IBM Bob Hackathon 2026

Verdict

CodeRabbit reviews the diff. Verdict reviews the decision.

A pre-merge review tool that connects what's changing now to what broke before — and refuses to let history repeat itself.

Try the live demo Source on GitHub

6custom modes

5bob skills

3mcp tools

7sessions exported

verdict /analyze · github.com/Yashash4/fastapi-tokenauth/pull/1

LIVE

$verdict --pr https://github.com/Yashash4/fastapi-tokenauth/pull/1

Running 6-layer pipeline · 3 MCP tools · cross-layer match enabled

▸initializing...

The output that wins

One sentence, no other PR tool can produce.

When a surviving mutation targets the same file and line as a past production incident, Verdict fires the killer line. CodeRabbit can't see this. Copilot Review can't see this. Sourcery can't see this. They're diff-bound.

Cross-Layer Match Found

Surviving mutation M-1 is the same code path that caused INC-2024-0431

file auth/tokens.py:13 · line distance 0 · verdict 🔴 DO NOT MERGE

Temporal analysis

Mines git history for incident patterns (fix:, hotfix:, revert:, INC-).

Dynamic analysis

Mutation testing finds the test gaps your suite is missing.

Cross-layer synthesis

Joins mutations to incidents by file + line proximity.

How it works

Six layers. One verdict.

Each layer is a Bob custom mode that emits structured JSON. The next layer reads it. The Python harness orchestrates the chain via Bob Shell.

01verdict-semantic

what changed in meaning, not just lines

02verdict-blast

what else in the repo depends on this change

03verdict-mutation

which test gaps survive mutation testing

04verdict-incident

what broke here before — git log + INCIDENTS.md

05verdict-questions

exactly three specific risk questions

06verdict-synthesis

one comment, with the cross-layer killer line

See the full architecture

MCP integration

Three tools. One that matters most.

Verdict ships a FastMCP server with three tools. Bob calls them mid-analysis. The third is the one that fires the killer line.

get_git_history

Retrieves git commit history for a file

find_incident_commits

Mines INCIDENTS.md and git log for incidents

find_cross_layer_match

Matches mutations to incidents — the killer line fires here

Bob sessions

Bob planned it. Bob built it. Bob runs it.

Seven exported Bob task sessions. Every step traceable. Every line of code with a Bob receipt.

planningBob architected Verdict before any code existed

initBob generated AGENTS.md for the project

mcp-serverBob built the MCP server, harness, CLI, MCP config

harness-hardeningBob hardened JSON parsing, retry logic, cross-layer pre-compute

live-analysisFull pipeline on a real PR. Killer line fires.

docsBob wrote README, KILLER_LINE.md, LICENSE, demo artifact

dashboardBob built this Next.js dashboard

See full session details

Why this matters

Production incidents have a memory.
Reviewers don't.

Every team has an INC-2024-0431 — the incident that took down auth for 187 minutes. Three months later, someone touches the same code path again. The reviewer doesn't remember. The tests pass. The PR merges.

Verdict remembers. And it tells you, before you click merge.

See it fire on a real PR.

The live demo runs the full 6-layer pipeline on github.com/Yashash4/fastapi-tokenauth/pull/1 and produces the killer line.

Run the demo See the architecture