How we verify

It is architecturally impossible for CodexMachina to serve an unverified snippet. Every page reads pre-verified, pre-rendered text from our matrix database — nothing is composed or checked when you load the page. The checking happens ahead of time, per stack:

Per-artifact verification

• Initialization code— type-checked against the actual installed SDK versions (e.g. Next.js, Better Auth, Drizzle). If an API doesn't match the current release, it fails and we fix it before it ships.
• Migration schema — applied to a disposable Postgres database; we assert the tables actually materialize.
• Connection & pooling — exercised against a real pooled (PgBouncer transaction-mode) endpoint.

Two freshness signals

A verified config can go stale two ways: our own fragment code changes (tracked by content hash), or an upstream package ships a new version under static code (tracked by version). We watch both — version-checking alone is blind to the first, hash-checking alone to the second — and re-verify when either moves. That maintenance is the product.

What the badge means

• Verified — green: compiled, migrated, and pooling-tested against the listed versions on the listed date.
• Re-verifying— an upstream moved; we're re-checking, and we show the last-known-good in the meantime rather than anything unproven.