Pipeline Concurrency Guards
Prevent concurrent pipeline sessions from corrupting each other. Learn Session 5 uncovered a real failure: two AnaVerify sessions ran against the same scope simultaneously. Session #2 archived a valid verify report, created a duplicate PR, force-pushed over the merged branch, and left `work complete` unable to detect the merge. Recovery required git internals knowledge our target customer doesn't have. The pipeline assumes one agent per stage but enforces nothing — this scope adds mechanical enforcement.
verdict PASSscore 20 / 22findings 7 (0 risk · 3 debt · 4 obs)duration 1h 44mrejection cycles 1shipped May 15, 2026surface cli
Pipeline timeline
Intent to proven code in 1h 44m across Think, Plan, Build, and Verify.
Think29m
Plan10m
Build45m
Verify15m
Assertion ledger
22 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | A second verify session on the same work item is blocked | verified | ok |
| A002 | A second plan session on the same work item is blocked | verified | ok |
| A003 | The force flag overrides the verify concurrency guard | verified | ok |
| A004 | The force flag overrides the plan concurrency guard | verified | ok |
| A005 | Stale timestamps older than 1 hour are ignored automatically | verified | ok |
| A006 | Missing saves.json does not block session start | verified | ok |
| A007 | Corrupted saves.json does not block session start | verified | ok |
| A008 | An active verify session does not block a build session on the same work item | verified | ok |
Findings 7 total
debtpackages/cli/src/commands/work.ts→ accept
checkConcurrencyGuard has dead `force` parameter — never passed true from production call sites
debtpackages/cli/src/commands/work.ts→ scope
isTimestampRecent duplicates checkConcurrencyGuard logic — both parse .saves.json, extract timestamp, compare against CONCURRENCY_TIMEOUT_MS
obspackages/cli/src/commands/work.ts→ monitor
Inside-worktree resume path writes verify_started_at without checking concurrency guard first
debtpackages/cli/tests/commands/work.test.ts→ scope
No boundary test at exactly 1-hour timeout — tests use 2-hour-old (stale) and new Date() (fresh), missing 59m59s and 60m01s cases
obspackages/cli/src/commands/work.ts→ closed
plan_started_at written with force:true — spec only mentions verify_started_at force-write, this is over-building for consistency
+2more findings
Integrity seal
scopesha256:ae9f5f707b28b...
contractsha256:b4a85d19f8a96...
plansha256:75bfb55d9c8a5...
specsha256:8c46744ed3b84...
build-reportsha256:f58f96274da4f...
build-datasha256:7885a45e271b3...
verify-reportsha256:4eec4ff2ad3a1...
verify-datasha256:6a1cb23f9827b...
audit cmd$ ana proof audit pipeline-concurrency-guards → all hashes match