Fix CI Test Failures
CI fails on every push — 5 failures on Ubuntu, 28 on Windows, across 10 test files. The safety net is broken. "Verified over trusted" demands the mechanical checks work. This scope fixes all CI failures to get the test matrix green across 3 OS × 2 Node versions.
verdict PASSscore 15 / 15findings 5 (1 risk · 0 debt · 4 obs)duration 34mrejection cycles 1shipped May 2, 2026surface cli
Pipeline timeline
Intent to proven code in 34m across Think, Plan, Build, and Verify.
Think7m
Plan7m
Build22m
Verify5m
Assertion ledger
15 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | Git detection tests pass without global git config | verified | ok |
| A002 | Git branch detection works in fresh repos without global config | verified | ok |
| A003 | Scan project detects git info without relying on global config | verified | ok |
| A004 | Go and Rust entry point tests use platform-safe temp directories | verified | ok |
| A005 | Structure analysis integration test uses platform-safe temp directory | verified | ok |
| A006 | No test file contains hardcoded /tmp/ paths | verified | ok |
| A007 | Architecture detection normalizes paths before matching patterns | verified | ok |
| A008 | Architecture correctly detects microservices with backslash input | verified | ok |
Findings 5 total
riskpackages/cli/src/engine/analyzers/structure/architecture.ts→ closed
Library detection uses unnormalized paths — d.startsWith('lib/') fails on Windows backslash input
obspackages/cli/tests/engine/types/census.test.ts→ closed
Mock data strings in test fixtures contain /tmp/ as placeholder absolutePath values — no filesystem access, no runtime impact
obs→ closed
Contract A006 grep.count matcher counts mock data strings — overly broad for detecting actual filesystem /tmp/ usage
obs→ closed
Contract A004/A005 value specifies os.tmpdir() but implementation uses destructured tmpdir() — semantically identical
obspackages/cli/src/engine/detectors/documentation.ts→ closed
Documentation normalization in checkFile() covers all callers at output boundary — better than per-callsite fix
Integrity seal
scopesha256:feeca7733f602...
contractsha256:3c58f5bc464fe...
plansha256:4b6b1c91b89a4...
specsha256:248fc37e570d4...
build-reportsha256:45c4caed02f82...
build-datasha256:718820e77e2fa...
verify-reportsha256:444f475c669e0...
verify-datasha256:5795e1836e2c7...
audit cmd$ ana proof audit fix-ci-failures → all hashes match