Production contracts
A production contract is a declarative rule about application state that must hold in production. ProdVerdict evaluates contracts deterministically and returns pass, warn, or fail with structured findings.
Examples
| Contract | Invariant |
|---|---|
| Access | Paying Stripe customers have has_paid_access = true in your DB |
| Config | Every process.env.FOO in code appears in .env.example and CI |
| Migration | No CREATE INDEX without CONCURRENTLY on large tables |
| Boundary | API handlers must not accept is_admin or return password_hash |
| Webhook | Stripe handlers verify signatures and use idempotency keys |
| Restore | Backup and restore commands complete successfully in CI |
Why contracts, not AI review?
AI coding tools increase velocity but not trust in production invariants. Tests mock Stripe and Postgres; linters do not compare live billing to your database. ProdVerdict fills that gap with explicit, repeatable rules agents and CI can call before merge.
One engine, three surfaces
The same runContracts() dispatcher powers:
- CLI —
npx prodverdict check(single contract orall) - GitHub Action — PR comments + required checks (
contract: all) - MCP — local (all contracts) and remote (config, migration, boundary, webhook via GitHub)
Severity and verdict
| Findings | Verdict | Typical CI behavior |
|---|---|---|
Any high | fail | Block merge |
Only medium / low | warn | Pass (use --strict to fail) |
| None | pass | Green |
See Finding shape.