Harden Hot Files
Fix four error-handling and display bugs across the three most-modified CLI files (proof.ts, work.ts, artifact.ts). These are all hot files touched by every pipeline run. Closes 5 active findings including all 3 risk-severity findings in the current set.
verdict PASSscore 12 / 12findings 5 (0 risk · 1 debt · 4 obs)duration 1h 20mrejection cycles 0shipped Apr 30, 2026surface cli
Pipeline timeline
Intent to proven code in 1h 20m across Think, Plan, Build, and Verify.
Think4m
Plan4m
Build68m
Verify7m
Assertion ledger
12 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | Recovery with JSON mode produces clean JSON without human-readable text | verified | ok |
| A002 | Recovery JSON output is valid JSON from the first character | verified | ok |
| A003 | Recovery without JSON mode still shows the recovery message | verified | ok |
| A004 | Each audit finding shows its source exactly once | verified | ok |
| A005 | Severity ordering is defined once at module level | verified | ok |
| A006 | No local severity ordering maps remain inside functions | verified | ok |
| A007 | Missing remote branch does not block artifact saves | verified | ok |
| A008 | Unexpected file operation failures surface a warning | verified | ok |
Findings 5 total
debtpackages/cli/src/commands/work.ts→ closed
Catch block indentation inconsistent — body at 10-space indent vs surrounding 8-space convention
obspackages/cli/tests/commands/work.test.ts→ closed
A003 tagged test exercises normal completion, not recovery — does not assert 'Recovering' in output
obspackages/cli/tests/commands/work.test.ts→ closed
Pre-check COVERED status for A004-A010 comes from other features' tag collisions, not from harden-hot-files-specific tests
obs→ closed
Spec says 'no new tests needed' but contract has behavioral assertions (A007-A010) that imply test coverage — tension between spec and contract
obspackages/cli/src/commands/artifact.ts→ closed
captureModulesTouched warning includes raw error message in output — could leak internal paths or stack traces to terminal
Integrity seal
scopesha256:86ea32fdd5dac...
contractsha256:629a37421c16c...
plansha256:dbb9094551152...
specsha256:ce70f146fa820...
build-reportsha256:ec1da3242f140...
build-datasha256:f54f54dab4f5f...
verify-reportsha256:5a6125384cd8b...
verify-datasha256:5a7b1c4e183dd...
audit cmd$ ana proof audit harden-hot-files → all hashes match