ✓ | ✕ | ✕ |
| Revoked member | ✕ | ✕ | ✕ | ✕ |
Test Forge builds this matrix from the promise, then shows which cells your existing tests already cover.
Change Proof #cp-482 · traceable · attaches to the PR before merge
Import a Pull Request. Get back what it actually did.
PatchVow pulls the Issue, PRD, and review discussion, maps each requirement to the diff, and checks behavior, tests, and risk before your team decides to merge.
Extract intent
Build a testable Change Brief from Issue & PRD.
Map the diff
Connect every hunk to the requirement it serves.
Check coverage
Done, partial, or missing — per requirement.
Probe risk
Find behavior that changed outside the ticket.
Prove it
Attach a Change Proof before merge.
See what's done, partial, or missing at a glance.
Each requirement sits on the outer ring; its code, tests, and verification evidence sit inside. Fully connected means Verified. Anything short of that is impossible to miss.
- Verified · Partially covered · Missing · Needs clarification
- Catches Non-Goals implemented by accident
- Flags old behavior removed without notice
Find the behavior that changed outside the ticket.
A patch rarely stays inside its own lines. Risk Lens traces the ripple — shared data structures, permission logic, public APIs, and user flows the change can reach — and separates confirmed risk from speculation.
- Unintended behavior · backward compatibility
- Permission change · migration risk · missing validation
- Dismiss false positives with a recorded reason
old clients bypass new domain check
admin override path reachable
3 services read the same flag
Stop merging changes you can only hope are correct.
Connect a repo, open a pull request, and PatchVow returns a Change Proof: what the Issue promised, what the patch delivered, and what still needs review.