Can You Tell Which Code Is Real?
AI code generators sometimes produce functions that look correct but silently ignore their inputs. Both paths below return the same output. One reads from a database. The other fakes it.
# Reads from actual database def getOrders(db: IO[Database]) -> IO[List[String]]: match db: case connection: connection.query("SELECT * FROM orders")
# Ignores database entirely def getOrders(db: IO[Database]) -> List[String]: ["Order-001", "Order-002", "Order-003"]
db is ignored and the output is hardcoded.Yichus Can Tell
Yichus tracks provenance through the compiler. Every value carries metadata about where it came from: which inputs flowed into it, whether it passed through IO, and whether its ancestry is dominated by literals.
db parameter is declared but never referenced in the output derivation.How Provenance Detection Works
Yichus is built on Bosatsu, a total functional language. Because Bosatsu programs are purely functional, the compiler can statically trace how every output value was derived from its inputs.
The DerivationAnalyzer walks the typed intermediate representation and builds a dependency graph for each expression. It tracks whether values flowed through IO operations, whether function parameters were actually used, and whether the output depends on literals alone.
This analysis happens at compile time — no runtime instrumentation needed. When AI-generated code silently drops inputs and substitutes hardcoded values, the provenance graph reveals the break in the data flow.
Try It Yourself
The interactive demo uses Yichus state to toggle between the two code paths and display their provenance signals.