Surface Awareness Schema and Pipeline Integration
Make surface awareness real end-to-end. The scan already detects surfaces (shipped, validated against 12 repos). This scope makes the system USE that intelligence: ana.json stores per-surface commands, the pipeline targets the right surface, and the proof chain records which surface each run verified. A developer scoping website work gets website test commands. A developer scoping CLI work gets CLI test commands. Cross-surface work falls back to root commands.
verdict PASSscore 31 / 31findings 8 (2 risk · 2 debt · 4 obs)duration 1h 44mrejection cycles 0shipped May 20, 2026
Pipeline timeline
Intent to proven code in 1h 44m across Think, Plan, Build, and Verify.
Think2m
Plan13m
Build77m
Verify5m
Assertion ledger
31 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | Initializing a monorepo produces per-surface configuration with path, language, framework, and commands | verified | ok |
| A002 | Each surface gets a scoped test command based on its detected testing framework | verified | ok |
| A003 | Each surface gets a scoped build command from its package.json scripts | verified | ok |
| A004 | Surface language is detected per surface, not inherited from root | verified | ok |
| A005 | Single-package projects have no surfaces section | verified | ok |
| A006 | Fresh init no longer generates buildPackage in commands | verified | ok |
| A007 | Fresh init no longer generates testPackage in commands | verified | ok |
| A008 | Re-initializing preserves user-customized surface commands | verified | ok |
Findings 8 total
debtpackages/cli/tests/commands/proof-surface-derivation.test.ts→ scope
deriveSurface logic duplicated in test — test reimplements work.ts logic instead of importing it
riskpackages/cli/src/commands/init/state.ts→ closed
Surface path injected into shell command without sanitization — paths with spaces or special chars produce broken subshell
obspackages/cli/src/commands/init/state.ts→ monitor
Non-Node surface gets empty commands object instead of null commands — no native command generation for Rust/Go surfaces
debtpackages/cli/tests/commands/scope-surface-validation.test.ts→ closed
A019 scope rejection test depends on cwd-based findProjectRoot — fragile coupling between test isolation and global state
risk→ closed
pkg.path injection without sanitization — pre-existing across monorepo-build-scoping-C5, flip-monorepo-commands-C4, and now surface generation
+3more findings
Integrity seal
scopesha256:8bb88281f513a...
contractsha256:5e2797185a09f...
plansha256:81723c4a0c6b7...
specsha256:07bd4de5517ad...
build-reportsha256:ffc8a0a061363...
build-datasha256:a019de51205ca...
verify-reportsha256:8b54724284fe2...
verify-datasha256:b9fbff742f10a...
audit cmd$ ana proof audit surface-awareness-schema → all hashes match