DACIP DACIP
Deterministic PR gate · Python + TypeScript

AI reviewers have opinions.
DACIP has proof.

A 100% deterministic PR gate. It reads both sides of your pull request from source, names the exact frontend call site your backend change orphans — file and line — and attaches a repro that fails until it's fixed.

No LLM in the pipeline. No spec to keep honest. Same refs in, byte-identical verdict out — in CI, in review, in six months.

Free for public repos + one private repo · installs in one click · first verdict in ~1 min.

dacip / contract-gate · failedpassing · PR #482 · getredash/redash

⛔ 1 breaking change introduced by this PR

Removes GET /api/queries/recent — 1 call site still targets it:

client/app/services/query.js:387 → 404 in production
Prove it yourself — fails on this branch, passes when fixed:
pytest .dacip/runs/gate/repro_2e70be3.py -x -q

✅ Contract restored — repro now passes

GET /api/queries/recent resolves again · client/app/services/query.js:387 matched.

pytest … 1 passed in 0.31s
Same comment flips to resolved on the next push. No new bot spam.
verdict recomputed — identical every run.
123 routes · 93/94 calls matched · 18 dynamic — listed, never guessed
Real output — validation run on getredash/redash, synthetic breaking commit.
9
major OSS repos tested cold — sentry, zulip, posthog…
0
false positives — every asserted defect hand-verified
3
real bugs found in famous repos on first contact
100%
of asserted findings ship a runnable repro
<2m
push to verdict — 36s cold on the largest repo
01 — THE FAILURE MODE

The one class of bug that survives green CI.

Agents don't write bad syntax — they break contracts. A route gets renamed. Call sites keep calling the old one. Unit tests pass. CI is green. Production 404s. Every existing check said this PR was fine.

the agent's PR — everything green
- def get_recent_queries():        # renamed
+ def get_query_history():
# tests  ✓ 1,204 passed
# lint   ✓ clean
# type   ✓ 0 errors
# frontend still calls GET /api/queries/recent
  ↳ 404 · nobody caught it
02 — THE SIGNATURE MOVE

Every claim comes with the command that proves it.

An LLM reviewer says "this might break something." DACIP hands your reviewer a test that fails because it's broken — and passes the moment it's fixed. Nobody argues with a red test.

terminal — on the PR branch
$ pytest .dacip/runs/gate/repro_2e70be3.py -x -q
FAILED repro_2e70be3::test_contract — DACIP: no backend route, GET /api/queries/recent answered 404
# restore the route (or authorize the removal in your plan) …
$ pytest .dacip/runs/gate/repro_2e70be3.py -x -q
1 passed in 0.31s
# the PR comment flips to ✅ resolved on the next push — same comment, no bot spam
Fails before. The defect is real, not plausible.
Passes after. The fix is proven, not asserted.
Deterministic. Re-run it in six months — same answer.
03 — CAPABILITIES

Built for the failure mode agents actually have.

One class of bug, done exhaustively — not every class, done shallowly.

01

Blast radius per change

Diffs the contract graph between your PR's two refs — routes removed, methods changed, auth dropped, required fields added — each with every affected caller at file:line.

BREAKING_ROUTE_REMOVED → mention-autocomplete.tsx:46
02

Source is the spec

Flask, Flask-RESTX, Django/DRF (nested routers, re_path), Express, Next.js handlers — matched against real fetch/axios calls. No OpenAPI required; wrong specs can't lie to it.

03

Runnable repro per finding

A generated pytest file that fails iff the defect is real — auth walls skip rather than fail, assumptions listed. verify upgrades high → proven on reproduction.

04

Pre-write agent guardrail

Inside Claude Code, a resident gate judges each edit's contract impact before it hits disk — denying unauthorized breaks in under 500ms, naming the orphaned callers. A human override always wins.

deny: removes GET /api/users/mentionable — 1 caller…
05

Native to GitHub

One idempotent PR comment (edited in place — never a comment stack), a contract-gate check run, and SARIF into code scanning. Silent on clean PRs.

06

Honest coverage, always

Dynamic paths, unresolved prefixes, unsupported frameworks: counted and labelled in every verdict. When DACIP can't see, it says so — it never pads the report with guesses.

04 — HOW IT FITS

One engine. Two ways to run it.

Standalone, it's the deterministic gate on every pull request. Paired with Claude Code, it becomes the fact layer and enforcement loop your agent runs inside.

Standalone — the PR gate

Push a PR; DACIP derives both sides from source and proves what broke.

base ref
origin/main
head ref
PR branch
DACIP engine
deterministic · no LLM · no tokens
1 · extract facts
routes · calls · auth · fields
2 · diff contract graph
what this PR breaks / fixes
3 · evidence gate
assert only what's proven
PR comment
break + file:line + repro
check run
blocks merge on break
SARIF
→ code scanning
same refs in → byte-identical verdict out · clone wiped when the job ends

With Claude Code — the verified loop

The agent reasons; DACIP supplies facts and enforces them.

Claude Code
reasons · writes
verified facts over MCP · ~90% fewer tokens
plan validated · invented endpoint rejected
each edit · breaking edit denied <500ms
fix accepted · repro flips fail → pass
DACIP
knows · verifies · enforces
the agent proposes · DACIP verifies · you approve
05 — WITH CLAUDE CODE

Put your coding agent on deterministic rails.

Hallucination and token burn share one root cause: the agent guessing about your codebase. DACIP removes the guessing — it hands the agent verified facts, and refuses the edits those facts forbid.

CAN'T HALLUCINATE

It stops inventing your API.

Plans that reference an endpoint or symbol that doesn't exist are rejected before a single edit. Facts arrive over MCP — indexed routes and symbols — so the agent reads truth instead of guessing.

plan → rejected: symbol
  calc_totals not found in index
CAN'T DRIFT

It can't break a contract.

A resident guardrail judges every edit's effect on the contract graph before the write hits disk — a breaking edit is denied in ~470ms, naming the orphaned callers. Authorize it in the plan, or don't break it.

edit → denied in 474ms
  orphans mention-autocomplete.tsx:46
SPENDS LESS

~90% fewer tokens.

Indexed facts replace repo-crawling. The agent asks DACIP for the route or symbol instead of reading half the tree to find it — dramatically less context, dramatically lower spend.

crawl repo ~42k tok
dacip_context → ~3k tok

Latency measured on a 500-file pilot (p50 476ms / p95 566ms, breaking-edit deny 474ms). Guardrail covers file-edit tools (Edit / Write / MultiEdit); when the daemon is absent it fails open, loudly — uncertainty never blocks, and a human override always outranks the gate.

06 — AGAINST THE FIELD

They review. DACIP proves.

LLM reviewers are useful — keep yours. DACIP is a different instrument: a deterministic gate for the one class of bug that survives green CI.

DACIP CodeRabbit Greptile Cursor BugBot Copilot Review
Engine Deterministic — no LLM LLM LLM + graph 8-pass voting LLM
Same input → same output Always — byte-identical No No Majority vote No
Cross-boundary contract breaks Core — file:line blast radius
Runnable proof per finding Every asserted finding
False-positive discipline 0 across 9 audited repos noisy on small PRs 11 FPs in benchmark surface-level
Blocks agent edits pre-write Yes — in-session guardrail post-hoc fix
Your code + LLMs Never leaves the runner Sent to LLM Indexed + LLM Sent to LLM Sent to LLM
Review breadth One bug class, done exhaustively — contracts, imports, routes, schedules. Zero overlap with your reviewer. Broad Broad Broad Broad
Pricing $15/active contributor · free tier $24–30/seat $30/seat + usage $40/seat + Cursor bundled $19+

Competitor rows compiled from vendor pages and third-party comparisons (Jan 2026); corrections welcome. The last two rows are where the field beats us — on purpose. DACIP does one class of failure exhaustively rather than every class shallowly, and complements whichever reviewer you already run.

07 — RECEIPTS

Nine famous codebases. Zero wolf-cries. Three real bugs.

We ran DACIP cold on nine large open-source repos we'd never seen, and hand-audited every asserted defect against source.

Repository Routes Asserted Hand-audit verdict
getsentry/sentry15100 FP largest — 36s cold
zulip/zulip44500 FP
posthog/posthog8500 FP weak coverage declared, not guessed
Flagsmith/flagsmith54900 FP
netbox-community/netbox23500 FP
mathesar-foundation/mathesar2400 FP unsupported frontend: says so, loudly
getredash/redash1231real bug verified below
apache/superset3071real bug verified below
HumanSignal/label-studio1851real bug verified below
getredash/redashissue #7769 ↗

GET api/dashboards/recent — the client ships a service method for it; no backend route serves it. Zero hits across the entire server tree — the first caller gets a 404.

apache/supersetPR #41972 ↗

A TYPE_CHECKING import references a path that stopped existing after a refactor. Every type-check of that file has been broken since.

HumanSignal/label-studioissue #9815 ↗

io_storages/filesystem.py imports .base, which doesn't exist — a dead module that crashes on first import. Pure debt.

Full methodology, per-repo write-ups, and the 19 extractor gap classes we fixed to get here ship with the beta. All three bugs were disclosed upstream before publication — receipts linked above.

08 — THE FINE PRINT, UP FRONT

What DACIP will not do.

It won't guess.

Whatever static analysis can't resolve is counted and labelled in every verdict — never silently filled in. That discipline is why the false-positive count is zero.

It won't opine on style, naming, or architecture.

Bounded checks with provable answers. Run it under your LLM reviewer; they don't overlap.

It won't feed your code to a model.

No LLM anywhere in the pipeline. Clones are wiped when the job ends; we persist finding fingerprints, never source.

It won't spam.

Clean PR → silent green check. One comment per PR, edited in place, flipped to "resolved" when you fix it.

09 — PRICING

Cheaper than the reviewers it out-proves.

There's no per-token inference bill underneath a deterministic engine — the pricing passes that through.

Free

$0
  • All public repos
  • 1 private repo
  • PR gate, comment, check run
  • SARIF → code scanning
Most teams

Team

$15 / active contributor / month
  • Unlimited private repos
  • Org-wide baselines & triage
  • Finding history across merges
  • Repro verification in CI
  • Claude Code guardrail + fix loop

Enterprise

Let's talk
  • Self-hosted / on-prem CLI
  • SSO
  • Support SLA

An active contributor is anyone whose pull requests DACIP gates in a given month — counted automatically from PR authors, never self-reported. Bots don’t count. Repos are unlimited because repos aren’t the unit of value; people are.

EARLY ACCESS

Merge with proof.

Private beta opens with the GitHub App. If your stack is Django/Flask + React/Next and your team ships with agents, you're exactly who this was built for.

One email when the beta opens — nothing else. No analytics on this site. Privacy.