We ran verify on ourselves.
Refactron changed. The product, the site, the pitch: all of it. When a change this big lands, there is only one honest thing a verification company can do with it. Run the gate.
The pivot landed atomically, on green. This page is the signed record of why it was safe.
What we were building
Refactron started as an AI refactoring tool. Point it at your codebase and it would author the changes teams put off for years: framework migrations, API upgrades, the SQLAlchemy 1 to 2 kind of work nobody volunteers for. It worked, and it authored real migrations across real codebases.
What we watched happen
While we were building it, the ground moved. Coding agents got genuinely good. Cursor, Claude Code, Copilot: suddenly everyone had a tool that produces a plausible diff in seconds. Generating the change stopped being the hard part. And in our own migrations we had learned exactly where the hours actually went: not writing the diff, but proving it did not silently break behavior. Roughly a quarter of AI-generated codemods are wrong in ways that compile fine and pass a glance. The failure mode of this era is not broken builds. It is confident, wrong code, merged.
The realization
The most valuable thing we had built was never the part that wrote code. It was the gate we had built to trust our own output: the isolated shadow tree, the blast-radius scoping, the coverage check, the verdict that refused to say SAFE when the changed lines were never exercised. Every team we talked to had the same question, and it was never “can you write this change?” It was “how do I know this change is safe?”
So we kept the gate and made it the product. Refactron is now the verification layer for AI code change: point it at any diff, your agent's, a codemod's, or your own, and it proves behavior was preserved, with a signed, reproducible record of why.
What this means if you use Refactron
Migration mode stays, and stays live: we still author and verify the scary migrations, because they are the hardest test of the gate. What is new is that the gate itself is the interface: a CLI you can run on any diff today, and an MCP server and CI gate being built in the open, so your agent can check its own work before it lands.
Same mission. Same team. New surface. Behavior preserved, and now you can hold us to that the same way we hold every diff to it.
Verify your agent's PRs
before anyone else.
The MCP server and CI gate are being built in the open. Join as a design partner and shape the trust layer your team will run.
No spam, just the verification layer, early. By joining you agree to our Privacy Policy.