The test
before the fix.
Turn a public GitHub issue and an exact commit into a minimal test candidate, then verify its failure inside a locked-down Docker boundary—before anyone changes production code.
Self-fixture verified. Current maximum claim: repeatable_base_failure. Historical benchmark: 0 / 20. No semantic-validity claim yet.
# Public self-fixture. Generate no fix.
$ reproassert issue \
https://github.com/Atomics-hub/reproassert/issues/1 \
--commit 7b03e8f7f4b7... \
--generator-command ./examples/deterministic_generator.pypatch evidence/live-demo/candidate.patch
report evidence/live-demo/reproassert-report.json
replay 3 / 3 same fingerprintEvidence before confidence
A claim ladder with a hard stop.
ReproAssert records what happened; it does not promote a consistent failure into semantic truth. Higher claims stay visibly locked until they earn different evidence.
- 01rejectedimplemented
Rejected
Policy, collection, setup, or evidence failed.
- 02collectedimplemented
Collected
The exact candidate test exists and pytest can collect it.
- 03repeatable_base_failurecurrent max
Repeatable base failure
Same issue-marked failure on every bounded base rerun.
- 04differential_reproductionnot produced
Differential reproduction
Requires repeated buggy and fixed revision evidence.
- 05maintainer_validatednot produced
Maintainer validated
Requires independent human evidence outside the CLI.
Hostile by default
The repository is data until the sandbox says otherwise.
Issue prose is never copied into a command. Repository code and candidate tests execute only inside the strict verifier. A trusted generator adapter stays outside that boundary and receives only an explicit environment allowlist.
Read the threat modelResidual risk is explicit. Docker shares a kernel on Linux, test output can be adversarial, and a user-selected generator adapter is trusted host code. A repeated failure is bounded evidence—not proof of issue semantics or complete safety.
Public benchmark ledger · v0.1
Twenty frozen cases. Zero scored results.
Thin by design
One narrow, inspectable loop.
Provider-neutral generation feeds a deterministic controller. The controller owns every execution argument and every artifact path.
- 01
Pin
Canonical issue + exact SHA
- 02
Bound
Safe archive + limited context
- 03
Screen
One test + static policy
- 04
Verify
Collect + repeat in Docker
- 05
Record
Patch + replayable report
candidate.patchOne new pytest file. No production edits.
reproassert-report.jsonSHA, image, limits, exit codes, logs, fingerprints, hashes.
reproassert replay <report>Fresh fetch and controller-owned rerun from bounded data.
Useful locally. Open source.
Start with the boundary, not a cloud account.
The alpha supports canonical public GitHub issues and Python/pytest. It does not install repository dependencies, access private repositories, or fall back to executing on your host.
$ git clone https://github.com/Atomics-hub/reproassert.git
$ cd reproassert
$ uv sync
$ uv run reproassert sandbox build
$ uv run reproassert doctorBusiness hypothesis · not an offer
Hosted operations may be valuable. The free core stays useful.
Zero willingness-to-pay, conversion, retention, or margin evidence has been measured. Private-repo runners and billing wait for technical and maintainer gates.
Don’t trust the fix.
Reproduce the failure.
Inspect the code, the frozen benchmark, and the exact security boundary. Then run the open-source slice locally.
Open ReproAssert on GitHub