momentiq / Dark Factory
Service 04

Per-SHA Evidence Store

Every gate verdict is bound to a commit SHA + diff hash. Local and CI read from the same store. Stale evidence is refused. Every merge has a forensic trail.

The problem

Verdicts without SHA binding cross-contaminate.

Quality-gate verdicts that are written to filesystem paths without commit SHA binding can be stale, cross-contaminated, or simply read on the wrong commit. A passing verdict on one SHA gets picked up on another. A failing verdict on yesterday's branch is silently consulted on today's push.

We hit this bug ourselves: gate-push read a verdict from a path that didn't include the SHA. The fix generalized into a platform invariant: every verdict carries its SHA + diff hash, and read-paths refuse stale evidence.

How it works

SHA + diff-hash addressing under .git/agent-reviews/.

Evidence lives at .git/agent-reviews/quality-gates/<sha>/<gate>.json. Each entry includes the diff hash, the critic that produced it, the structured verdict, the findings list, and a timestamp. The gate read-path computes the current diff hash and refuses any evidence whose hash doesn't match.

The store is append-only by design. Supersession requires a new commit SHA — there's no "fix the verdict in place" pathway. Local CLI and hosted App write the same schema; a reproducibility test in CI runs the App's binary on its own PRs and asserts verdict equality with the local CLI. If they ever diverge, that's a P0.

  • Evidence path: .git/agent-reviews/quality-gates/<sha>/<gate>.json
  • Each entry carries diff_hash, critic_id, verdict, findings, timestamp
  • Gate read-paths refuse evidence whose diff_hash doesn't match the current diff
  • Append-only — supersession requires a new SHA; mutation is impossible
  • Schema is OSS — third-party gates can read + write to the same store
.git/agent-reviews/quality-gates/5d8e1a3/critic-orchestrator.json json 
{
  "sha": "5d8e1a3b4f9e2c8d1a0e6f7b3c2d4e5a6f7b8c9d",
  "diff_hash": "sha256:a1b2c3d4e5f6...",
  "gate": "critic-orchestrator",
  "ts": "2026-05-17T18:42:11.044Z",
  "policy_version": "1.4.0",
  "rebind_decision": "PASSTHROUGH",
  "critics": [
    { "id": "cursor-sdk",  "verdict": "APPROVED", "findings": [] },
    { "id": "codex-sdk",   "verdict": "APPROVED", "findings": [] },
    { "id": "gemini-sdk",  "verdict": "CHANGES_REQUESTED",
      "findings": [
        { "severity": "high",
          "path": "src/auth/session.ts",
          "line": 42,
          "rule": "session-token-storage",
          "msg": "Token stored in localStorage; use httpOnly cookie." }
      ] },
    { "id": "grok-direct", "verdict": "APPROVED", "findings": [] }
  ],
  "aggregate_verdict": "CHANGES_REQUESTED",
  "aggregate_rule": "min-complete-quorum",
  "evidence_uri": "git://.git/agent-reviews/quality-gates/5d8e1a3/critic-orchestrator.json"
}

Pricing relevance

The store is a platform invariant — every tier writes the same schema. Enterprise tier adds long-term archival (90+ days) and exportable compliance bundles.

Open-source posture

Schema is OSS-published (@momentiq/dark-factory-schemas). The local file-system store is OSS-default. The hosted multi-tenant store (App) stays closed.

Get Started

Forensic-grade verdicts for AI-authored code.

Every gate decision is bound to a specific SHA + diff hash. Local and CI agree on what passed and what didn't — by construction.

Request Early Access → See Pricing