VerisKit
The fastest way to prove your software works.
- Platform
- Node.js 20+, macOS, Linux, Windows
- Pricing
- Free CLI, MIT
Overview
- Version
- 0.5.1
- Updated
- 13 Jul 2026
- Category
- Developer Tools / Verification
- Platform
- Node.js 20+ (macOS, Linux, Windows)
- Distribution
- npm / npx
- CLI
- veris
- License
- MIT
VerisKit answers one question: is this change safe enough to trust? Run `npx veriskit init` and it detects the tools your project already has, TypeScript, Vitest, Jest, node:test, ESLint, and Biome, then `veris verify` runs them in parallel and returns one honest verdict. There is no config to write and no new test framework to learn.
The verdict has three states, not two. verified means every configured check ran and passed. failed means at least one check failed. partial means nothing failed but a check was skipped or its result is unknown. A partial verdict is not a pass, and VerisKit never folds a skipped check into verified. It reads the real exit codes and output of the tools you already run, then writes a Markdown report you can paste straight into a pull request.
In the Baseframe Labs family, each tool answers one question. ProjScan asks whether the repository is healthy, AgentLoopKit decides what the agent should do next, AgentFlight records what the agent actually did, and VerisKit answers the last one: can we trust the result? Each works on its own, and VerisKit needs none of the others to verify a change. Everything runs locally, with no cloud, no telemetry, no source upload, and no LLM.
Part of Baseframe Labs
Four tools, four questions.
Baseframe Labs is four developer tools, each answering a different question about your work, in the order the work happens. Each one stands on its own.
- 01
ProjScanIs the repository healthy?
- 02
AgentLoopKitWhat should the agent do next?
- 03
AgentFlightWhat did the agent actually do?
- 04
VerisKitCan we trust the result?
Three of them, ProjScan, AgentLoopKit, and AgentFlight, also hand off through versioned JSON under .baseframe/. VerisKit verifies a change on its own and needs none of the others.
Features
What it does well.
Zero config
02npx veriskit init
Detects your stack, the package manager, TypeScript, Vitest, Jest, or node:test, ESLint or Biome, and Playwright (detected, not run), then writes `.veris/config.json`. Detection is read-only and never overwrites an existing config.
Nothing new to learn
VerisKit runs the tools you already have and reads their real output. No new test framework, no new assertions, no rewrite of your suite.
The verdict
03One honest verdict
`veris verify` runs every configured check in parallel and returns verified, failed, or partial, with exit codes 0, 1, and 2 so a pull request or CI job reads the result correctly.
Three states, not two
verified means every check ran and passed, failed means at least one failed, and partial means a check was skipped or its result is unknown. A partial is never a pass, and a skipped check is never folded into verified.
A report for the pull request
`veris report` writes a Markdown summary of the run, the verdict, each check with its timing, and the git commit and tree state, so you paste the evidence into the PR instead of a screenshot.
Developer loop
03veris affected
Runs only the checks, and only the test files, your changes actually reach, using an import graph built from the project's own TypeScript. Pass `--base <ref>` for a PR or CI diff.
veris watch
Re-runs the affected checks as files change, using native fs.watch with a `--poll` fallback, so the verdict keeps up with your edits.
Conservative narrowing
When it cannot prove a smaller set is safe, it runs the full suite. An affected test is never skipped, so a fast run is still an honest one.
Project intelligence
02veris scan
Maps the import graph from the project's own TypeScript, with a dependency-free scanner fallback, and surfaces the high-impact files with no tests behind them. Read-only, no code generation.
veris plan
Recommends what to test next from the scan: high-impact untested files, weak verification, risky changes. Analysis only, no code generation.
Evidence
03Git-anchored evidence.json
Every verify and affected run writes a canonical evidence.json (schema veriskit/evidence@1) with a sha256 integrity digest over the whole record and a sha256 of each check log.
veris evidence
`evidence verify` recomputes and checks a record or bundle, `evidence bundle` packages a run into one portable proof file, and `evidence show` prints the record's key facts.
Honest about what it proves
An integrity digest detects edits and corruption. It is not forgery-proof on its own, so publish the digest separately or sign it. Cryptographic signing is planned.
Trust
02Two dependencies
The whole tool ships with exactly cac and picocolors. Everything else is Node built-ins, so it installs light and stays auditable.
Local and quiet
No cloud, no telemetry, no source upload, no account, and no LLM. VerisKit reads your tools' output and writes local files under `.veris/`.
New in 0.4.0
An evidence trail you can recompute.
0.4.0 adds the Evidence System. Every verify and affected run now writes a canonical, git-anchored evidence.json, and a new evidence command recomputes it, bundles it, or prints it. The verdict stays honest, and now it carries a digest.
- Git-anchored evidence.json
- Each run writes `.veris/runs/<id>/evidence.json` (schema veriskit/evidence@1) with a sha256 integrity digest over the whole record and a sha256 of each per-check log. It replaces the older metadata.json, and no new runtime dependency comes with it.
- veris evidence verify, bundle, show
- `evidence verify <file>` recomputes and checks a record or bundle, `evidence bundle` packages the latest run (record, report, and logs, each digested) into one portable proof file under `.veris/evidence/`, and `evidence show` prints the record's key facts.
- What the digest proves, and what it does not
- An integrity digest detects later edits and corruption. It is not forgery-proof on its own, so publish the digest separately or sign it. VerisKit states this plainly rather than overselling the proof. Cryptographic signing is planned.
- Commit and tree state, on the record
- The report and terminal now show the git commit and whether the working tree was clean, and the report carries the evidence digest, so a verdict is tied to an exact point in history.
The verdict
One honest verdict, three states.
A green wall of checkmarks does not tell you whether a change is safe. `veris verify` runs the configured checks in parallel, reads their real exit codes and output, and returns one verdict. There are three states, not two, and a partial is never a pass.
- verified (exit 0)
- Every configured check ran and passed. This is the only state that means the change cleared the bar you set.
- failed (exit 1)
- At least one check failed. VerisKit shows which one and preserves its output, so you fix the cause rather than hunt for it.
- partial (exit 2, or 0 with --partial-ok)
- No check failed, but one was skipped or its result is unknown. A partial verdict is not a pass. VerisKit never folds a skipped check into verified, and `--partial-ok` lets you accept a partial on purpose, in the open.
- A report you can paste
- `veris report` writes a Markdown summary, the verdict, each check with timing, and the git commit and tree state, so the evidence goes straight into the pull request.
Developer loop
Re-run only what your change reached.
A full suite on every keystroke is slow enough to skip. VerisKit narrows the run to the checks and test files your changes actually reach, built from an import graph, and keeps it honest with a conservative fallback.
- veris affected
- Runs only the checks, and only the test files, reached by your changes, using an import graph from the project's own TypeScript. Pass `--base <ref>` to scope it to a PR or CI diff.
- veris watch
- Re-runs the affected checks as files change, with native fs.watch and a `--poll` fallback for editors and filesystems that need it.
- Never a false-fast run
- Narrowing is conservative: when VerisKit cannot prove a smaller set is safe, it runs the full suite. An affected test is never skipped, and affected or watch never report a bare Verified.
Project intelligence
Find the untested code that matters.
Coverage percentages hide the risk. VerisKit maps how the code connects, then points at the high-impact files with no tests behind them. It reads and recommends; it never writes code.
- veris scan
- Maps the import graph from the project's own TypeScript, with a dependency-free scanner fallback, writes `.veris/graph.json`, and surfaces untested high-impact files.
- veris plan
- Turns the scan into prioritized recommendations: high-impact untested files, weak verification, and risky changes. Analysis only, no code generation.
Trust
Local, light, and honest.
VerisKit runs the checks you already run and writes local files. Nothing uploads, nothing phones home, and the dependency list is short enough to read.
- Two dependencies
- The whole tool ships with exactly cac and picocolors. Everything else is Node built-ins, so it installs light and stays auditable.
- Nothing leaves the machine
- No cloud, no telemetry, no source upload, no account, and no LLM calls. VerisKit reads your tools' output and writes under `.veris/`.
- What it does not do yet
- No framework route or endpoint detection, no test generation, one project root (monorepos are not modeled yet), a scanner fallback on plain-JS or TS 7.x-native projects, and no cryptographic signing. VerisKit names its edges rather than hiding them.
Prove it works, then paste the proof.
Install once, verify the change, write the report, then narrow to only what you touched. `npx veriskit init` detects your stack, `veris verify` returns one honest verdict, `veris report` writes the Markdown you paste into the PR, and `veris affected` keeps later runs fast. Local-first, MIT, no cloud.
Detect the stack
Prove the change
Write the PR report
Narrow to your change
Re-run as you edit
More from the studio
ProjScan
ProjScan tells reviewers when to bootstrap, prove, or stop. Review Gate returns one decision; bootstrap is explicit. Local proof, no code upload.
ViewAgentLoopKit
The local control plane for low-token, verifiable agent loops. It owns scope, gates, and completion decisions, with a token receipt on every step.
ViewAgentFlight
agentflight guard watches local trust while your coding agent works; agentflight finish writes the Review Passport that proves the result.
View