Attestation layer for AI-era COBOL

AI is rewriting
your COBOL.
Refinery proves it’s safe.

The COBOL talent cliff is forcing banks onto AI tools, with no independent check in place. Refinery runs the modified code against the original, catches semantic drift before production, proves equivalence with Z3 formal verification, and explains it to your risk team. Every step aligned to SR 11-7, SS1/23, and DORA.

Book a call →How it works

No setup fee · Independent of your vendor stack · No lock-in

COBOL-SRC / INTEREST-CALC.cob===

IBM Bob activewatsonx.ai

Explorer

▾COBOL-SRC

INTEREST-CALC.cobM

PAYROLL-CALC.cobU

CREDIT-SCORE.cob

MORTGAGE-RPT.cob

▾JCL

BATCH-001.jcl

NIGHTLY-CLOSE.jcl

▸COPYBOOKS

INTEREST-CALC.cob×

PAYROLL-CALC.cob

132› PROCEDURE DIVISION.

133› *> Mortgage payment calculation

134› COMPUTE WS-INTEREST =

135› WS-PRINCIPAL * WS-RATE / 12

136› / (1 - (1 + WS-RATE / 12) ** -WS-TERM).

137›

138› COMPUTE WS-PAYMENT =

139› WS-PRINCIPAL *

140› WS-RATE / 12ROUNDED

141› / (1 - (1 + WS-RATE / 12)

142› ** -WS-TERM).

143›

144› MOVE WS-PAYMENT TO WS-OUTPUT.

IBM Bob · Suggestion

Granite 13B

94%

Compliance refactor

Add ROUNDED to COMPUTE WS-PAYMENT to satisfy Basel III precision requirements for loan amounts exceeding £1M, prevents silent truncation at 8+ decimal places.

AcceptRejectAsk Bob ↗

⎇ main⊕ 0⚠ 1COBOL · UTF-8 · CRLF · Ln 140, Col 9IBM Bob

What Refinery does

Run. Catch. Prove. Explain.

Four verbs, one audit trail. Not a platform you have to picture. A sequence you can watch run.

01$_

Run

Compile the AI-modified COBOL and the original, then run both against boundary-value inputs on a real z/OS emulator.

02!

Catch

Compare outputs byte by byte. Catch the COMPUTE drift, the truncated field, the removed error handler, before production does.

03✓

Prove

Generate a signed, SHA-256 fingerprinted Change Contract mapped to SR 11-7, SS1/23, and DORA. Audit-ready evidence on paper.

04?

Explain

A compliance-tuned AI agent knows every check, every formal proof, and every blast-radius impact. Risk asks it — not your engineers.

run→catch→prove→explain

Live Demo

Watch Refinery catch an AI-generated COBOL defect

Real IBM Bob output. Real audit engine. Real SHA-256 fingerprinted PDF.

COBOL engineers are retiring — AI is taking over·Refinery proves the AI got it right·SR 11-7 · US Federal Reserve·SS1/23 · Bank of England·DORA Article 28 · EU·Independent attestation for every change·11 semantic checks · Z3 formal verification·SHA-256 Change Contract PDF·CRO sign-off on demand·Vendor-independent·DiSH Accelerator · IBM Z ScaleUp · OpenAI Hack House·

SR 11-7 · US Federal Reserve|SS1/23 · Bank of England|DORA Article 28 · EU

How it works

Five layers.
One audit trail.

Semantic Analysis

Beyond diff.
Compiler-inspired analysis.

Builds a COBOL symbol table for the supported subset, resolves field references, traces data flow signals, and fires 11 named rules including Z3 formal verification. Catches changes a diff engine would miss.

Symbol resolverInter-proc DFACFG analysis11 rules

Analysis output

✓Write target removedPASS

✕Source expression changedHIGH

✓Field type mismatchPASS

✓Condition value alteredPASS

✓Memory alias conflictPASS

✓Circular flow detectedPASS

✓Unresolved program callPASS

Estate Blast Radius

One file.
Fourteen systems at risk.

Traces every COBOL CALL, COPY, and JCL EXEC PGM to map the full estate impact before a change ships.

INTEREST-CALC.cobsource

JCL batch

BATCH-001NIGHTLY-CLOSE

Copybooks

PAYROLL-RPTMORTGAGE-SVC

VSAM

LOAN-RPTACCT-MASTER

Direct callers

CREDIT-CHK

71/100

blast radius

3 JCL4 copybooks2 VSAM

Change Contract

A structured PDF.
SHA-256 fingerprint.

Every audit produces a structured PDF with a cryptographic fingerprint, a plain-English risk summary, and a sign-off block for the Chief Risk Officer. Permanent and regulator-ready.

SHA-256 fingerprintCRO sign-off blockDORA-aligned evidence

Sample report

Refinery Change ContractFLAGGED · AWAITING CRO

ProgramINTEREST-CALC.cob

VerdictFLAGGED

IssueSource expression changed

Blast radius71/100 · CRO required

SHA-256a3f2c4d1…c891fe02

Issued2026-05-23 · REF-2026-0087

CRO Approval

Date

Formal Verification

Z3 SMT solver.
Proved for all inputs.

For every COMPUTE, ADD, and MULTIPLY, Refinery encodes both program versions as Z3 integer formulas and asks the solver: does any input produce different outputs? UNSAT means mathematically proved equivalent — not just for test cases, for every possible input.

Z3 SMT solverAll integer inputsPROVED_EQUIVALENTCounterexample witness

Z3 proof output

✓COMPUTE WS-TAX-AMOUNT

PROVED_EQUIVALENT∀ inputs

✓COMPUTE WS-NET-PAY

PROVED_EQUIVALENT∀ inputs

verdictPROVED_EQUIVALENT

statements checked2

proof scopeFULL

✗Bug variant: COUNTEREXAMPLE

witness: {WS-BONUS: 1} → orig=1 mod=2

AI Explanation Agent

Risk asks Refinery.
Not your engineers.

A compliance-tuned AI agent knows every check, every formal proof, and every blast-radius impact. It briefs your CRO in plain English — on demand.

CRO asks:“Is this change safe to approve?”

Refinery agent:“Z3 formally proved the modified COBOL produces identical outputs for every possible input. Blast radius is 71/100 — CRO sign-off required per your policy.”

Always available — no ticket, no wait

Compliance Agent

Runs on your hardware.
Gets smarter every audit.

A local-first AI agent that lives inside your infrastructure. No audit data sent to any cloud API. Every run makes it sharper.

Local inference via Ollama

The compliance agent runs on an Ollama-served model inside your own infrastructure. No query, no audit record, and no COBOL source ever touches an external API.

OllamaOn-premAir-gapped ready

Self-improving audit memory

Every audit Refinery runs is indexed into an on-device retrieval store. The agent searches past audits to find similar programs, prior verdicts, and known risk patterns — automatically getting smarter the more you use it.

Audit-trained RAGOn-device embeddingsNo retraining needed

Plain English for your risk team

Risk officers ask questions in plain English. The agent answers with the full audit context — formal proof status, blast radius, regulatory mapping — without involving an engineer.

CRO-readySR 11-7 awareInstant

Agent runtime

refinery-agent

> loading model mistral:7b-instruct[OK]

> connecting to audit store[OK]

> indexing 47 audit records[OK]

> retrieving context INTEREST-CALC.cob[...]

> found 3 similar audits in memory

agent ready · all data on-device

CRO“Can we approve the INTEREST-CALC change for Friday release?”

Compliance Agent“Z3 formally proved arithmetic equivalence for all inputs. Blast radius is 71/100 — your policy requires CRO sign-off. I’ve seen 2 similar audits pass without incident. Change Contract REF-2026-0087 is ready for your signature.”

context pulled from on-device audit memory · no cloud API called

Why Refinery

Not a plugin.
An independent layer.

Capability	Refinery	Vendor AI tools	Manual review
Semantic equivalence check	✓ 11 named rules	diff only	ad hoc
Z3 formal proof of equivalence	✓ PROVED_EQUIVALENT for all inputs	No	No
Estate blast radius mapping	✓ JCL + VSAM + CALL	No	No
PDF audit certificate	✓ SHA-256 fingerprint	No	no standard format
DORA / SR 11-7 / SS1/23	✓ all three	single jurisdiction	No
Vendor-independent	✓ any AI tool	self-validates	✓
CRO governance portal	✓ built in	No	No

The bigger picture

Built for the humans
and agents that come next.

The first layer to sit between AI and production COBOL

Banks are facing a COBOL talent cliff. As the engineers who wrote these systems retire, AI tools are being deployed to fill the gap. Refinery is the independent check that makes that transition safe — and provable to regulators.

Mathematical proof, not just test coverage

Refinery's Z3 SMT engine formally proves that modified COBOL produces identical outputs for every possible input — not just the inputs in your test suite. UNSAT means proved. SAT means there's a counterexample, and we show you the witness values.

Your agents get better at optimising your codebase over time

Each run teaches the system what good looks like in your estate. The longer you run Refinery, the smarter your optimisation loop becomes.

Governance Portal

Three panels.
Every change, governed.

Live diff, 11-check semantic feed, Z3 formal proof, and estate blast radius: one audit workspace your CRO can actually read.

“

The question isn’t whether AI will touch our COBOL. It’s whether we can prove to the regulator that what came out is the same as what went in.

CRO

Chief Risk Officer

Tier 1 UK Bank

Recognised by

DiSH AcceleratorBacked by Barclays Eagle Labs · Plexal · University of Manchester

IBM Z ScaleUpAdam Ring · Global Head, IBM Z Startups

OpenAI Hack HouseInvited · First ever cohort

See Refinery run
on your code.

Refinery is priced as a share of the compliance risk we remove. No fixed licence, no upfront cost. You pay when you’re verified.

Book a call →

No setup feeIndependent of your vendor stackNo lock-in

Previously at Palantir, SAP, Goldman Sachs, and Google · Palantir Winter Fellow · Goldman Sachs Spring Intern · SAP SWE

AI is rewritingyour COBOL.Refinery proves it’s safe.

Run. Catch. Prove. Explain.

Run

Catch

Prove

Explain

Watch Refinery catch an AI-generated COBOL defect

Five layers.One audit trail.

Beyond diff.Compiler-inspired analysis.

One file.Fourteen systems at risk.

A structured PDF.SHA-256 fingerprint.

Z3 SMT solver.Proved for all inputs.

Risk asks Refinery.Not your engineers.

Runs on your hardware.Gets smarter every audit.

Not a plugin.An independent layer.

Built for the humansand agents that come next.