Worktree freshness detection
Worktrees don't know when they're behind main. When multiple pipelines run concurrently — or when main advances for any reason while a worktree is active — the build and verification happen against stale code. The developer discovers this only at merge time ("branch is behind"), after wasting an entire build+verify cycle. Worse: if the PR merges cleanly despite being behind (no conflicting files), the proof chain records a PASS that was verified against different code than what shipped. The proof is weak and nobody knows.
verdict PASSscore 15 / 17findings 7 (0 risk · 3 debt · 4 obs)duration 8h 13mrejection cycles 0shipped May 12, 2026surface cli
Pipeline timeline
Intent to proven code in 8h 13m across Think, Plan, Build, and Verify.
Think19m
Plan427m
Build8m
Verify6m
Assertion ledger
17 claims, each independently verified. Showing 8 — show all →
| ID | Says | Matcher | |
|---|---|---|---|
| A001 | Worktree info includes how many commits behind the main branch it is | verified | ok |
| A002 | A freshly-created worktree shows zero commits behind | verified | ok |
| A003 | When main advances, the worktree correctly reports how far behind it is | verified | ok |
| A004 | A worktree can be both ahead and behind at the same time | verified | ok |
| A005 | Git failures during behind-count don't crash the system | verified | ok |
| A006 | Status shows a behind-count warning when the worktree is stale | verified | fail |
| A007 | Status output is clean when the worktree is up to date | verified | fail |
| A008 | JSON status output includes the behind-count for machine consumption | verified | ok |
Findings 7 total
obspackages/cli/src/utils/worktree.ts→ closed
commitsBehind uses origin/artifactBranch but commitCount uses bare artifactBranch — asymmetric ref comparison
debtpackages/cli/src/commands/work.ts→ closed
printExistingWorktree duplicates commitsBehind rev-list logic from getWorktreeInfo — now two inline computations duplicated instead of one
debtpackages/cli/tests/commands/work.test.ts→ closed
A008 JSON test asserts typeof === 'number' not a specific value — passes even if commitsBehind computation is broken
obspackages/cli/tests/utils/worktree.test.ts→ closed
A005 git failure test relies on absent origin/main ref rather than injecting a failure — indirect coverage of the catch path
obs→ closed
No tagged tests for A009, A010, A011, A012, A013, A014 — verified by source inspection only
+2more findings
Integrity seal
scopesha256:acc6a23ff2428...
contractsha256:16753070a4ce2...
plansha256:41dcf49cb874c...
specsha256:0f392981c43a2...
build-reportsha256:c7091088607a5...
build-datasha256:2dc058ffb32e5...
verify-reportsha256:29b33bedf71eb...
verify-datasha256:af4351dca4760...
audit cmd$ ana proof audit worktree-freshness-detection → all hashes match