Verifier Intent Coverage — mechanically guarantee the contract covers scope intent

Make the contract's fidelity to scope intent **mechanically trustless**. Today the contract is positioned as the authoritative specification, but it is only a *fallible proxy* for what the scope actually asked for. Whether built code satisfies intent rests on the planner's diligence translating intent→assertions and the verifier's disposition to *notice* a thin translation — with **no mechanical check that every acceptance criterion is even covered, and no gating outlet when a gap is found.**

verdict PASSscore 35 / 35findings 10 (0 risk · 3 debt · 7 obs)duration 278h 58mrejection cycles 0shipped Jun 16, 2026surface cli

Pipeline timeline

Intent to proven code in 278h 58m across Think, Plan, and 2 Build→Verify phases.

Think
16634m
Plan
22m
Build 1
22m
Verify 1
20m
Build 2
29m
Verify 2
8m

Assertion ledger

35 claims, each independently verified. Showing 8 — show all →

IDSaysMatcher
A001Acceptance criteria written as a dash-bullet are recognizedverifiedok
A002Acceptance criteria written as a heading are recognizedverifiedok
A003Acceptance criteria written in bold are recognizedverifiedok
A004Acceptance criteria written as a bare label are recognizedverifiedok
A005A well-formed scope is never mistaken for an unreadable oneverifiedok
A006Across every past project scope, none is wrongly judged unreadableverifiedok
A007Across every past project scope, the criteria are always recoveredverifiedok
A008A scope in an unfamiliar format is flagged as unreadable, not guessedverifiedok

Findings 10 total

debtscope
Flaky test in the broader suite — one test failed in the sealed verify run (3766p/1f/2s) but never reproduced across 7 full-suite runs + 5 regression-focus runs. 'Push failed after retry' noise points to a git-operation/retry test, not Phase 1 code.
obspackages/cli/tests/commands/scope-ac-corpus.test.tsmonitor
scope-ac-corpus.test.ts asserts toBe(0) against the live, growing completed-scope corpus (205 today). A future completed scope using '## Acceptance Criteria' with non-AC-id criteria would flip emptyExtractionCount/falseAmbiguousCount and break this test in an unrelated future PR. Intentional safety gate, but couples future greens to historical scope formatting.
obspackages/cli/src/commands/artifact-validators.tsmonitor
Bold-form regex /\*\*\s*(AC\d+)/ matches **ACn** anywhere on a line, so a prose mention ('see **AC3** above') extracts AC3 as a criterion id. Harmless across the 205-scope corpus and the dogfood (exactly AC1-14, no spurious ids), but a future version-1.1 contract could gain a spurious prose-derived id that becomes a false 'uncovered' block. Latent, low-likelihood.
obspackages/cli/src/commands/artifact-validators.tsacknowledge
Defensive try/catch around joinCoverage in evaluateCoverageGate is effectively unreachable — joinCoverage is total (no throw path), so the 'could not evaluate' diagnostic branch cannot trigger in practice and no test exercises it. Spec explicitly requested defensive depth, so it is intentional, but it is untested dead-ish code.
debtpackages/cli/tests/utils/proofSummary.test.tsmonitor
Stale/cross-contract @ana tags in long-lived test files mis-map this contract's assertion IDs
+5more findings

Provenance

Who ran what, and what it cost. Recomputable estimates from the shared price table — subordinate to the verdict, never gating.

model claude-opus-4-8
sessionturnstoolsinoutcachecost
ana107448.4k90.0k5.3M$5.98
plan94417.7k70.5k4.8M$5.23
build102477.7k51.9k4.1M$4.13
verify104458.6k33.1k3.5M$3.24
build 231416612.0k87.9k21.7M$14.66
verify 290427.6k27.3k2.2M$2.40
TOTAL 6 sessions$35.63 (table 2026-06-14)
churn 26 files · +1813/−38
completeness ✓ complete (plan 1/1 · build 2/2 · verify 2/2)

Integrity seal

scopesha256:299e88902e431...
contractsha256:5095b2cec3666...
plansha256:769fd994ce674...
spec-1sha256:d5f1665657541...
spec-2sha256:665f7fdad48da...
build-report-1sha256:8aa8795f15fd6...
build-data-1sha256:dad91d60d5219...
verify-report-1sha256:53b1a8d8bf67e...
verify-data-1sha256:1cfe055ceeefd...
build-report-2sha256:ed865254234ce...
build-data-2sha256:02a9f1987306b...
verify-report-2sha256:3d1f744977093...
verify-data-2sha256:18ccd430e582a...
audit cmd$ ana proof audit verifier-intent-coverage   → all hashes match