Verify any backtest. Hand over a (strategy, data, claimed report) triple and
get a deterministic verdict — confirmed or refuted — that anyone can recompute in
ten languages.
Part of the Wickra ecosystem. Built on the same deterministic backtest engine and ten-language binding surface as wickra-backtest, wickra-proof and the rest.
wickra-verify takes a claim — a strategy spec, the candle data it was run
over, and the BacktestReport someone says that run produced — and recomputes
the report with the pinned wickra-backtest
engine. It then compares the claimed report against the fresh one, field by
field, within an explicit tolerance, and returns a verdict: matches: true
if every metric agrees, or a stable, sorted list of the exact mismatches if not.
It is a free anti-fraud tool against doctored backtests — not a hosted service, not a SaaS, not a backend. A CLI plus ten language bindings, and an optional static in-browser WASM demo. Nothing you submit ever leaves your machine.
- Recompute, never trust — the verdict comes from re-running the backtest, not from comparing two supplied numbers. A fudged Sharpe, an inflated PnL, a quietly-changed parameter all surface as a concrete mismatch.
- Explicit tolerance — floats are compared within a fixed
atol + rtol·max(|a|,|b|)tolerance (thenumpy.allcloserule), never bitwise, so legitimate last-ULP noise never causes a false refutal. - Stable, sorted mismatches — the mismatch list is ordered by field, so the verdict is byte-identical across all ten languages.
- Canonical hashes — every verdict carries the blake3 hashes of the claimed
report, the recomputed report and the full inputs, under the same
canonicalization
wickra-proofuses; a verdict'sinputs_hashequals the proof hash of the same inputs.
Pre-release — functionally complete, CI-verified, not yet published. The core, the CLI, all ten language bindings, the byte-exact golden corpus, the property + fuzz suites, the benchmarks and one runnable example per language are built and green across Linux, macOS and Windows. Packages are not yet on the registries. Track progress in ROADMAP.md.
docs/ARCHITECTURE.md— how the pieces fit together.docs/CLAIM_FORMAT.md— theClaimand its embeddedStrategySpec/BacktestReport.docs/VERDICT.md— theVerdict, mismatches and tolerance.docs/CANONICALIZATION.md— the hashing contract shared with wickra-proof.docs/DETERMINISM.md— why the verdict is identical everywhere.docs/Cookbook.md— recipes, including "gate a claim in CI: exit 2 = fraud".
# Verify a claim: recompute the report and compare it, field by field.
# --claim is a JSON/TOML Claim; --data a CSV or a directory of <SYMBOL>.csv files
# (omit --data when the claim carries its candles inline).
cargo run -p wickra-verify -- \
--claim examples/data/claims/fudged.json \
--data examples/data/candles
# Exit 0 = verified, 2 = refuted (CI-friendly), 1 = error.
# --explain renders the mismatches and forces exit 0.The example claim inflates fees_paid, so the verdict is refuted and names
the fees_paid mismatch — a fabricated number cannot pass a recomputation.
A claim is the assertion to be checked — "this strategy on this data produced this report":
strategy— the embeddedwickra-backtestStrategySpec(indicators, entry/exit rules, sizing, costs, risk).dataset_ref— where the candles come from:inline(embedded per symbol, fully self-contained) orfiles(named symbols resolved out of band).claimed_report— theBacktestReportthe claimant asserts this run produced. Untrusted: verification recomputes and compares, so a doctoredclaimed_reportcannot pass.
Full schema in docs/CLAIM_FORMAT.md.
verify returns a Verdict:
matches—trueiff every compared field agrees within tolerance.mismatches— a field-sorted list of{field, claimed, actual, delta}.claimed_report_hash/actual_report_hash/inputs_hash— 64-hex blake3 digests over the canonical forms.engine_version— thewickra-backtestversion the verdict was reached under.
Two floats count as equal when |a − b| ≤ atol + rtol·max(|a|,|b|), with tight
defaults (atol = 1e-9, rtol = 1e-6) that absorb last-bit float noise and
nothing more. See docs/VERDICT.md.
The hashes are only as trustworthy as the serialization they run over, so
canonicalization is byte-for-byte the contract
wickra-proof uses (see
crates/verify-core/src/canon.rs): keys
sorted by code point, no structural whitespace, floats quantized to 1e-8 with
trailing zeros trimmed and whole values collapsed to integers, no NaN/±inf.
blake3 over that canonical string yields each 64-hex hash. A verdict's
inputs_hash therefore equals the wickra-proof hash of the same inputs — the two
products share one determinism moat. See
docs/CANONICALIZATION.md.
Because a refuted claim exits 2, verification drops straight into a pipeline:
# Fails the job (exit 2) if the committed report does not match a fresh run.
wickra-verify --claim claim.json --data candles/Wire this into a strategy repo's CI and a doctored claimed_report can never be
merged — the recomputation is the gate. Recipes in
docs/Cookbook.md.
The core is a JSON-over-C-ABI data API (Verifier::command) exposed natively in
Rust, Python, Node.js and WASM, and over the C ABI hub in C, C++, C#, Go, Java
and R. Every binding drives the same verify / explain / canonicalize /
version commands and returns the core's canonical response verbatim; the
cross-language golden tests assert byte-for-byte equality. One runnable example
per language lives under examples/; per-binding quickstarts are in
each bindings/<lang>/README.md.
| Language | Binding | Package |
|---|---|---|
| Rust | verify-core (native) |
crates.io |
| Python | PyO3 (native) | PyPI |
| Node.js | napi (native) | npm |
| WASM | wasm-bindgen (native) | npm |
| C / C++ | C ABI | header + library |
| C# | C ABI (P/Invoke) | NuGet |
| Go | C ABI (cgo) | Go module |
| Java | C ABI (FFM/Panama) | Maven |
| R | C ABI (.Call) |
R-universe |
crates/verify-core the library: claim + compare + canonicalize + verify
crates/wickra-verify-cli reference CLI (verify), binary `wickra-verify`
crates/verify-bench Criterion benchmarks
bindings/{c,python,node,wasm,go,csharp,java,r} ten-language surface
golden/ fixed claims -> expected verdicts (byte-exact)
examples/ runnable per-language demos + static web demo
fuzz/ cargo-fuzz targets (claim parse, compare, canonicalize, verify)
cargo build --workspace
cargo test --workspace --all-featuresEach binding builds with its own toolchain; see bindings/<lang>/README.md. The
C-ABI consumers (C/C++, C#, Go, Java, R) need the C ABI library first:
cargo build --release -p wickra-verify-c.
Rust 1.86 (workspace) / 1.88 (Node binding). Per-binding toolchains: Python 3.9+, Node.js 22+, .NET 8, JDK 22+, Go 1.23+, R release, and a C11/C++14 compiler with CMake for the C example.
Criterion benchmarks for verify, compare and canonicalize live in
crates/verify-bench; numbers and methodology are in
BENCHMARKS.md.
See CONTRIBUTING.md and the Code of Conduct. Every change runs the full CI matrix (all ten languages × three OSes) plus CodeQL, Scorecard and zizmor.
Report vulnerabilities per SECURITY.md. The threat model is in THREAT_MODEL.md.
Dual-licensed under either MIT or Apache-2.0, at your option.
wickra-verify is research and engineering tooling, not financial advice. A
verdict attests only that a claimed report is (or is not) the deterministic
result of a given strategy over given data — it makes no claim about the quality,
profitability or future performance of any strategy, nor about whether the data
itself is genuine. Trading carries risk; you are responsible for your own
decisions. wickra-verify is free software you run yourself: no hosted service,
no data collection, no warranty.
