Gitignore disclosure at init time, commit hardening, and docs
The force-add fix shipped (PR #226). It solves the mechanical problem — gitignored infrastructure files now get committed. But there are three gaps:
verdict PASSscore 15 / 15findings 4 (0 risk · 1 debt · 3 obs)duration 23h 11mrejection cycles 0shipped May 29, 2026
Pipeline timeline
Intent to proven code in 23h 11m across Think, Plan, Build, and Verify.
Think1211m
Plan74m
Build7m
Verify5m
Assertion ledger
15 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | Init warns users when their gitignore blocks infrastructure files | verified | ok |
| A002 | The warning appears in the Pipeline readiness section | verified | ok |
| A003 | The warning explains force-add is for worktree compatibility | verified | ok |
| A004 | No gitignore warning appears when nothing is gitignored | verified | ok |
| A005 | Tracked-but-gitignored dirty files are identified for force-add | verified | ok |
| A006 | Non-gitignored dirty files are not flagged for force-add | verified | ok |
| A007 | Empty dirty set produces no force-add candidates | verified | ok |
| A008 | Subsequent commits with tracked-but-gitignored files succeed | verified | ok |
Findings 4 total
obspackages/cli/src/commands/init/index.ts→ monitor
Warning text hardcodes '.claude/' but detection covers both .claude/ and .ana/
debtpackages/cli/tests/commands/init/commit.test.ts→ scope
No integration test for subsequent-commit hardening scenario (A008-A010)
obspackages/cli/tests/commands/init/commit.test.ts→ closed
Pre-existing @ana tags from gitignore-force-add contract reuse IDs A001-A021 — ambiguous with this contract's A001-A015
obspackages/cli/src/commands/init/commit.ts→ closed
discoverGitignoredDirtyFiles correctly uses --no-index for tracked files — improvement over existing discoverGitignoredFiles pattern
Integrity seal
scopesha256:b9e40fdd535d9...
contractsha256:dc63cde0269c3...
plansha256:ca9f6897735a6...
specsha256:f8235082cb6a0...
build-reportsha256:fa8a4546c6103...
build-datasha256:11aa26897b6d4...
verify-reportsha256:81063c0f24a21...
verify-datasha256:775018ec984e4...
audit cmd$ ana proof audit gitignore-disclosure-and-hardening → all hashes match