Simplify ana test to its load-bearing core (deterministic seal)

Strip `ana test` down to the mechanical spine that the product actually needs, and fix the one defect in that spine: the seal is not deterministic.

verdict PASSscore 25 / 25findings 7 (0 risk · 1 debt · 6 obs)duration 10h 20mrejection cycles 0shipped Jun 7, 2026surface cli

Pipeline timeline

Intent to proven code in 10h 20m across Think, Plan, Build, and Verify.

Think
542m
Plan
19m
Build
20m
Verify
10m

Assertion ledger

25 claims, each independently verified. Showing 8 — show all →

IDSaysMatcher
A001The seal is built from a fixed, predictable summary of the test resultverifiedok
A002The same test result always produces the exact same sealverifiedok
A003The seal's fingerprint can be recomputed from the result it reportsverifiedok
A004A different test result produces a different seal fingerprintverifiedok
A005The seal no longer reports raw-output byte and line countsverifiedok
A006The seal no longer reports a raw-output line totalverifiedok
A007The seal still carries stage, slug, counts, verdict, and a fingerprintverifiedok
A008A correctly-formed new seal is recognized as a real sealverifiedok

Findings 7 total

obspackages/cli/tests/commands/artifact.test.tsclosed
Contract file_changes omits packages/cli/tests/commands/artifact.test.ts, which the build necessarily modified (the marker() factory no longer accepts bytes/lines, and an old-format @ana test depended on the retired shape)
obspackages/cli/src/commands/test.tsclosed
Checkpoint machinery deletion resolves two prior proof-chain findings: isCheckpointSealConflict over-build and the checkpoint-passthrough argv-quoting loss are both removed, not patched
debtpackages/cli/src/commands/test.tsmonitor
test.ts top docstring says verify 'resolves the top-level commands.test' but the implementation resolves via resolveTestCommandString, which prefers commands.test_json when present — the named field is imprecise
obspackages/cli/src/commands/test.tsmonitor
'Verify runs the full project' is config-dependent: on this repo top-level test_json scopes to packages/cli, so a --stage verify seal covers the CLI suite only and excludes the website package. Matches spec's accepted resolution rules; reader could over-read 'full project'
obspackages/cli/src/utils/capture-marker.tsmonitor
Dropping required `lines` widens the accepted-seal grammar: any well-formed five-field line outside a fence now parses as a real seal (verbatim-paste forgery surface). Recorded-not-guarded per spec; deferred to the reserved enginebind token
+2more findings

Integrity seal

scopesha256:20b492247501d...
contractsha256:c740b894512d8...
plansha256:5b83dc045f9ab...
specsha256:ba263e434e150...
build-reportsha256:0bf1baf3f336b...
build-datasha256:4d26d32527f28...
verify-reportsha256:bf09c78a283f4...
verify-datasha256:67dc2dafab8a4...
audit cmd$ ana proof audit simplify-seal-and-test-core   → all hashes match