Veris

Behavioral Verification Infrastructure for autonomous coding agents.

CI License: MIT Node MCP Local-first Veris MCP server

Veris is the verification intelligence layer that sits between AI coding agents and production reliability. It does not run your tests. It tells any MCP-compatible coding agent or CI pipeline what behaviors are at risk, what to verify, and how confident the result actually is — backed by a behavioral graph, semantic workflow grouping, persistent run history, drift detection, and explainable confidence math.

Today: TypeScript + JavaScript repos. Python and Go adapters on the roadmap.

Works with any MCP client. CLI works standalone. Fully open source. Local-first. No cloud. No telemetry. No paid tier.

---

Plug-and-play install

Option A — As an MCP server (one config line)

Veris speaks the Model Context Protocol. Drop this into any MCP-compatible client config:

{
  "mcpServers": {
    "veris": {
      "command": "npx",
      "args": ["-y", "veris-core", "mcp"]
    }
  }
}

Restart the client. 17 tools light up: analyze_pr_behavior, list_workflows, detect_drift, generate_adversarial_probes, allocate_budget, what_if_revert, report_execution, and more.

Option B — As a CLI

npx veris-core .                                 # analyze current repo
npx veris-core . --base-ref=origin/main          # explicit git base ref
npx veris-core . --budget=10 --onboarding        # 10-min verification plan + onboarding map
npx veris-core init                              # scaffold .veris/ with plugin slot
npx veris-core doctor                            # health check

Reports land in veris-reports/:

• veris-dashboard.html — interactive single-file dashboard (graph, heatmap, drift, probes, budget, history)
• veris-report.md — markdown executive summary
• onboarding/ — workflow-first markdown package for new engineers (with --onboarding)

Option C — From source

git clone https://github.com/vighriday/Veris
cd Veris
npm install && npm run build
node dist/cli.js .

---

What it gives you

Surface	What lands
Behavioral graph	Classes, methods, functions linked by DependsOn and real Invokes edges (call-expression resolution)
Semantic workflows	Auto-clustered into 25 domains (Authentication, Billing, Checkout, Caching, Queue, Webhooks, AI, ...)
Real git diff	Worktree-based diff vs any base ref. Not a placeholder
Risk scoring	Blast radius, fragility, runtime criticality + plain-English explanations
Confidence math	Half-life decay over real execution history. Failed runs reduce confidence; flaky = half credit
Drift detection	SHA-256 workflow fingerprints. Silent rewrites caught (same members, different topology)
Counterfactual mode	what_if_revert(nodeIds) simulates rollback impact
Adversarial probes	Concrete Tier 3 hypotheses per workflow kind (idempotency, replay, retry storms, cache stampede)
Budget allocator	Knapsack on (tier × criticality × risk) / cost. Highest-leverage subset within N minutes
Knowledge transfer	Workflow-first onboarding markdown package
Cross-repo view	Register multiple services; one MCP call for fleet-wide confidence
Interactive dashboard	Single-file HTML. Vis-network graph. Click workflow → filter everything. ESC to clear. Click-to-copy directives

---

Example agent prompts

Any MCP-compatible agent can drive Veris with prompts like these:

veris: analyze_pr_behavior with baseRef=origin/main
veris: list_workflows then detect_drift
veris: generate_adversarial_probes for the highest-risk workflow, then allocate_budget minutes=15
veris: what_if_revert nodeIds=[...]

After your agent runs the verifications it executed externally, close the loop:

veris: report_execution executions=[{nodeId:..., tier:'Tier 3', result:'pass'}, ...]

Confidence math now reflects what actually ran.

---

Privacy

• Local-first. Everything runs on your machine.
• No telemetry. Veris does not phone home.
• Zero-retention mode. VERIS_STATE_DISABLED=1 skips all .veris/state.db writes.
• No network calls. The MCP server speaks only over stdio.

---

Plugins

Drop a .js file into .veris/plugins/:

module.exports.register = function (api) {
    api.addWorkflowRule({
        kind: 'Payments',
        importTokens: ['stripe', '@yourorg/billing-sdk'],
        weight: 3
    });
    api.addRuntimeRisks('Payments', [
        '3DS challenge response lost on tab close'
    ]);
};

Full plugin API: docs/PLUGINS.md. Example: examples/plugin-fintech.js.

---

MCP tool reference

17 tools across categories: ingest, diff, plan, semantic, drift, counterfactual, verification, feedback, history, fleet.

See docs/MCP_TOOLS.md for the full reference with recommended flows.

---

Architecture

Source -> AST (ts-morph)
       -> Behavioral Graph (DependsOn + Invokes)
       -> Real git-worktree diff vs base ref
       -> Risk model (blast / fragility / criticality + explanations)
       -> Workflow classifier (25 semantic kinds, plugin-extensible)
       -> Fingerprints -> Drift detector (vs SQLite history)
       -> Adversarial probe generator
       -> Verification plan (Tier 1/2/3)
       -> Budget allocator (leverage / cost)
       -> Confidence engine (half-life decay over execution history)
       -> Reports + interactive dashboard
       -> MCP (17 tools) -> autonomous agents close the loop via report_execution

See ARCHITECTURE.md for the deep dive.

---

Roadmap

What is coming next, where help moves the needle: ROADMAP.md.

Active bugs and fixes land in CHANGELOG.md per patch release.

Contributing

PRs welcome. See CONTRIBUTING.md. Security reports: SECURITY.md.

OSS, sponsor-supported. No paid tier. No gated features.

License

MIT. See LICENSE.