← Index

Proof you can pip install.

Not a client story — the referee itself. The deterministic bar this practice runs on, extracted from the engine it guards and published where anyone can install it.

ToolingVerificationOpen source
Duration · Published July 2026

371,280

cases re-proven in public CI

Sweep-grid plate — a field of hairline cells with copper skip cells and one ink cell reading "pip install snapgate", under the headline "371,280 cases".
— Sweep-grid plate — a field of hairline cells with copper skip cells and one ink cell reading "pip install snapgate", under the headline "371,280 cases".

— The Brief

Generative code is easy to demo and hard to trust. The practice's guitar engine carries a hard invariant — every generated note in scale, always — but its harness was private, and a private proof persuades nobody.

— Diagnosis

Extract the referee, not the engine. The proving pattern — one projection chokepoint, one recipe hash, one exhaustive sweep — is domain-agnostic. Strip the music out, publish the harness, and let the private engine re-prove itself through the public package.

— How I Read It

First-person · operator's note

The engine is the moat and stays home. But the thing that makes it trustworthy — the referee — is generic, and a referee is more credible when anyone can read its rulebook. So the rulebook went public, and the engine now answers to a package you can install.

— The Build

01 · Projection chokepoint

Generators are allowed to be sloppy. Every artifact passes one total projection at a single emission point — holding a Projected value IS the proof it crossed. Nothing else in the system can construct one.

02 · Recipe ledger

An artifact's identity is the content-hash of the recipe that produced it. The ledger stores recipes, never artifacts — recall re-generates and verifies the hash, so a good result can never be lost.

03 · The parity contract

The private engine re-proves its in-scale invariant through the released package in public CI: 371,280 cases, two independent harnesses, identical counts or the build fails. Zero leaks since publication.

— Artifacts Delivered

  1. 01snapgate 0.1.0 on PyPI (Apache-2.0, zero dependencies)
  2. 02SPEC.md — the contract, written before the code
  3. 03Public CI: exhaustive sweeps on the bundled examples, every push
  4. 04Private parity job: the engine versus the package, 371,280 cases

— Outcome

The bar the practice claims is now independently checkable: pip install snapgate, read the spec, watch the CI. The engine it came from stays private; its referee answers in public.

— Receipts

  • 371,280cases swept, fail-closed
  • 0leaks across two independent harnesses
  • 0runtime dependencies

"The engine stays home. The referee answers in public."