The Oracle for AI-written Python · est. 2026
Your agent just shipped a patch. The Oracle sees what is actually in it — every byte that moved, every test outcome the Docker container returns, every prior exemplar it resembles. You get to know what is happening inside your own codebase, in the present, before you decide what ships next. Thirteen instruments to see with. The signed verdict is the receipt that you knew.
The burning problem
The agent shipped. The tests are green. And you have no way of seeing what really changed — what bytes moved, what state mutated, which past failure mode this resembles. The not-knowing has become the default; most teams have accepted it as the cost of moving fast. The Oracle lets you see the present. Once you see, you can shape what ships next — and prove to anyone downstream (auditor, insurer, board, customer) that you knew, in the moment, what was real.
How the Oracle works · three movements
Closest-historical-exemplar lookup over an accepted label registry. On the Fail-row holdout, exemplar agreement = 1.0 across 113/114 rows. You don't get "the AI is uncertain." You get a named failure mode and a precedent it resembles.
Per-instance python -m swebench.harness.run_evaluation in a sealed container. The report.json is the present, made legible. Not a model judging itself — the world judging the patch.
Every verdict appends to a chain only the public key can read. Anyone — your auditor, your insurer, your future self — can replay offline in ~30 seconds and confirm what you saw. You decide what ships next. The chain is the proof you decided knowingly.
Why the Oracle can see
The predictor is not an LLM, not a fine-tune, not a wrapper. The voice that wrote the patch is not the voice that reads it. Two circuits — one to speak, one to see.
Externally-defined, deterministic, immutable. AST diffs, data-flow, type graphs, Docker outcomes, chain hashes. The instruments read bytes; bytes do not lie.
SWE-bench Lite, 300 × 8 mutation cells = 2,400 Python instances. The Docker container runs. The world returns its verdict. Nothing in between is interpreting anything.
ed25519 + SHAKE-256. The chain is portable, offline-verifiable, forever. You do not have to trust Mejepa to confirm what Mejepa saw — the public key is enough.
The ship-gate · live
We measure the same number every week on the same 8-of-30 holdout from the SWE-bench Lite 300 × 8 corpus. Until Panel A holds at 0.95 stable across 4 rolling windows — and Panel B (cross-panel, non-overlapping encoders) clears its first measurement — Mejepa stays pre-production. There is no "soon." The gate fires when the number fires.
Who Mejepa is for
SOC 2, customer RFP, or cyber-insurance rider asks "how do you know the AI got this right?" Mejepa is the only honest answer today.
Claude Code · Cursor · Windsurf · Cline · Continue · Replit need a verifier their enterprise buyers will accept. 57 mejepa_* MCP tools embedable today.
Roadmap rungs that build on the witness chain substrate but are not sold today.
Fenced beyond rung n+1. Not sold today.
Mejepa today is a Python code-reality predictor with a domain-agnostic signed witness chain. Everything beyond Python code is roadmap, fenced honestly — see the opportunity ladder.
Pick a real SWE-bench Lite scenario. The Oracle returns the same shape the production predictor returns — Pass / Fail / Abstain, named failure mode, closest exemplar, signed packet. Copy the packet out and replay it offline with the public key. The present is something you can actually read.
Consult the Oracle →