BaseframeLabs
All apps
VerisKit icon
Developer ToolsLive

VerisKit

The fastest way to prove your software works.

Platform
Node.js 20+, macOS, Linux, Windows
Pricing
Free CLI, MIT
Install from npmView on GitHubRead docs
veriskit
$ npx veriskit init
veris verify output: the veriskit project, three passing checks (types 1.2s, unit 2.4s, lint 0.6s), a Verified result, the git commit 4fa33a9 with a clean tree, and the path to the Markdown report.

Overview

Version
0.5.1
Updated
13 Jul 2026
Category
Developer Tools / Verification
Platform
Node.js 20+ (macOS, Linux, Windows)
Distribution
npm / npx
CLI
veris
License
MIT

VerisKit answers one question: is this change safe enough to trust? Run `npx veriskit init` and it detects the tools your project already has, TypeScript, Vitest, Jest, node:test, ESLint, and Biome, then `veris verify` runs them in parallel and returns one honest verdict. There is no config to write and no new test framework to learn.

The verdict has three states, not two. verified means every configured check ran and passed. failed means at least one check failed. partial means nothing failed but a check was skipped or its result is unknown. A partial verdict is not a pass, and VerisKit never folds a skipped check into verified. It reads the real exit codes and output of the tools you already run, then writes a Markdown report you can paste straight into a pull request.

In the Baseframe Labs family, each tool answers one question. ProjScan asks whether the repository is healthy, AgentLoopKit decides what the agent should do next, AgentFlight records what the agent actually did, and VerisKit answers the last one: can we trust the result? Each works on its own, and VerisKit needs none of the others to verify a change. Everything runs locally, with no cloud, no telemetry, no source upload, and no LLM.

Part of Baseframe Labs

Four tools, four questions.

Baseframe Labs is four developer tools, each answering a different question about your work, in the order the work happens. Each one stands on its own.

  1. 01ProjScan iconProjScanIs the repository healthy?
  2. 02AgentLoopKit iconAgentLoopKitWhat should the agent do next?
  3. 03AgentFlight iconAgentFlightWhat did the agent actually do?
  4. 04VerisKit iconVerisKitCan we trust the result?

Three of them, ProjScan, AgentLoopKit, and AgentFlight, also hand off through versioned JSON under .baseframe/. VerisKit verifies a change on its own and needs none of the others.

Features

What it does well.

Zero config

02
01

npx veriskit init

Detects your stack, the package manager, TypeScript, Vitest, Jest, or node:test, ESLint or Biome, and Playwright (detected, not run), then writes `.veris/config.json`. Detection is read-only and never overwrites an existing config.

02

Nothing new to learn

VerisKit runs the tools you already have and reads their real output. No new test framework, no new assertions, no rewrite of your suite.

The verdict

03
01

One honest verdict

`veris verify` runs every configured check in parallel and returns verified, failed, or partial, with exit codes 0, 1, and 2 so a pull request or CI job reads the result correctly.

02

Three states, not two

verified means every check ran and passed, failed means at least one failed, and partial means a check was skipped or its result is unknown. A partial is never a pass, and a skipped check is never folded into verified.

03

A report for the pull request

`veris report` writes a Markdown summary of the run, the verdict, each check with its timing, and the git commit and tree state, so you paste the evidence into the PR instead of a screenshot.

Developer loop

03
01

veris affected

Runs only the checks, and only the test files, your changes actually reach, using an import graph built from the project's own TypeScript. Pass `--base <ref>` for a PR or CI diff.

02

veris watch

Re-runs the affected checks as files change, using native fs.watch with a `--poll` fallback, so the verdict keeps up with your edits.

03

Conservative narrowing

When it cannot prove a smaller set is safe, it runs the full suite. An affected test is never skipped, so a fast run is still an honest one.

Project intelligence

02
01

veris scan

Maps the import graph from the project's own TypeScript, with a dependency-free scanner fallback, and surfaces the high-impact files with no tests behind them. Read-only, no code generation.

02

veris plan

Recommends what to test next from the scan: high-impact untested files, weak verification, risky changes. Analysis only, no code generation.

Evidence

03
01

Git-anchored evidence.json

Every verify and affected run writes a canonical evidence.json (schema veriskit/evidence@1) with a sha256 integrity digest over the whole record and a sha256 of each check log.

02

veris evidence

`evidence verify` recomputes and checks a record or bundle, `evidence bundle` packages a run into one portable proof file, and `evidence show` prints the record's key facts.

03

Honest about what it proves

An integrity digest detects edits and corruption. It is not forgery-proof on its own, so publish the digest separately or sign it. Cryptographic signing is planned.

Trust

02
01

Two dependencies

The whole tool ships with exactly cac and picocolors. Everything else is Node built-ins, so it installs light and stays auditable.

02

Local and quiet

No cloud, no telemetry, no source upload, no account, and no LLM. VerisKit reads your tools' output and writes local files under `.veris/`.

New in 0.4.0

An evidence trail you can recompute.

0.4.0 adds the Evidence System. Every verify and affected run now writes a canonical, git-anchored evidence.json, and a new evidence command recomputes it, bundles it, or prints it. The verdict stays honest, and now it carries a digest.

Git-anchored evidence.json
Each run writes `.veris/runs/<id>/evidence.json` (schema veriskit/evidence@1) with a sha256 integrity digest over the whole record and a sha256 of each per-check log. It replaces the older metadata.json, and no new runtime dependency comes with it.
veris evidence verify, bundle, show
`evidence verify <file>` recomputes and checks a record or bundle, `evidence bundle` packages the latest run (record, report, and logs, each digested) into one portable proof file under `.veris/evidence/`, and `evidence show` prints the record's key facts.
What the digest proves, and what it does not
An integrity digest detects later edits and corruption. It is not forgery-proof on its own, so publish the digest separately or sign it. VerisKit states this plainly rather than overselling the proof. Cryptographic signing is planned.
Commit and tree state, on the record
The report and terminal now show the git commit and whether the working tree was clean, and the report carries the evidence digest, so a verdict is tied to an exact point in history.

The verdict

One honest verdict, three states.

A green wall of checkmarks does not tell you whether a change is safe. `veris verify` runs the configured checks in parallel, reads their real exit codes and output, and returns one verdict. There are three states, not two, and a partial is never a pass.

verified (exit 0)
Every configured check ran and passed. This is the only state that means the change cleared the bar you set.
failed (exit 1)
At least one check failed. VerisKit shows which one and preserves its output, so you fix the cause rather than hunt for it.
partial (exit 2, or 0 with --partial-ok)
No check failed, but one was skipped or its result is unknown. A partial verdict is not a pass. VerisKit never folds a skipped check into verified, and `--partial-ok` lets you accept a partial on purpose, in the open.
A report you can paste
`veris report` writes a Markdown summary, the verdict, each check with timing, and the git commit and tree state, so the evidence goes straight into the pull request.

Developer loop

Re-run only what your change reached.

A full suite on every keystroke is slow enough to skip. VerisKit narrows the run to the checks and test files your changes actually reach, built from an import graph, and keeps it honest with a conservative fallback.

veris affected
Runs only the checks, and only the test files, reached by your changes, using an import graph from the project's own TypeScript. Pass `--base <ref>` to scope it to a PR or CI diff.
veris watch
Re-runs the affected checks as files change, with native fs.watch and a `--poll` fallback for editors and filesystems that need it.
Never a false-fast run
Narrowing is conservative: when VerisKit cannot prove a smaller set is safe, it runs the full suite. An affected test is never skipped, and affected or watch never report a bare Verified.

Project intelligence

Find the untested code that matters.

Coverage percentages hide the risk. VerisKit maps how the code connects, then points at the high-impact files with no tests behind them. It reads and recommends; it never writes code.

veris scan
Maps the import graph from the project's own TypeScript, with a dependency-free scanner fallback, writes `.veris/graph.json`, and surfaces untested high-impact files.
veris plan
Turns the scan into prioritized recommendations: high-impact untested files, weak verification, and risky changes. Analysis only, no code generation.

Trust

Local, light, and honest.

VerisKit runs the checks you already run and writes local files. Nothing uploads, nothing phones home, and the dependency list is short enough to read.

Two dependencies
The whole tool ships with exactly cac and picocolors. Everything else is Node built-ins, so it installs light and stays auditable.
Nothing leaves the machine
No cloud, no telemetry, no source upload, no account, and no LLM calls. VerisKit reads your tools' output and writes under `.veris/`.
What it does not do yet
No framework route or endpoint detection, no test generation, one project root (monorepos are not modeled yet), a scanner fallback on plain-JS or TS 7.x-native projects, and no cryptographic signing. VerisKit names its edges rather than hiding them.
VerisKit icon

Prove it works, then paste the proof.

Install once, verify the change, write the report, then narrow to only what you touched. `npx veriskit init` detects your stack, `veris verify` returns one honest verdict, `veris report` writes the Markdown you paste into the PR, and `veris affected` keeps later runs fast. Local-first, MIT, no cloud.

Detect the stack

Prove the change

Write the PR report

Narrow to your change

Re-run as you edit