Compact the capture seal + fix the count
The capture gate seals test evidence into the build/verify report. Today that seal **inlines the entire raw test output** (the `retire-capture-self-arming` build report carried ~3,100 lines / 246 KB), and the sealed **count abstains on our own repo** because counts are regex-scraped from human-formatted output that our turbo-wrapped root runner doesn't match. A third defect shares the same root: the marker parser matches `<!-- ana:capture … -->` even inside prose, so a report that *describes* a marker corrupts parsing.
verdict PASSscore 29 / 29findings 9 (0 risk · 2 debt · 7 obs)duration 4h 10mrejection cycles 0shipped Jun 6, 2026surface cli
Pipeline timeline
Intent to proven code in 4h 10m across Think, Plan, Build, and Verify.
Think89m
Plan34m
Build73m
Verify12m
Assertion ledger
29 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | A captured test run produces a one-line sealed result, not a dump | verified | ok |
| A002 | The sealed result carries the test counts, verdict, a fingerprint, and the output size | verified | ok |
| A003 | The sealed result no longer carries a path to a throwaway log file | verified | ok |
| A004 | Saving a build report no longer pastes the raw test output into it | verified | ok |
| A005 | A build report with a compact seal saves successfully through the gate | verified | ok |
| A006 | Test counts are read from a machine-readable report, not scraped from human text | verified | ok |
| A007 | The tool prefers the configured machine-readable test command when one is set | verified | ok |
| A008 | With a machine-readable reporter configured, this project gets a real count instead of abstaining | verified | ok |
Findings 9 total
debtpackages/cli/tests/commands/artifact.test.ts→ scope
A026 (byte-stable re-save / AC12) has no dedicated test, though the spec's Testing Strategy explicitly requested one. Behavior is sound by construction — inlining is deleted and applyCaptureGate is read-only, so the save path never mutates the report — but the contract target reportUnchangedOnSecondSave is verified by source inspection, not a regression test.
debtpackages/cli/tests/commands/template-capture-instruction.test.ts→ scope
Template wording assertions A020/A021 (AC8) have no automated regression test. template-capture-instruction.test.ts was not modified and contains no compact-seal assertion. A future template edit could silently reintroduce 'verbatim, sha-sealed block' or drop the compact description with the suite still green.
obs→ monitor
A016/A017 (.captures/ rule in the dogfood .ana/.gitignore and the init generator) are verified by source inspection only — no test asserts either gitignore carries the rule. The rule in assets.ts predates this build (PR #281); this build only corrected its stale comment.
obspackages/cli/tests/commands/test-command.test.ts→ monitor
A008 (configured test_json yields a non-abstain verdict on real output) has no hermetic unit test. Verified via live dogfood run (this repo seals 3429p/0f/2s, verdict=pass) plus the A006 JSON-parser test, but no in-test fixture exercises the full test_json -> executeCapture -> verdict!=abstain chain.
obspackages/cli/src/commands/test.ts→ acknowledge
isCheckpointSealConflict over-builds beyond this contract: it refuses an explicit --stage build/verify run through the -- <command> checkpoint form. Well-implemented and tested, and aligns with the anti-fabrication intent, but it is not part of the compact-capture-seal scope — it arrived via the merged sibling branch PR #281.
+4more findings
Integrity seal
scopesha256:33134f0420261...
contractsha256:e944b8cc712ed...
plansha256:54889fdee7b32...
specsha256:1cf88a82ce81e...
build-reportsha256:3e544f1578899...
build-datasha256:8f0bb401fb18d...
verify-reportsha256:a5aa8bbb4b3e8...
verify-datasha256:fa429611ba3b2...
audit cmd$ ana proof audit compact-capture-seal → all hashes match