Reproducibility CI gate
Open science is only open if anyone can check it. Zeq makes a result verifiable; this turns that into a CI primitive — a gate that fails a build, a paper's pipeline, or a fork's deploy when the physics stops reproducing.
Live badge
Every node renders its own conformance status as an embeddable SVG, updated every ~386 Zeqonds:
Drop it in a README or a paper's repo so anyone can see, at a glance, that the node
still computes the reference physics — green passing N/N, red failing M/N on drift:
[](https://zeqsdk.com/api/zeq/conformance)
Point it at any fork by swapping the origin. There's also a
Shields endpoint at /api/zeq/conformance/badge.json
({ schemaVersion, label, message, color }) if you prefer Shields' renderer.
The runner
zeq-ci.mjs is zero-dependency (Node ≥18 built-ins only), zero-secret, and
zero-Zeq-code. Every node serves it; read it before you run it.
curl -fsSL https://zeqsdk.com/zeq-ci.mjs -o zeq-ci.mjs # or any Zeq origin
node zeq-ci.mjs gate --origin https://zeqsdk.com
Three modes
node zeq-ci.mjs conformance [--origin URL] [--json]
node zeq-ci.mjs verify <envelope.json> [--origin URL] [--json]
node zeq-ci.mjs gate [--origin URL] [--json]
| Mode | What it asserts | Exit |
|---|---|---|
conformance | The node proves it computes the content-addressed golden corpus bit-for-bit (GET /api/zeq/conformance, ok=true, every vector matched). No key needed. | 0 pass · 1 fail |
verify | A signed result envelope: the node's Ed25519 signature over the canonical claim, that the claim pins a registry generation, a tamper check (a perturbed claim must be rejected), and — for operators the runner knows — an independent recompute from CODATA constants, bit-for-bit. No trust in the node. | 0 pass · 1 fail |
gate | The full pipeline check: conformance plus a fresh signed compute (QM5 particle-in-a-box and GR37 Schwarzschild radius) that is signature-verified, tamper-checked, and independently recomputed. The single command to drop in CI. | 0 pass · 1 fail |
It is not theater: tamper one byte of a claim and verify fails; point conformance
at a non-Zeq origin and it exits non-zero. The recompute uses CODATA constants
embedded in the script — no Zeq code in the loop.
In GitHub Actions
A self-hosted composite action ships in the repo. It downloads the verifier from the origin it's gating (no marketplace dependency) and runs it:
# .github/workflows/zeq-gate.yml
name: Zeq reproducibility gate
on: [push, pull_request]
jobs:
gate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hulyasmath/zeq-framework/.github/actions/zeq-ci@main
with:
origin: https://zeqsdk.com
mode: gate
To gate a published result you committed to your repo:
- uses: hulyasmath/zeq-framework/.github/actions/zeq-ci@main
with:
mode: verify
envelope: results/my-computation.json
origin: https://zeqsdk.com
When it runs under Actions the gate emits ::error:: / ::notice:: annotations and
writes a table to the job summary, so a red X on the PR means the physics drifted.
Without GitHub
It's just Node — wire it into any CI (GitLab, CircleCI, a Makefile, a cron):
node zeq-ci.mjs gate --json > zeq-gate.json || exit 1
The --json output is { origin, command, ok, failures, checks[] } — parse it
however your pipeline likes.
Why this matters
A paper that cites a Zeq computation can carry, in its own repository, a gate that re-checks the result on every commit — against any node, with no shared secret. If a fork ever drifts from the reference physics, the gate goes red. That is reproducibility you can automate, which is the only kind that survives contact with a real research group.
See next
- Verify anything — the manual walk-through the gate automates
- Precision & proof — what makes a result verifiable in the first place
- Conformance API — the endpoint
conformancemode calls
Source: served per-node at /zeq-ci.mjs (canonical copy in apps/zeq-dev/public/zeq-ci.mjs); the Action at .github/actions/zeq-ci/.