Stack Detection Gaps (V2-Alpha Breadth Sweep)
V2-Alpha testing across 20 real open-source repos revealed detection gaps in four areas: deployment platforms, CI systems, workspace tools, and Vercel AI provider packages. The core stack detection (language, framework, database, auth, testing) is strong. The gaps are in areas where the ecosystem moved in 2025-2026 and our detection maps haven't kept pace.
verdict PASSscore 25 / 25findings 4 (0 risk · 1 debt · 3 obs)duration 1h 22mrejection cycles 0shipped May 20, 2026surface cli
Pipeline timeline
Intent to proven code in 1h 22m across Think, Plan, Build, and Verify.
Think60m
Plan5m
Build8m
Verify4m
Assertion ledger
25 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | Cloudflare Workers projects are detected when wrangler.toml is present | verified | ok |
| A002 | Cloudflare Workers projects using the newer jsonc format are detected | verified | ok |
| A003 | Helm-based deployments are detected from Chart.yaml | verified | ok |
| A004 | Kubernetes deployments are detected from kustomization.yaml | verified | ok |
| A005 | AWS CDK deployments are detected from cdk.json | verified | ok |
| A006 | Pulumi deployments are detected from Pulumi.yaml | verified | ok |
| A007 | Serverless Framework deployments are detected from serverless.yml | verified | ok |
| A008 | Existing deployment platforms like Docker and Vercel still work | verified | ok |
Findings 4 total
debtpackages/cli/tests/engine/census-detection.test.ts→ scope
Workspace label tests verify a replicated helper, not the actual scan-engine.ts ternary
obspackages/cli/src/engine/detectors/dependencies.ts→ closed
@openrouter/ai-sdk-provider added to AI_PACKAGES but not in spec — over-building with zero test coverage
obspackages/cli/src/engine/detectors/dependencies.ts→ closed
AI_SDK_EXCLUSIONS set recreated on every detectServiceDeps call — could be module-level constant
obspackages/cli/tests/engine/detectors/ai-sdk-detection.test.ts→ monitor
Wildcard capitalization only tested with single-word providers — no test for hyphenated wildcard input like @ai-sdk/foo-bar
Integrity seal
scopesha256:72d37bf343653...
contractsha256:3ddcfb06c7651...
plansha256:743d5e3b3bc53...
specsha256:a5ffb6b185b4d...
build-reportsha256:f09a4e522aa7e...
build-datasha256:56eee88a53c79...
verify-reportsha256:2d81063c06ebb...
verify-datasha256:67055e699364c...
audit cmd$ ana proof audit stack-detection-gaps → all hashes match