session-capture — agent-session capture & provenance unlock

Record, for **every** pipeline agent conversation (Think/Plan/Build/Verify/Learn) on **both** Claude Code and Codex, the session pointer plus full provenance — the moment each fact is knowable — so Anatomia starts banking a labeled dataset of every run immediately. This is the "Scope 0" unlock from the anatrace spike: it closes Anatomia's process-trust gap (today the proof verifies the *outcome* but trusts that each agent followed its mandate) by first capturing the raw material that later scopes will verify and analyze.

verdict PASSscore 35 / 35findings 12 (2 risk · 1 debt · 9 obs)duration 14h 30mrejection cycles 0shipped Jun 8, 2026surface cli

Pipeline timeline

Intent to proven code in 14h 30m across Think, Plan, and 2 Build→Verify phases.

Think
657m
Plan
21m
Build 1
36m
Verify 1
6m
Build 2
103m
Verify 2
5m

Assertion ledger

35 claims, each independently verified. Showing 8 — show all →

IDSaysMatcher
A001Every launched agent is tagged with which harness it runs onverifiedok
A002Every launched agent is tagged with its pipeline roleverifiedok
A003Each session records a fingerprint of the agent definition it ranverifiedok
A004Tagging a session never strips the agent's existing environmentverifiedok
A005A build launched inside a work item's worktree is tagged with that work itemverifiedok
A006Think and Learn sessions, which have no work item, are tagged with an empty slugverifiedok
A007Planning can be tied to a specific work item when the user names itverifiedok
A008Each session is recorded with the pointer to its own transcriptverifiedok

Findings 12 total

debtpackages/cli/tests/commands/init/assets-capture-hooks.test.tsscope
Codex capture install/prune path (applyCodexCaptureHooks) has zero automated test coverage — init integration test runs only --platforms claude
riskpackages/cli/src/commands/init/assets.tsscope
Codex config.toml [features] hooks=true is written only when the file is absent — a customer with a pre-existing .codex/config.toml that lacks the flag, turning capture on, gets hooks.json but no enablement, so the SessionStart hook silently never fires
obspackages/cli/src/commands/init/assets.tsmonitor
pruneCaptureHook leaves empty hook-event arrays — a project whose only SessionStart entry was ours becomes "SessionStart": [] after flip-off (harmless cruft, no hook fires)
obspackages/cli/tests/commands/_capture.test.tsmonitor
A013 no-network is a static source-scan (asserts no network-module imports / no fetch() in the capture source), not a runtime network counter — would not catch network I/O reached via an already-imported transitive module. Spec-sanctioned enforcement approach; low risk given capture path is fs+os only
obspackages/cli/src/commands/run.tsacknowledge
Empirical cwd/slug checkpoint from spec-1 (confirm real cwd of an ana run build/verify launch) has no in-repo evidence. Slug resolves via detectWorktreeSlug(projectRoot), unit-tested with a worktree-meta fixture; clean-degrade (empty slug) covers the worst case regardless
+7more findings

Integrity seal

scopesha256:3113946389f3b...
contractsha256:130cc607fb298...
plansha256:060998173c096...
spec-1sha256:02c3503620b3f...
spec-2sha256:ba2ee107e68ca...
build-report-1sha256:4cb3949e37e55...
build-data-1sha256:41663716e5895...
verify-report-1sha256:f03de33e3d240...
verify-data-1sha256:ca819e28f003b...
build-report-2sha256:4b61be9963e02...
build-data-2sha256:a294313700e71...
verify-report-2sha256:6cb4f0e80136a...
verify-data-2sha256:ee1dcac19597b...
audit cmd$ ana proof audit session-capture   → all hashes match