Top questions from pilots and early users.
Does logomesh modify my code?
No. logomesh reads your source and runs a test in an isolated sandbox. Nothing is written to your repo unless you pass --draft-pr.
What if the test doesn’t reproduce the crash?
logomesh retries once with the passing output. If it still doesn’t reproduce, it exits with code 1. Common reasons: the bug is already fixed on this branch, or frame locals had type coercion issues (Sentry serializes everything as strings — "-1" vs -1). Pass --no-llm to use raw frame locals without synthesis.
Is my source code sent to an LLM?
The crashing function’s source is sent to an LLM to synthesize the test. Frame locals are PII-redacted first (PAN regex + field-name matching). The test code and sandbox output stored in the artifact are deterministic — no LLM token touches them. Pass --no-llm to skip the LLM entirely and use frame-locals replay only.
What does “sealed artifact” mean for my audit?
The artifact carries llm_in_evidence_path: false and a SHA-256 of the test bytes. An auditor can verify that the evidence — the call expression and the sandbox output — came from the deterministic synthesizer, not an AI. The control mappings (SOC2 CC7.3, CC7.4, PCI DSS 12.10.5) map to post-incident response controls.
Need attestation language for a workpaper? Talk to logomesh security →
Does it work without Docker?
Yes. Without Docker, logomesh falls back to a subprocess runner. Less isolated (no network airgap), but the test still runs. For compliance artifacts, Docker isolation is recommended.
What Python versions are supported?
The sandbox runs Python 3.12. Your source file can target any version — logomesh parses it with the system Python.