← Home
Demo report

CI passed, but CodeAudit found missing evidence.

This is what CodeAudit shows when an AI-generated pull request changes risky behavior but does not include enough proof to merge.

demo/billing-saas · Pull request #42

CodeAudit: NEEDS_PROOF

Merge should wait

Changed behavior

  • Refund behavior changed in src/billing/refunds.ts
  • Payment behavior changed in src/billing/refunds.ts
  • Billing or invoice behavior changed in src/billing/refunds.ts

Evidence found

  • Build passed.
  • Existing tests passed.
  • Existing tests do not directly prove the risky behavior change.

Missing evidence

  • Refund behavior changed — Regression test for full and partial refund behavior.
  • Payment behavior changed — Integration test for payment success/failure/idempotency.
  • Billing or invoice behavior changed — Regression test for invoice sync and balance calculations.

Required action

  • Add the missing regression or integration evidence before merge.
  • Rerun CodeAudit after adding the evidence.
Merge certificate
Certificate ID: cad-demo-42
Verdict: NEEDS_PROOF
Audit hash: d4e7f1fec9679913d7dd617a3d41b820...
No proof. No merge.

CodeAudit does not replace human review. It tells the reviewer when important behavior changed but the pull request does not include enough evidence to trust the change.

Back homeSee pricing