Fix Application Shape Detection Priority Chain
The application shape priority chain lets dependency-based signals (MCP SDK, LangChain, CLI deps like yargs/arg) override framework-based identity, producing wrong shapes for projects whose primary identity is determined by their framework. This is #2 priority from R5 comprehensive validation (70 repos tested). 8 repos misclassified: 6 false "cli", 2 false "mcp-server." This fix addresses 5 directly; the remaining 3 need upstream fixes in primary selection (Issue #3) and framework detection (Issue #8).
verdict PASSscore 18 / 18findings 4 (0 risk · 2 debt · 2 obs)duration 1h 33mrejection cycles 0shipped May 22, 2026surface cli
Pipeline timeline
Intent to proven code in 1h 33m across Think, Plan, Build, and Verify.
Think59m
Plan14m
Build6m
Verify5m
Assertion ledger
18 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | A data platform with Express and MCP SDK is classified as an API server, not an MCP server | verified | ok |
| A002 | A dedicated MCP server without any framework is still classified as MCP server | verified | ok |
| A003 | A Next.js app with MCP SDK is classified as a web app, not an MCP server | verified | ok |
| A004 | A Next.js observability platform with LangChain is classified as a web app, not an AI agent | verified | ok |
| A005 | An Express API with LangChain is classified as an API server, not an AI agent | verified | ok |
| A006 | A standalone LangChain project without a framework is still classified as an AI agent | verified | ok |
| A007 | A NestJS platform with yargs in deps is classified as an API server, not a CLI | verified | ok |
| A008 | A Next.js app with commander in deps is classified as a web app, not a CLI | verified | ok |
Findings 4 total
debtpackages/cli/tests/engine/detectors/applicationShape.test.ts→ closed
Stale @ana tags from prior contract create proof chain ambiguity — 20 duplicate tags with colliding IDs
debtpackages/cli/tests/engine/detectors/applicationShape.test.ts→ closed
@ana A003 tags wrong test — tags 'pure function' check (line 319) instead of MCP+Next.js→web-app test (line 64)
obspackages/cli/src/engine/detectors/applicationShape.ts→ monitor
BROWSER_DEP_ALIASES Set is small (3 entries) and tightly coupled to BROWSER_FRAMEWORKS — if a new browser framework is added with a different package name, both must be updated in sync
obspackages/cli/tests/engine/detectors/applicationShape.test.ts→ monitor
No test for MCP + server framework + browser deps triple combination (e.g., Express + MCP + React → full-stack)
Integrity seal
scopesha256:8971b1eb1f203...
contractsha256:1ac14f0643c63...
plansha256:cec3080549cbd...
specsha256:6602125f5ec4e...
build-reportsha256:ae82c234a0519...
build-datasha256:a2bc338459dbf...
verify-reportsha256:5f41b7e514146...
verify-datasha256:998e2af1dc9ad...
audit cmd$ ana proof audit fix-shape-detection-priority → all hashes match