claude-dev-env 1.62.1 → 1.64.0

package/hooks/blocking/verification_verdict_store.py

@@ -29,12 +29,16 @@ from config.verified_commit_constants import (
     AGENT_META_SIDECAR_SUFFIX,
     AGENT_META_TYPE_KEY,
     AGENT_TRANSCRIPT_GLOB,
+    BRANCH_REFERENCE_PREFIX,
+    BRANCH_WORKTREE_ABSENT_MESSAGE,
     CLAUDE_HOME_DIRECTORY_NAME,
     CONFTEST_FILE_NAME,
     DOCS_ONLY_EXTENSIONS,
     ALL_FALLBACK_BASE_REFERENCES,
+    EMPTY_SURFACE_GUARD_MESSAGE,
     GIT_TIMEOUT_SECONDS,
     MANIFEST_HASH_CLI_FLAG,
+    MANIFEST_HASH_FOR_BRANCH_CLI_FLAG,
     MINIMUM_STATUS_FIELD_COUNT,
     MINTING_AGENT_TYPE,
     PYTHON_EXTENSION,
@@ -52,10 +56,13 @@ from config.verified_commit_constants import (
     TRANSCRIPT_TEXT_KEY,
     VERDICT_DIRECTORY_NAME,
     VERDICT_FENCE_PATTERN,
+    VERDICT_FILE_GLOB,
     VERDICT_JSON_INDENT,
     VERDICT_KEY_ALL_PASS,
     VERDICT_KEY_FINDINGS,
     VERDICT_KEY_MANIFEST_SHA256,
+    WORKTREE_LIST_BRANCH_PREFIX,
+    WORKTREE_LIST_PATH_PREFIX,
 )
 
 
@@ -243,6 +250,65 @@ def manifest_sha256(surface_manifest_text: str) -> str:
     return hashlib.sha256(surface_manifest_text.encode("utf-8")).hexdigest()
 
 
+def empty_surface_hash() -> str:
+    """Return the manifest hash that represents an empty change surface.
+
+    A work tree whose HEAD equals the merge base has no changed or untracked
+    files, so ``branch_surface_manifest`` returns ``""`` and this hash is what
+    the minter or store CLI would produce for it. Comparing an attested hash
+    against this value lets the minter refuse to mint for a verifier that ran
+    in the wrong work tree.
+
+    Returns:
+        The hex sha256 digest of the empty surface manifest (the empty string).
+    """
+    return manifest_sha256("")
+
+
+def worktree_path_for_branch(repo_directory: str, branch_name: str) -> str | None:
+    """Find the work-tree directory that has a given branch checked out.
+
+    Parses the porcelain output of ``git worktree list --porcelain`` and
+    returns the ``worktree <path>`` line whose block carries a
+    ``branch refs/heads/<branch_name>`` line. Returns None when git fails
+    or no work tree holds the branch.
+
+    Args:
+        repo_directory: Any directory inside the repository.
+        branch_name: The short branch name to locate (without ``refs/heads/``).
+
+    Returns:
+        The absolute path of the work tree that has the branch checked out,
+        or None when no work tree holds the branch or git fails.
+    """
+    porcelain_output = run_git(repo_directory, "worktree", "list", "--porcelain")
+    if porcelain_output is None:
+        return None
+    target_branch_reference = f"{BRANCH_REFERENCE_PREFIX}{branch_name}"
+    current_worktree_path: str | None = None
+    for each_line in porcelain_output.splitlines():
+        if each_line.startswith(WORKTREE_LIST_PATH_PREFIX):
+            current_worktree_path = each_line[len(WORKTREE_LIST_PATH_PREFIX):]
+        elif each_line.startswith(WORKTREE_LIST_BRANCH_PREFIX):
+            branch_reference = each_line[len(WORKTREE_LIST_BRANCH_PREFIX):]
+            if branch_reference == target_branch_reference and current_worktree_path:
+                return current_worktree_path
+    return None
+
+
+def verdict_directory() -> Path:
+    """Return the shared directory holding every work tree's verdict file.
+
+    Verdicts live outside any repository (under the user's Claude home) so no
+    repo accumulates untracked verdict files; every work tree's verdict shares
+    this one directory, distinguished by file name.
+
+    Returns:
+        The verdict directory under the user's Claude home.
+    """
+    return Path.home() / CLAUDE_HOME_DIRECTORY_NAME / VERDICT_DIRECTORY_NAME
+
+
 def verdict_path_for_repo(repo_root: str) -> Path:
     """Derive the verdict file path for a repository work tree.
 
@@ -258,9 +324,7 @@ def verdict_path_for_repo(repo_root: str) -> Path:
     """
     normalized_root = str(Path(repo_root).resolve()).replace("\\", "/").lower()
     root_key = hashlib.sha256(normalized_root.encode("utf-8")).hexdigest()[:ROOT_KEY_HEX_LENGTH]
-    return (
-        Path.home() / CLAUDE_HOME_DIRECTORY_NAME / VERDICT_DIRECTORY_NAME / f"{root_key}.json"
-    )
+    return verdict_directory() / f"{root_key}.json"
 
 
 def load_valid_verdict(repo_root: str, expected_manifest_sha256: str) -> dict | None:
@@ -289,6 +353,44 @@ def load_valid_verdict(repo_root: str, expected_manifest_sha256: str) -> dict |
     return verdict_record
 
 
+def minted_verdict_covers_surface(expected_manifest_sha256: str) -> bool:
+    """Decide whether any minted verdict covers the live surface, keyed by hash.
+
+    A verdict's bound ``manifest_sha256`` commits to the exact set of surface
+    file paths and their byte contents; the work tree's location never enters
+    the hash. A clean verdict minted while verifying one work tree therefore
+    proves the same change surface in a sibling work tree of the same branch,
+    even though each work tree files its verdict under its own path-keyed name.
+    Scanning every verdict file by bound hash lets that verdict clear the
+    sibling's commit, while a verdict bound to a different hash — different
+    code — never matches. The path-keyed ``load_valid_verdict`` stays the fast
+    same-work-tree lookup; this is the cross-work-tree fallback.
+
+    Args:
+        expected_manifest_sha256: Hash of the live surface manifest the verdict
+            must match exactly.
+
+    Returns:
+        True as soon as one verdict file reports ``all_pass`` true and binds to
+        the expected hash; False when none match or the directory is absent.
+    """
+    verdict_dir = verdict_directory()
+    if not verdict_dir.is_dir():
+        return False
+    for each_verdict_file in sorted(verdict_dir.glob(VERDICT_FILE_GLOB)):
+        try:
+            verdict_record = json.loads(each_verdict_file.read_text(encoding="utf-8"))
+        except (OSError, json.JSONDecodeError):
+            continue
+        if not isinstance(verdict_record, dict):
+            continue
+        if verdict_record.get(VERDICT_KEY_ALL_PASS) is not True:
+            continue
+        if verdict_record.get(VERDICT_KEY_MANIFEST_SHA256) == expected_manifest_sha256:
+            return True
+    return False
+
+
 def _subagents_directory_for_transcript(transcript_path: str) -> Path | None:
     """Locate the live session's subagents directory from a transcript path.
 
@@ -647,14 +749,18 @@ def _print_live_manifest_hash(repo_directory: str) -> int:
     """Print the live surface manifest hash for a repo, for a workflow verifier.
 
     A workflow code-verifier runs this to learn the exact hash to bind its
-    verdict to, so stdout carries only the hash and nothing else.
+    verdict to, so stdout carries only the hash and nothing else. When the
+    work tree has no changed or untracked files (empty change surface), this
+    prints the empty-surface guard message to stderr and returns nonzero —
+    an empty surface means the verifier is pointed at the wrong work tree.
 
     Args:
         repo_directory: A directory inside the work tree to bind the verdict to.
 
     Returns:
-        0 after printing the hash; nonzero with no stdout when the repo root or
-        merge base cannot be resolved.
+        0 after printing the hash; nonzero with no stdout when the repo root,
+        merge base, or manifest cannot be resolved, or when the change surface
+        is empty (wrong work tree).
     """
     repo_root = resolve_repo_root(repo_directory)
     if repo_root is None:
@@ -665,20 +771,69 @@ def _print_live_manifest_hash(repo_directory: str) -> int:
     surface_manifest_text = branch_surface_manifest(repo_root, merge_base_sha)
     if surface_manifest_text is None:
         return 1
+    if surface_manifest_text == "":
+        print(EMPTY_SURFACE_GUARD_MESSAGE.format(repo_root=repo_root), file=sys.stderr)
+        return 1
     print(manifest_sha256(surface_manifest_text))
     return 0
 
 
+def _print_branch_manifest_hash(branch_name: str) -> int:
+    """Print the manifest hash for the work tree that holds a given branch.
+
+    Resolves the repository root from the current working directory, then
+    finds the work tree that has ``branch_name`` checked out, and delegates
+    to ``_print_live_manifest_hash`` for that work tree. This mode is immune
+    to the verifier's own cwd: it always hashes the work tree that holds the
+    branch under review, regardless of where the verifier itself is running.
+
+    Args:
+        branch_name: The short branch name to locate (without ``refs/heads/``).
+
+    Returns:
+        0 after printing the hash; nonzero with a stderr message when the
+        repo root cannot be resolved, no work tree holds the branch, or the
+        located work tree has an empty change surface.
+    """
+    repo_root = resolve_repo_root(str(Path.cwd()))
+    if repo_root is None:
+        print("ERROR: Current directory is not inside a git repository.", file=sys.stderr)
+        return 1
+    branch_worktree_path = worktree_path_for_branch(repo_root, branch_name)
+    if branch_worktree_path is None:
+        print(
+            BRANCH_WORKTREE_ABSENT_MESSAGE.format(branch=branch_name),
+            file=sys.stderr,
+        )
+        return 1
+    return _print_live_manifest_hash(branch_worktree_path)
+
+
 def main() -> None:
     """Run the verdict-store CLI: compute the live surface-manifest hash.
 
-    Reads ``--manifest-hash <repo_root>`` from argv and prints the live
-    ``manifest_sha256`` so a workflow code-verifier can bind its verdict to the
-    exact surface the gate checks. Exits nonzero with no stdout on any other
-    argument shape or when the surface cannot be resolved.
+    Two modes:
+
+    ``--manifest-hash <work-tree-dir>``
+        Print the live ``manifest_sha256`` for the given work tree directory
+        so a workflow code-verifier can bind its verdict to the exact surface
+        the gate checks. Fails with a stderr message when the change surface
+        is empty (wrong work tree).
+
+    ``--manifest-hash-for-branch <branch>``
+        Resolve the work tree that has ``<branch>`` checked out (via
+        ``git worktree list --porcelain``) and print its manifest hash.
+        Immune to the verifier's own cwd — always targets the branch's own
+        work tree. Fails when no work tree holds the branch or the surface
+        is empty.
+
+    Exits nonzero with no stdout on any other argument shape or when the
+    surface cannot be resolved.
     """
     if len(sys.argv) == 3 and sys.argv[1] == MANIFEST_HASH_CLI_FLAG:
         sys.exit(_print_live_manifest_hash(sys.argv[2]))
+    if len(sys.argv) == 3 and sys.argv[1] == MANIFEST_HASH_FOR_BRANCH_CLI_FLAG:
+        sys.exit(_print_branch_manifest_hash(sys.argv[2]))
     sys.exit(1)
 
 

package/hooks/blocking/verified_commit_gate.py

@@ -13,8 +13,11 @@ and allows the command only when one of these holds:
 - the surface is mechanically exempt (docs/images by extension, pytest
   test files by name convention, Python files whose docstring-stripped
   AST is unchanged), or
-- a verdict minted by ``verifier_verdict_minter.py`` reports ``all_pass``
-  and binds to the exact live manifest hash.
+- a passing verifier verdict binds to the exact live manifest hash —
+  matched by content hash, not by work-tree location, so a verdict
+  ``verifier_verdict_minter.py`` minted while verifying any work tree of
+  the surface clears the commit, as does one a workflow ``code-verifier``
+  emitted in its own transcript.
 
 The surface binds every changed and untracked file's content, so slicing
 work into small commits or staging files cannot move the hash, while any
@@ -57,6 +60,7 @@ from verification_verdict_store import (
     is_verification_exempt_diff,
     load_valid_verdict,
     manifest_sha256,
+    minted_verdict_covers_surface,
     resolve_merge_base,
     resolve_repo_root,
     workflow_verdict_covers_surface,
@@ -500,6 +504,8 @@ def deny_reason_for_directory(target_directory: str, transcript_path: str) -> st
     live_manifest_sha256 = manifest_sha256(surface_manifest_text)
     if load_valid_verdict(repo_root, live_manifest_sha256) is not None:
         return None
+    if minted_verdict_covers_surface(live_manifest_sha256):
+        return None
     if workflow_verdict_covers_surface(transcript_path, live_manifest_sha256):
         return None
     hash_preview = live_manifest_sha256[:HASH_PREVIEW_LENGTH]

package/hooks/blocking/verifier_verdict_minter.py

@@ -35,9 +35,13 @@ blocking_directory = str(Path(__file__).resolve().parent)
 if blocking_directory not in sys.path:
     sys.path.insert(0, blocking_directory)
 
-from config.verified_commit_constants import MINTING_AGENT_TYPE
+from config.verified_commit_constants import (
+    MINTING_AGENT_TYPE,
+    VERDICT_KEY_MANIFEST_SHA256,
+)
 from verification_verdict_store import (
     branch_surface_manifest,
+    empty_surface_hash,
     manifest_sha256,
     resolve_merge_base,
     resolve_repo_root,
@@ -169,6 +173,53 @@ def resolved_subagent_type(subagent_stop_payload: dict) -> str | None:
     )
 
 
+def _attested_or_recomputed_hash(verdict_record: dict, repo_root: str) -> str | None:
+    """Choose the surface hash the minted verdict binds to.
+
+    A code-verifier that verifies a work tree other than the stop event's cwd
+    attests the surface it checked by emitting ``manifest_sha256`` in its
+    verdict fence (computed against the verified work tree via the
+    ``--manifest-hash`` CLI). Binding the minted verdict to that attested hash
+    keeps the verdict tied to the code actually verified rather than the
+    subagent's cwd, so a verdict earned for one work tree clears a commit in a
+    sibling work tree of the same surface. When the fence attests no hash, the
+    minter recomputes one from the cwd work tree, which is correct whenever the
+    verifier ran in the work tree it verified.
+
+    Returns None (mints nothing) in two empty-surface cases:
+
+    - The attested hash equals ``empty_surface_hash()`` — the verifier called
+      the store CLI on a wrong (empty) work tree and the hash it got back
+      represents nothing.
+    - The recompute branch produces an empty manifest — the cwd work tree also
+      has no changed or untracked files versus the merge base.
+
+    Args:
+        verdict_record: The parsed verdict fence from the verifier transcript.
+        repo_root: The work-tree root resolved from the stop event's cwd, used
+            for the recompute fallback.
+
+    Returns:
+        The attested ``manifest_sha256`` when the fence carries a non-empty
+        string one that is not the empty-surface sentinel; the cwd work tree's
+        recomputed surface hash when the fence attests nothing and the surface
+        is non-empty; or None when the attested hash is the empty-surface
+        sentinel, the surface manifest is empty, or no upstream base resolves.
+    """
+    attested_manifest_sha256 = verdict_record.get(VERDICT_KEY_MANIFEST_SHA256)
+    if isinstance(attested_manifest_sha256, str) and attested_manifest_sha256:
+        if attested_manifest_sha256 == empty_surface_hash():
+            return None
+        return attested_manifest_sha256
+    merge_base_sha = resolve_merge_base(repo_root)
+    if merge_base_sha is None:
+        return None
+    surface_manifest_text = branch_surface_manifest(repo_root, merge_base_sha)
+    if not surface_manifest_text:
+        return None
+    return manifest_sha256(surface_manifest_text)
+
+
 def mint_for_payload(subagent_stop_payload: dict) -> Path | None:
     """Mint a verdict file for a code-verifier stop event.
 
@@ -177,8 +228,10 @@ def mint_for_payload(subagent_stop_payload: dict) -> Path | None:
 
     Returns:
         The verdict file path when minted; None when the payload is not a
-        code-verifier stop, the transcript holds no verdict, or the
-        session directory is not a work tree with an upstream base.
+        code-verifier stop, the transcript holds no verdict, the cwd is not a
+        work tree, or — for a verdict that attests no ``manifest_sha256`` of
+        its own — that work tree has no upstream base to recompute the surface
+        hash from.
     """
     if resolved_subagent_type(subagent_stop_payload) != MINTING_AGENT_TYPE:
         return None
@@ -191,15 +244,12 @@ def mint_for_payload(subagent_stop_payload: dict) -> Path | None:
     repo_root = resolve_repo_root(subagent_stop_payload.get("cwd", "."))
     if repo_root is None:
         return None
-    merge_base_sha = resolve_merge_base(repo_root)
-    if merge_base_sha is None:
-        return None
-    surface_manifest_text = branch_surface_manifest(repo_root, merge_base_sha)
-    if surface_manifest_text is None:
+    bound_manifest_sha256 = _attested_or_recomputed_hash(verdict_record, repo_root)
+    if bound_manifest_sha256 is None:
         return None
     return write_verdict(
         repo_root,
-        manifest_sha256(surface_manifest_text),
+        bound_manifest_sha256,
         verdict_record["all_pass"],
         verdict_record["findings"],
         str(subagent_stop_payload.get("agent_id", "")),

package/hooks/hooks_constants/dead_argparse_argument_constants.py

@@ -0,0 +1,28 @@
+"""Constants for the dead argparse-argument detector in ``code_rules_enforcer``.
+
+Lives under the hooks-tree ``hooks_constants`` package so module-level
+UPPER_SNAKE constants satisfy the CODE_RULES "constants live in config"
+requirement and share a home with the other hook-tree configuration.
+"""
+
+ADD_ARGUMENT_METHOD_NAME: str = "add_argument"
+ALL_PARSE_METHOD_NAMES: frozenset[str] = frozenset({"parse_args", "parse_known_args"})
+DEST_KEYWORD_NAME: str = "dest"
+NAMESPACE_KEYWORD_NAME: str = "namespace"
+ACTION_KEYWORD_NAME: str = "action"
+ALL_SUPPRESSED_ACTION_NAMES: frozenset[str] = frozenset({"help", "version"})
+GETATTR_FUNCTION_NAME: str = "getattr"
+GETATTR_NAME_ARGUMENT_MINIMUM: int = 2
+ATTRGETTER_FUNCTION_NAME: str = "attrgetter"
+NAMESPACE_DICT_ATTRIBUTE_NAME: str = "__dict__"
+OPTION_PREFIX: str = "-"
+LONG_OPTION_PREFIX: str = "--"
+DEST_WORD_SEPARATOR: str = "-"
+DEST_WORD_JOINER: str = "_"
+EXPORTED_NAMES_ATTRIBUTE: str = "__all__"
+MAX_DEAD_ARGPARSE_ARGUMENT_ISSUES: int = 25
+DEAD_ARGPARSE_ARGUMENT_GUIDANCE: str = (
+    "optional CLI flag whose parsed value is never read in this file - remove the"
+    " add_argument call (argparse silently accepts an unused flag), or read the"
+    " parsed value where it is needed (CODE_RULES §9.8)"
+)

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "claude-dev-env",
-    "version": "1.62.1",
+    "version": "1.64.0",
     "description": "Claude Code development standards — rules, hooks, agents, commands, and skills",
     "type": "module",
     "bin": {

package/skills/autoconverge/SKILL.md

@@ -34,7 +34,9 @@ PR's owner.
 
 1. **Enter a worktree.** Call `EnterWorktree` with no arguments before any
    `gh`, `git`, file read, or edit. `gh`/`git` Bash calls do not auto-isolate,
-   so this is mandatory. If it fails, report and stop.
+   so this is mandatory. If it fails, report and stop. A bare `EnterWorktree`
+   branches from `origin/main`; step 2 positions the worktree on the PR's head
+   ref, which the workflow needs.
 
 2. **Resolve PR scope.** When the user passed a PR URL or number, parse owner,
    repo, and number from it. Otherwise read the current branch's PR:
@@ -43,6 +45,18 @@ PR's owner.
    ready, mark it draft first (`gh pr ready <n> --repo <o>/<r> --undo`) so the
    loop owns the ready transition.
 
+   **Position the worktree on the PR branch.** The workflow reviews
+   `git diff origin/main...HEAD` against this worktree's local `HEAD` and pushes
+   each fix to the PR branch, so the worktree sits on the PR's head ref at the PR
+   HEAD before the workflow launches. A worktree fresh off `origin/main` has
+   `HEAD == origin/main`, shows an empty diff, and reports a false convergence
+   with zero findings. When a local worktree already tracks the PR branch, enter
+   that one by passing its path to `EnterWorktree`; otherwise put the entered
+   worktree on the branch with `gh pr checkout <number> --repo <owner>/<repo>`
+   (or `git fetch origin <headRefName>` then `git switch <headRefName>`). Confirm
+   before launching: `git rev-parse --abbrev-ref HEAD` equals the PR's head ref
+   and local `HEAD` equals the PR head SHA.
+
 3. **Verify the worktree is the PR's repo (strict pre-flight).** Run
    `python "$HOME/.claude/skills/_shared/pr-loop/scripts/preflight_worktree.py" --owner <owner> --repo <repo> --mode strict`.
    It confirms the working directory is a checkout of the PR's own repo and
@@ -56,6 +70,17 @@ PR's owner.
 4. **Grant project permissions.**
    `python "$HOME/.claude/skills/bugteam/scripts/grant_project_claude_permissions.py"`
 
+   In auto-mode the classifier blocks this grant as an unrequested change to the
+   permission allowlist: the `/autoconverge` invocation alone does not meet its
+   bar for an explicitly requested permission change. When it is blocked, keep
+   the run alive — surface the grant to the user through `AskUserQuestion` with
+   the exact command and ask them to approve it or run it themselves with the `!`
+   prefix:
+   `! python "$HOME/.claude/skills/bugteam/scripts/grant_project_claude_permissions.py"`.
+   Continue once the grant lands. A user who wants future runs to skip this
+   prompt can add a standing Bash permission allow-rule for that script in their
+   settings.
+
 ## Run the workflow
 
 Call the `Workflow` tool against the colocated script:

package/skills/autoconverge/workflow/converge.contract.test.mjs

@@ -220,37 +220,61 @@ test('the fix flow spawns a code-verifier step between the edit step and the com
   );
 });
 
-function constantBody(constantName) {
-  const constantStart = convergeSource.indexOf(`const ${constantName} =`);
-  assert.notEqual(constantStart, -1, `expected ${constantName} to exist`);
-  const nextConstantStart = convergeSource.indexOf('\nconst ', constantStart + 1);
-  const constantEnd = nextConstantStart === -1 ? convergeSource.length : nextConstantStart;
-  return convergeSource.slice(constantStart, constantEnd);
-}
-
-test('the shared verdict-fence steps name the binding-hash command and the verdict fence', () => {
-  const fenceSteps = constantBody('VERDICT_FENCE_STEPS');
-  assert.match(fenceSteps, /--manifest-hash/, 'expected the binding-hash command to be named');
+test('the shared verdict-fence builder names the binding-hash command and the verdict fence', () => {
+  const fenceBuilder = lensPromptBody('buildVerdictFenceSteps');
   assert.match(
-    fenceSteps,
+    fenceBuilder,
+    /--manifest-hash-for-branch/,
+    'expected the binding-hash command to use --manifest-hash-for-branch (cwd-immune)',
+  );
+  assert.doesNotMatch(
+    fenceBuilder,
+    /--manifest-hash(?!-for-branch)/,
+    'expected the old --manifest-hash <REPO> form to be removed in favour of --manifest-hash-for-branch',
+  );
+  assert.match(
+    fenceBuilder,
     /verification_verdict_store\.py/,
     'expected the verdict-store script that computes the binding hash to be named',
   );
-  assert.match(fenceSteps, /```verdict/, 'expected the verdict fence to be specified');
-  assert.match(fenceSteps, /manifest_sha256/, 'expected the verdict fence to carry manifest_sha256');
+  assert.match(fenceBuilder, /```verdict/, 'expected the verdict fence to be specified');
+  assert.match(fenceBuilder, /manifest_sha256/, 'expected the verdict fence to carry manifest_sha256');
+  assert.match(
+    fenceBuilder,
+    /gh pr view/,
+    'expected buildVerdictFenceSteps to resolve the head branch via gh pr view (cwd-immune)',
+  );
+  assert.match(
+    fenceBuilder,
+    /headRefName/,
+    'expected buildVerdictFenceSteps to extract the headRefName from gh pr view output',
+  );
+});
+
+test('the verdict-fence binding does not self-resolve a cwd via git rev-parse for the manifest hash', () => {
+  const fenceBuilder = lensPromptBody('buildVerdictFenceSteps');
+  assert.doesNotMatch(
+    fenceBuilder,
+    /git rev-parse --show-toplevel/,
+    'expected the binding hash to be cwd-immune (no git rev-parse in the binding step)',
+  );
 });
 
-test('every verify step reuses the shared verdict-fence steps, uses code-verifier, and forbids edits', () => {
+test('every verify step calls buildVerdictFenceSteps, uses code-verifier, and forbids edits', () => {
   for (const verifyFunctionName of [
     'verifyFixesInWorkingTree',
     'verifyRepairChanges',
-    'verifyHardeningChanges',
   ]) {
     const verifyBody = lensPromptBody(verifyFunctionName);
     assert.match(
       verifyBody,
-      /VERDICT_FENCE_STEPS/,
-      `expected ${verifyFunctionName} to reuse the shared VERDICT_FENCE_STEPS`,
+      /buildVerdictFenceSteps\(/,
+      `expected ${verifyFunctionName} to call buildVerdictFenceSteps (cwd-immune branch binding)`,
+    );
+    assert.doesNotMatch(
+      verifyBody,
+      /VERDICT_FENCE_STEPS(?!\s*\))/,
+      `expected ${verifyFunctionName} not to reference the removed VERDICT_FENCE_STEPS constant`,
     );
     assert.match(
       verifyBody,
@@ -270,6 +294,46 @@ test('every verify step reuses the shared verdict-fence steps, uses code-verifie
   }
 });
 
+test('verifyHardeningChanges uses --manifest-hash-for-branch with the hardening branch, uses code-verifier, and forbids edits', () => {
+  const verifyBody = lensPromptBody('verifyHardeningChanges');
+  assert.match(
+    verifyBody,
+    /--manifest-hash-for-branch/,
+    'expected verifyHardeningChanges to bind by hardening branch (cwd-immune)',
+  );
+  assert.doesNotMatch(
+    verifyBody,
+    /--manifest-hash(?!-for-branch)/,
+    'expected verifyHardeningChanges not to use the old --manifest-hash <REPO> form',
+  );
+  assert.match(
+    verifyBody,
+    /agentType:\s*'code-verifier'/,
+    'expected verifyHardeningChanges to spawn the code-verifier agent type',
+  );
+  assert.doesNotMatch(
+    verifyBody,
+    /schema:/,
+    'expected verifyHardeningChanges to pass no schema so its verdict fence stays as assistant text',
+  );
+  assert.match(
+    verifyBody,
+    /do no edits|make no edits|not edit|no file edits/i,
+    'expected verifyHardeningChanges to be told to make no edits',
+  );
+});
+
+test('verifyFixesInWorkingTree and verifyRepairChanges pass input.owner, input.repo, input.prNumber to buildVerdictFenceSteps', () => {
+  for (const verifyFunctionName of ['verifyFixesInWorkingTree', 'verifyRepairChanges']) {
+    const verifyBody = lensPromptBody(verifyFunctionName);
+    assert.match(
+      verifyBody,
+      /buildVerdictFenceSteps\(input\.owner,\s*input\.repo,\s*input\.prNumber\)/,
+      `expected ${verifyFunctionName} to pass PR coordinates to buildVerdictFenceSteps`,
+    );
+  }
+});
+
 test('the commit step is instructed to make no further file edits', () => {
   const commitBody = lensPromptBody('commitVerifiedFixes');
   assert.match(