{"id":51451438,"url":"https://github.com/orionarchitekton/algorithm-reviews","last_synced_at":"2026-07-05T21:01:34.177Z","repository":{"id":363422482,"uuid":"1261804743","full_name":"OrionArchitekton/algorithm-reviews","owner":"OrionArchitekton","description":"Governed AI agent that fact-checks claims against the live web and ships a cryptographically signed, verifiable review receipt. Built for DeveloperWeek NY 2026.","archived":false,"fork":false,"pushed_at":"2026-06-23T20:32:45.000Z","size":1764,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-23T22:23:40.296Z","etag":null,"topics":["ai-agent","anthropic","fact-checking","hackathon","nextjs","nimble","vercel"],"latest_commit_sha":null,"homepage":"https://algorithm-reviews.vercel.app","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OrionArchitekton.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-06-07T07:05:45.000Z","updated_at":"2026-06-23T20:33:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/OrionArchitekton/algorithm-reviews","commit_stats":null,"previous_names":["orionarchitekton/algorithm-reviews"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/OrionArchitekton/algorithm-reviews","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OrionArchitekton%2Falgorithm-reviews","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OrionArchitekton%2Falgorithm-reviews/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OrionArchitekton%2Falgorithm-reviews/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OrionArchitekton%2Falgorithm-reviews/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OrionArchitekton","download_url":"https://codeload.github.com/OrionArchitekton/algorithm-reviews/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OrionArchitekton%2Falgorithm-reviews/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35168795,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-05T02:00:06.290Z","response_time":100,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agent","anthropic","fact-checking","hackathon","nextjs","nimble","vercel"],"created_at":"2026-07-05T21:01:32.958Z","updated_at":"2026-07-05T21:01:34.160Z","avatar_url":"https://github.com/OrionArchitekton.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# algorithm.reviews — The Agent Trust Layer\n\n![TypeScript](https://img.shields.io/badge/TypeScript-1a1a1a?style=flat\u0026logo=typescript\u0026logoColor=3178C6)\n\n**An algorithm that reviews — and whose reviewing is itself reviewable.**\n\nLive: \u003chttps://algorithm-reviews.vercel.app\u003e · Try it with zero setup at\n[`/demo/claude-context`](https://algorithm-reviews.vercel.app/demo/claude-context).\n\nPaste a claim, a \"best X of 2026\" listicle, a vendor pitch, or a URL. A *governed*\nagent fans out across the **live web**, decides which sources are **admissible**\n(fail-closed), forms a verdict grounded only in admitted evidence, and ships a\n**signed review receipt** — verdict, per-claim confidence, timestamped citations,\ndissent, and an **ECDSA signature** anyone can verify. You watch every\n**admit / reject** decision stream in real time.\n\nBuilt for the **DeveloperWeek New York 2026 Hackathon**. One project, three\nchallenges: **Overall**, **Nimble** (live web), **name.com Domain Roulette**\n(`algorithm.reviews`).\n\n---\n\n## Screenshots\n\nA live review — the signed receipt plus the streaming admit/reject governance trace:\n\n![Live review with signed receipt and governance trace](docs/screenshots/algorithm-reviews-02-review.png)\n\nTamper-evidence — flip one field and the ECDSA signature fails at `/verify`:\n\n![Receipt verification fails after tampering](docs/screenshots/algorithm-reviews-04-verify-tampered.png)\n\n---\n\n## Why it exists\n\nAI answers and online reviews are **unauditable**: you can't tell a grounded\nverdict from a hallucinated one, sources are stale or fabricated, and \"AI\nfact-checkers\" are themselves black boxes. Buyers, journalists, compliance, and\ndue-diligence teams need a verdict they can **defend** — a citation trail and a\ntimestamp, not a vibe.\n\nalgorithm.reviews is a **two-plane architecture** compressed into one legible\nproduct:\n\n- **Execution plane** — searches and extracts live web evidence.\n- **Governance plane** — decides what evidence is *admissible* (fail-closed),\n  adjudicates the verdict, and signs the receipt.\n\nThe governance is the spectacle: you see, live, which sources were **admitted\n(green)** and **rejected (red)**, and *why*.\n\n## How it works\n\n```text\nInput → [decompose into atomic claims]\n      → [search the live web]                          (execution plane)\n      → [ADMIT / REJECT each source, fail-closed]       (governance plane)  ◀ the differentiator\n      → [extract admitted sources]\n      → [verify + dissent in one pass]                  (governance plane)\n      → [signed review receipt + ECDSA signature]\n```\n\n- **Fail-closed:** a claim with no admissible evidence resolves to\n  **\"unverifiable\"**, never \"false\". Absence of proof ≠ proof of absence.\n- **Hard caps in code** (≤3 claims, ≤2 queries/claim, ≤8 extracts, concurrency 2)\n  keep every run inside web-provider rate limits and the serverless function\n  budget. See [`lib/agent/caps.ts`](./lib/agent/caps.ts).\n- **Deterministic, signed receipts:** the signature covers a canonical payload\n  that *excludes* volatile fields (timestamps, ordering), so re-running only\n  changes the signature when the **evidence** changes. Tamper with a verdict or a\n  quote and verification fails — try it at `/verify`.\n\n## What's working today\n\nEvery feature below is live at the deployed URL and demoable with no keys.\n\n- **Streaming governed review** — `POST /api/review` runs the full pipeline and\n  streams `application/x-ndjson`, so the UI renders each admit/reject decision as\n  it happens (`X-Accel-Buffering: no` defeats CDN buffering on Vercel).\n- **Signed receipts + public verification** — `GET /api/pubkey` publishes the\n  ECDSA P-256 public key; `POST /api/verify` (and the `/verify` page) recompute\n  the canonical payload and check the signature. Tamper detection is exercised by\n  the test suite.\n- **Offline demo fixtures** — `/demo/claude-context`, `/demo/nimble-best`,\n  `/demo/link-rot` force the mock provider and mock model (zero network), so they\n  can never rate-limit or 500 on stage.\n- **Keyless live web** — when `NIMBLE_API_KEY` is absent, search falls back to the\n  Wikipedia API first (real, keyless, reachable from a datacenter IP), then Jina\n  (with key) or DuckDuckGo HTML. Live reviews work from a fresh clone.\n- **Zero-key build/test/demo** — the model layer resolves Anthropic key → Vercel\n  AI Gateway (OIDC) → deterministic mock, so the app builds and tests with no\n  secrets.\n\n## Known limitations\n\n- **Caps are tight on purpose.** A run is bounded to ≤3 claims and ≤8 total\n  extractions to stay inside the serverless budget and provider rate limits, so a\n  long listicle is sampled, not exhaustively checked.\n- **Keyless web is best-effort.** Without a Nimble key, breadth depends on\n  Wikipedia + DuckDuckGo HTML scraping, which is thinner and can be flaky for\n  niche claims. Nimble is the primary provider for full coverage.\n- **Single signing key per deployment.** With no `RECEIPT_SIGNING_JWK`, an\n  ephemeral key is generated per process; cross-instance verification requires a\n  stable key (`node scripts/gen-key.mjs`).\n- **No CI workflow and no license file yet** — see [Repo notes](#repo-notes).\n\n## Stack\n\nNext.js 16 (App Router) · React 19 · Tailwind v4 · TypeScript · Vercel AI SDK 6 ·\nAnthropic Claude (Opus for adjudication, Haiku for classification) · Nimble live\nweb · Web Crypto ECDSA P-256 · Vitest · deployed on Vercel.\n\nThe **web layer** is a swappable `WebProvider`: Nimble primary, keyless\nWikipedia/Jina/DuckDuckGo fallback, and a deterministic mock — so the app builds,\ntests, and demos offline, and degrades gracefully on stage instead of\nhard-failing.\n\nThe **model layer** resolves `Anthropic key → Vercel AI Gateway (OIDC) → mock`,\nso it runs with zero keys (mock) and goes fully live the instant a key or the\ngateway is available — no code change.\n\n## Run it\n\n```bash\nnpm install\ncp .env.example .env.local      # optional — works with no keys (mock mode)\nnpm run dev                     # http://localhost:3000\n```\n\nOffline demo fixtures (zero external calls, guaranteed): `/demo/claude-context`,\n`/demo/nimble-best`, `/demo/link-rot`.\n\n### Quality gates\n\n```bash\nnpm run typecheck   # tsc --noEmit\nnpm run lint        # eslint\nnpm test            # vitest — 19 tests across governance, canonicalization/signing, reducer\nnpm run build       # next build\n```\n\nThe 19 tests cover the admissibility policy (including the stale-but-high-authority\noverride and fail-closed-on-no-content), receipt signing / tamper detection /\ndeterminism, and the UI state reducer.\n\n### Environment\n\nSee [`.env.example`](./.env.example). Nothing is required (mock mode). For live\nruns:\n\n| Variable | Purpose |\n|---|---|\n| `NIMBLE_API_KEY` | Primary live-web provider (5,000 free credits). Optional — keyless fallback works without it. |\n| `ANTHROPIC_API_KEY` | Direct Claude access. Optional if the Vercel AI Gateway is available. |\n| `AI_GATEWAY_API_KEY` | Local live runs through the AI Gateway (automatic in production on Vercel via OIDC). |\n| `JINA_API_KEY` | Optional — enables `s.jina.ai` search in the keyless fallback. |\n| `RECEIPT_SIGNING_JWK` | Stable ECDSA P-256 signing key for cross-instance verification. Generate with `node scripts/gen-key.mjs`. |\n| `MODEL_MODE` | `auto` \\| `live` \\| `mock` — override model resolution. |\n| `WEB_PROVIDER` | `auto` \\| `nimble` \\| `jina` \\| `mock` — override web provider selection. |\n\nNever commit real values; `.env.local` is gitignored.\n\n## API\n\n| Endpoint | Method | Description |\n|---|---|---|\n| `/api/review` | POST | Runs the governed pipeline, streams `application/x-ndjson` events (`{ input: string }` body). |\n| `/api/verify` | POST | Recomputes the canonical payload and verifies a receipt's ECDSA signature. |\n| `/api/pubkey` | GET | Returns the published ECDSA P-256 public key (JWK). |\n\n## Verify a receipt yourself\n\nEvery receipt is signed with ECDSA P-256. The public key is published at\n`/api/pubkey`. `POST /api/verify` (or the `/verify` page) recomputes the\ncanonical payload and checks the signature. Change one character → it fails.\n\n## Project structure\n\n```text\napp/        Next.js App Router — pages (/, /verify, /demo/[id]) + API routes\ncomponents/ React UI for the review console and receipt rendering\nlib/agent/  pipeline, governance policy, caps, model resolution\nlib/web/    swappable WebProvider (nimble, jina, mock) + fallback wiring\nlib/receipt/ canonicalization + ECDSA signing/verification\nlib/fixtures/ offline demo inputs\nscripts/    gen-key.mjs — ECDSA signing key generator\ntests/      vitest suites (governance, receipt, reducer)\ndocs/       DESIGN.md and screenshots\n```\n\n## Deploy\n\nDeployed on Vercel from this repo. The model layer uses the Vercel AI Gateway via\nOIDC in production (no raw Anthropic key required), and the review route sets\n`maxDuration = 300` for the multi-step agent.\n\n## Design\n\nThe full design doc, including the adversarial review that shaped it, is in\n[`docs/DESIGN.md`](./docs/DESIGN.md).\n\n## Repo notes\n\nNo `LICENSE` file is present yet, so reuse terms are unspecified — add one before\ntreating this as open source. There is no CI workflow; the quality gates above are\nrun locally (`npm test`, `npm run typecheck`, `npm run lint`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forionarchitekton%2Falgorithm-reviews","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Forionarchitekton%2Falgorithm-reviews","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forionarchitekton%2Falgorithm-reviews/lists"}