Demo report
CI passed, but CodeAudit found missing evidence.
This is what CodeAudit shows when an AI-generated pull request changes risky behavior but does not include enough proof to merge.
demo/billing-saas · Pull request #42
CodeAudit: NEEDS_PROOF
Merge should wait
Changed behavior
- Refund logic now touches invoice sync and ledger writes.
Evidence found
- Build passed
- Existing tests passed
Missing evidence
- No regression test proves partial refunds still sync invoice balance.
- No regression test proves refund ledger writes are idempotent.
- No test proves refund amount boundaries remain enforced.
Required action
- Add a regression test for partial refund + invoice sync.
- Add a regression test for ledger idempotency.
- Rerun CodeAudit before merge.
Merge certificate
Certificate ID: cad-demo-42
Verdict: NEEDS_PROOF
Audit hash: 6442aa4b09f412e83ad2676cd8a7ff6c...
No proof. No merge.
CodeAudit does not replace human review. It tells the reviewer when important behavior changed but the pull request does not include enough evidence to trust the change.