wreckit

Bulletproof AI code verification.

The agent IS the engine. No external CI required. Spawns parallel verification workers that slop-scan, type-check, mutation-test, and cross-verify before shipping. Ship proof, not vibes.

$clawhub installwreckit
Install on ClawHubView on GitHub
14-gate verification
Signed proof bundles
Parallel workers
wreckit — verification pipeline

How it works

Three steps to verified code

01

Say what you want

Natural language to your OpenClaw agent: "Use wreckit to audit this project"

02

14 gates run

Slop scan, type check, SAST, mutation testing, dynamic analysis, and more — in parallel.

03

Get your verdict

Ship ✅, Caution ⚠️, or Blocked 🚫 — plus a signed proof bundle in .wreckit/

Modes

Four modes. One engine.

B

🟢BUILD

New project from PRD

Full pipeline for greenfield projects with verification guardrails from day one.

R

🟡REBUILD

Existing code + migration spec

BUILD + behavior capture + regression replay for safe migrations.

F

🔴FIX

Bug fix with proof

Fix, verify, prove nothing else broke. Signed evidence of safety.

A

🔵AUDIT

Verify existing code, no changes

Read-only analysis. Full gate suite. No modifications to your codebase.

Verification

14 gates. Each one earns trust.

0 gates+ proof bundle
01

AI Slop Scan

Detects placeholder code, template artifacts, empty stubs.

02

Type Check

tsc / mypy / cargo check / go vet — zero unresolved errors.

03

Ralph Loop

Adversarial builder-breaker loop pressure-tests logic.

04

Test Quality

Coverage depth, assertion density, and test structure scoring.

05

Mutation Kill

mutmut / Stryker / cargo-mutants — verifies tests catch regressions.

06

Cross-Verify

Independent agent corroborates the builder's claims.

07

Behavior Capture

Golden fixtures captured before rebuild/fix.

08

Regression

Byte-for-byte replay with LLM-as-judge diff approval.

09

SAST / Red Team

20+ vulnerability patterns, ReDoS analysis.

10

Dynamic Analysis

Memory leaks, race conditions, FD leaks at runtime.

11

Design Review

Dep graph, circular deps, coupling, god modules.

12

CI Integration

CI config detection and pipeline scoring.

13

Performance

Benchmark detection + regression vs captured baseline.

14

Proof Bundle

Writes .wreckit/proof.json, dashboard.json, decision.md.

Usage

Natural language. Real verification.

AUDIT

"Use wreckit to audit ~/Projects/myapp. Don't change anything."

BUILD

"Use wreckit to build a REST API from this PRD."

FIX

"Use wreckit to fix this bug. Prove nothing else breaks."

REBUILD

"Use wreckit to rebuild this codebase in TypeScript."

wreckit is an OpenClaw skill — you talk to your agent, it runs wreckit.

Chat Flow

Verification as conversation

You

Developer

Use wreckit to audit ~/Projects/checkout. Don't change anything.

Mode: AUDIT — read-only verification

wreckit

Verification Engine

Running 14 verification gates against ~/Projects/checkout. Stack detected: TypeScript / Next.js / Vitest.

14 gates queued

wreckit

Verification Engine

Mutation gate found one weak assertion cluster in checkout/payment.ts. Kill rate 71% — below 80% threshold.

Gate: Mutation Kill — CAUTION

wreckit

Verification Engine

Final verdict: CAUTION ⚠️. 13 gates passed, 1 below threshold. Proof bundle written to .wreckit/proof.json

Artifact: .wreckit/proof.json

Scripts

24 deterministic scripts

The heart of wreckit. Each script is a standalone gate — run them individually or let the orchestrator run the full pipeline.

run-all-gates.sh[path] [mode]

Full sequential pipeline with telemetry

slop-scan.sh[path]

Semantic slop detection — placeholders, stubs, dead code

type-check.sh[path]

tsc / mypy / cargo check / go vet

red-team.sh[path]

20+ SAST vulnerability patterns + ReDoS

mutation-test.sh[path]

mutmut / Stryker / cargo-mutants / AI fallback

proof-bundle.sh[path] [mode]

Corroborated verdict + .wreckit/ artifacts

dynamic-analysis.sh[path]

Memory leaks, race conditions, FD leaks

design-review.sh[path]

Dep graph, circular deps, coupling analysis

Proof bundle

Every run leaves a proof trail

Machine-verifiable evidence

wreckit writes a tamper-evident proof bundle in .wreckit/ with gate output, thresholds, and final verdict reasoning. Review exactly why a release was approved — or blocked.

.wreckit/

├── proof.json ← machine-readable verdict

├── dashboard.json ← external tooling schema

├── decision.md ← human-readable reasoning

└── raw/ ← raw script output per gate

VERIFIED
.wreckit/proof.json
SHIP
{
  "verdict": "SHIP",
  "run_id": "a3f8c2d1-9e4b-4a7c-b8f6-2d1e3a5c7b9d",
  "git_sha": "abc123f",
  "timestamp": "2026-03-20T04:22:11Z",
  "gates": {
    "slop_scan":    { "status": "PASS", "density": 1.2 },
    "type_check":   { "status": "PASS", "errors": 0 },
    "ralph_loop":   { "status": "PASS", "exploits": 0 },
    "test_quality": { "status": "PASS", "coverage": 92 },
    "mutation":     { "status": "PASS", "kill_rate": 94 },
    "cross_verify": { "status": "PASS", "oracle_agrees": true },
    "sast":         { "status": "PASS", "blockers": 0 },
    "dynamic":      { "status": "PASS", "leaks": 0 },
    "design":       { "status": "PASS", "circular_deps": 0 },
    "red_team":     { "status": "PASS", "blockers": 0 }
  }
}

Verdicts

Three outcomes. No ambiguity.

SHIP

All gates passed. Evidence thresholds satisfied. Safe to deploy.

⚠️

CAUTION

Some gates flagged risk. Review the proof bundle before promoting.

🚫

BLOCKED

Critical issues detected. Release should not proceed.

Get started

Install in one command

# Via ClawHub (recommended)

$ clawhub install wreckit

# Then use it:

"Use wreckit to audit ~/Projects/myapp"

Install on ClawHubView on GitHub