mustflow 2.11.0 → 2.17.0

package/dist/core/repro-evidence.js

@@ -3,51 +3,132 @@ const TEXT_FIELD_LABELS = {
     expected_behavior: 'expected behavior',
     observed_behavior: 'observed behavior',
 };
-const ITEM_FIELD_LABELS = {
-    original_reproduction: 'original reproduction path',
-    evidence_before_fix: 'before-fix evidence',
-    evidence_after_fix: 'after-fix evidence',
-    regression_guard: 'regression guard',
-};
-export function createReproEvidenceRisks(report) {
+function pushRisk(risks, detail, verdictEffect = 'partial') {
+    risks.push({
+        code: 'repro_evidence_missing',
+        severity: verdictEffect === 'contradicted' ? 'critical' : 'high',
+        detail,
+        verdict_effect: verdictEffect,
+    });
+}
+function collectReceiptBindingRisks(phaseLabel, evidence, options, risks) {
+    if (!evidence.receipt_path || !evidence.receipt_sha256 || !evidence.verification_plan_id) {
+        pushRisk(risks, `Bug-fix repro evidence ${phaseLabel} observation is not bound to receipt_path, receipt_sha256, and verification_plan_id.`);
+        return;
+    }
+    if (options.verificationPlanId && evidence.verification_plan_id !== options.verificationPlanId) {
+        pushRisk(risks, `Bug-fix repro evidence ${phaseLabel} receipt is stale for the current verification plan.`);
+    }
+}
+function collectBeforeFixRisks(report, options, risks) {
+    if (report.before_fix.status === 'missing') {
+        pushRisk(risks, 'Bug-fix repro evidence is missing before-fix reproduction; reproduce the original failure or mark it unavailable before claiming verification.');
+        return;
+    }
+    if (report.before_fix.status === 'unavailable') {
+        pushRisk(risks, report.before_fix.reason
+            ? 'Bug-fix repro evidence marks before-fix reproduction unavailable; the result cannot be verified without the original failure being observed.'
+            : 'Bug-fix repro evidence marks before-fix reproduction unavailable without explaining why.');
+        return;
+    }
+    if (!report.before_fix.summary) {
+        pushRisk(risks, 'Bug-fix repro evidence reproduced the before-fix failure but does not summarize the evidence.');
+    }
+    if (report.before_fix.outcome !== 'failed_as_expected') {
+        pushRisk(risks, 'Bug-fix repro evidence reproduced the before-fix path without outcome failed_as_expected.');
+    }
+    collectReceiptBindingRisks('before-fix', report.before_fix, options, risks);
+}
+function collectRouteIdentityRisks(report, risks) {
+    if (!report.reproduction_route.route_id) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing reproduction_route.route_id.', 'unverified');
+    }
+    if (!report.reproduction_route.route_kind) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing reproduction_route.route_kind.');
+    }
+    if (!report.reproduction_route.route_digest) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing reproduction_route.route_digest.', 'unverified');
+    }
+    if (!report.reproduction_route.failure_oracle_hash) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing reproduction_route.failure_oracle_hash.');
+    }
+    if (report.reproduction_route.steps.length === 0) {
+        pushRisk(risks, 'Bug-fix repro evidence is missing bounded reproduction route steps.', 'unverified');
+    }
+}
+function collectAfterFixRisks(report, options, risks) {
+    if (report.after_fix.status === 'missing') {
+        pushRisk(risks, 'Bug-fix repro evidence is missing after-fix same-route evidence; rerun the original route after the fix before claiming verification.', 'unverified');
+        return;
+    }
+    if (report.after_fix.status === 'unavailable') {
+        pushRisk(risks, report.after_fix.reason
+            ? 'Bug-fix repro evidence marks after-fix same-route evidence unavailable; the result cannot be verified without a post-fix pass.'
+            : 'Bug-fix repro evidence marks after-fix same-route evidence unavailable without explaining why.', 'unverified');
+        return;
+    }
+    if (report.after_fix.status === 'failed') {
+        pushRisk(risks, 'Bug-fix repro evidence says the after-fix route still failed.', 'contradicted');
+        return;
+    }
+    if (!report.after_fix.summary) {
+        pushRisk(risks, 'Bug-fix repro evidence marks after-fix evidence passed but does not summarize the evidence.');
+    }
+    if (report.after_fix.outcome !== 'passed_expected_behavior') {
+        pushRisk(risks, 'Bug-fix repro evidence marks after-fix evidence passed without outcome passed_expected_behavior.', 'unverified');
+    }
+    if (!report.after_fix.same_route_as) {
+        pushRisk(risks, 'Bug-fix repro evidence marks after-fix evidence passed without same_route_as.', 'unverified');
+    }
+    if (report.reproduction_route.route_id &&
+        report.after_fix.same_route_as &&
+        report.after_fix.same_route_as !== report.reproduction_route.route_id) {
+        pushRisk(risks, 'Bug-fix repro evidence after_fix.same_route_as does not match reproduction_route.route_id.');
+    }
+    collectReceiptBindingRisks('after-fix', report.after_fix, options, risks);
+}
+function collectRegressionGuardRisks(report, options, risks) {
+    if (report.regression_guard.status === 'missing') {
+        pushRisk(risks, 'Bug-fix repro evidence is missing a regression guard; add or identify the guard before claiming verification.');
+        return;
+    }
+    if (report.regression_guard.status === 'unavailable') {
+        pushRisk(risks, report.regression_guard.reason
+            ? 'Bug-fix repro evidence marks the regression guard unavailable; the result cannot be verified without a guard or explicit limitation.'
+            : 'Bug-fix repro evidence marks the regression guard unavailable without explaining why.');
+        return;
+    }
+    if (report.regression_guard.status === 'failed') {
+        pushRisk(risks, 'Bug-fix repro evidence says the regression guard failed.', 'contradicted');
+        return;
+    }
+    if (!report.regression_guard.summary) {
+        pushRisk(risks, 'Bug-fix repro evidence marks the regression guard passed but does not summarize the evidence.');
+    }
+    if (!report.regression_guard.intent && !report.regression_guard.test_path) {
+        pushRisk(risks, 'Bug-fix repro evidence marks the regression guard passed without an intent or test path.');
+    }
+    collectReceiptBindingRisks('regression-guard', report.regression_guard, options, risks);
+}
+export function createReproEvidenceRisks(report, options = {}) {
     if (!report) {
         return [];
     }
     const risks = [];
     for (const [field, label] of Object.entries(TEXT_FIELD_LABELS)) {
         if (!report[field]) {
-            risks.push({
-                code: 'repro_evidence_missing',
-                severity: 'high',
-                detail: `Bug-fix repro evidence is missing ${label}; do not mark the task verified from command receipts alone.`,
-            });
-        }
-    }
-    for (const [field, label] of Object.entries(ITEM_FIELD_LABELS)) {
-        const item = report[field];
-        if (item.status === 'missing') {
-            risks.push({
-                code: 'repro_evidence_missing',
-                severity: 'high',
-                detail: `Bug-fix repro evidence is missing ${label}; rerun or explicitly mark it unavailable before claiming verification.`,
-            });
-            continue;
-        }
-        if (item.status === 'present' && !item.summary) {
-            risks.push({
-                code: 'repro_evidence_missing',
-                severity: 'high',
-                detail: `Bug-fix repro evidence marks ${label} present but does not summarize the evidence.`,
-            });
-            continue;
-        }
-        if (item.status === 'unavailable' && !item.reason) {
-            risks.push({
-                code: 'repro_evidence_missing',
-                severity: 'high',
-                detail: `Bug-fix repro evidence marks ${label} unavailable without explaining why.`,
-            });
+            pushRisk(risks, `Bug-fix repro evidence is missing ${label}; do not mark the task verified from command receipts alone.`);
         }
     }
+    collectRouteIdentityRisks(report, risks);
+    collectBeforeFixRisks(report, options, risks);
+    collectAfterFixRisks(report, options, risks);
+    collectRegressionGuardRisks(report, options, risks);
     return risks;
 }
+export function countReproEvidenceVerdictEffects(risks) {
+    return {
+        contradicted: risks.filter((risk) => risk.verdict_effect === 'contradicted').length,
+        unverified: risks.filter((risk) => risk.verdict_effect === 'unverified').length,
+    };
+}

package/dist/core/validation-ratchet.js

@@ -1,10 +1,33 @@
+import { spawnSync } from 'node:child_process';
 import { existsSync, readFileSync } from 'node:fs';
 import path from 'node:path';
 const TEST_CHANGE_KINDS = new Set(['test', 'test_fixture']);
 const SKIP_OR_ONLY_MARKER = /\b(?:describe|it|test)\s*\.\s*(?:skip|only)\s*\(/u;
+const TODO_OR_PENDING_MARKER = /\b(?:describe|it|test)\s*\.\s*(?:todo|pending)\s*\(/u;
+const ASSERTION_CALL = /\b(?:assert(?:\.\w+)?|expect)\s*\(/u;
+const STRONG_ASSERTION = /\b(?:assert\.(?:equal|deepEqual|strictEqual|throws|rejects)|to(?:Equal|StrictEqual|Be|Throw)|throws|rejects)\b/u;
+const WEAK_ASSERTION = /\b(?:assert\.ok|toBeDefined|toBeTruthy|toBeFalsy)\b/u;
+const NEGATIVE_ASSERTION = /\b(?:notEqual|notDeepEqual|doesNotMatch|doesNotThrow|\.not\.)\b/u;
+const EXCEPTION_ASSERTION = /\b(?:assert\.(?:throws|rejects|doesNotThrow|doesNotReject)|toThrow|rejects|throws)\b/u;
+const SNAPSHOT_PATH = /(?:^|\/)(?:__snapshots__\/|snapshots\/)|\.snap$/u;
+const GOLDEN_PATH = /(?:^|\/)(?:golden|fixtures|expected)(?:\/|-)|(?:\.golden\.|\.expected\.)/u;
+const JAVASCRIPT_TEST_PATH = /(?:^|\/)[^/]+\.(?:test|spec)\.[cm]?[jt]sx?$/u;
+const COMMAND_CONTRACT_PATH = '.mustflow/config/commands.toml';
+const TEST_SELECTION_PATTERN = /(?:--(?:grep|testNamePattern|testPathPattern|runTestsByPath|test-name-pattern)|\bgrep\s*=|\btestNamePattern\b|\btestPathPattern\b)/u;
+const COMMAND_ALLOWS_NO_TESTS_PATTERN = /(?:passWithNoTests|--pass-with-no-tests|--passWithNoTests)/u;
+const COMMAND_FORCES_SNAPSHOT_UPDATE_PATTERN = /(?:updateSnapshot|--update-snapshot|--updateSnapshot|\s-u(?:\s|"))/u;
+const COMMAND_HIDES_FAILURE_PATTERN = /(?:\|\|\s*true|;\s*true\b|&&\s*true\b|\bexit\s+0\b)/u;
+const CRITICAL_RATCHET_CODES = new Set([
+    'success_exit_codes_widened',
+    'command_allows_no_tests',
+    'command_hides_failure',
+]);
 function isTestClassification(classification) {
     return classification.surface.category === 'test' || classification.changeKinds.some((kind) => TEST_CHANGE_KINDS.has(kind));
 }
+function isJavaScriptTestPath(relativePath) {
+    return JAVASCRIPT_TEST_PATH.test(relativePath);
+}
 function resolveInsideRoot(projectRoot, relativePath) {
     const resolvedPath = path.resolve(projectRoot, relativePath);
     const relative = path.relative(projectRoot, resolvedPath);
@@ -25,27 +48,148 @@ function fileTextIfReadable(projectRoot, relativePath) {
         return null;
     }
 }
+function gitDiffLines(projectRoot, relativePath) {
+    const result = spawnSync('git', ['diff', '--no-ext-diff', '--unified=0', '--', relativePath], {
+        cwd: projectRoot,
+        encoding: 'utf8',
+        windowsHide: true,
+    });
+    if (result.status !== 0 || typeof result.stdout !== 'string' || result.stdout.length === 0) {
+        return { added: [], removed: [] };
+    }
+    const added = [];
+    const removed = [];
+    for (const line of result.stdout.split(/\r?\n/u)) {
+        if (line.startsWith('+++') || line.startsWith('---')) {
+            continue;
+        }
+        if (line.startsWith('+')) {
+            added.push(line.slice(1));
+        }
+        else if (line.startsWith('-')) {
+            removed.push(line.slice(1));
+        }
+    }
+    return { added, removed };
+}
+function countMatching(lines, pattern) {
+    return lines.filter((line) => pattern.test(line)).length;
+}
+function hasAny(lines, pattern) {
+    return lines.some((line) => pattern.test(line));
+}
+function extractCoverageNumbers(lines) {
+    return lines
+        .filter((line) => /\b(?:coverage|threshold|branches|functions|lines|statements)\b/iu.test(line))
+        .flatMap((line) => [...line.matchAll(/\b\d+(?:\.\d+)?\b/gu)].map((match) => Number(match[0])))
+        .filter((value) => Number.isFinite(value));
+}
+function isCommandContractPath(relativePath) {
+    return relativePath === COMMAND_CONTRACT_PATH;
+}
+function isValidationConfigPath(relativePath) {
+    return (isCommandContractPath(relativePath) ||
+        /(?:^|\/)(?:package\.json|jest\.config\.[cm]?[jt]s|vitest\.config\.[cm]?[jt]s|nyc\.config\.[cm]?[jt]s)$/u.test(relativePath) ||
+        /\bcoverage\b/u.test(relativePath));
+}
+function riskDetail(pathText, message) {
+    return `Changed validation path ${pathText} ${message}`;
+}
+export function countValidationRatchetVerdictEffects(risks) {
+    return {
+        contradicted: risks.filter((risk) => risk.severity === 'critical' && CRITICAL_RATCHET_CODES.has(risk.code)).length,
+    };
+}
 export function createValidationRatchetRisks(report, projectRoot) {
     const risks = [];
-    for (const classification of report.classifications.filter(isTestClassification)) {
+    const seenRisks = new Set();
+    function addRisk(code, severity, pathText, detail) {
+        const key = `${pathText}\0${code}`;
+        if (seenRisks.has(key)) {
+            return;
+        }
+        seenRisks.add(key);
+        risks.push({ code, severity, path: pathText, detail });
+    }
+    for (const classification of report.classifications) {
         const resolvedPath = resolveInsideRoot(projectRoot, classification.path);
-        if (report.source === 'changed' && (resolvedPath === null || !existsSync(resolvedPath))) {
-            risks.push({
-                code: 'related_test_deleted',
-                severity: 'high',
-                path: classification.path,
-                detail: `Changed test path ${classification.path} is absent; deleted related tests require review before marking the task verified.`,
-            });
-            continue;
+        const diff = report.source === 'changed' ? gitDiffLines(projectRoot, classification.path) : { added: [], removed: [] };
+        const addedText = diff.added.join('\n');
+        if (isTestClassification(classification)) {
+            if (report.source === 'changed' && (resolvedPath === null || !existsSync(resolvedPath))) {
+                addRisk('related_test_deleted', 'high', classification.path, `Changed test path ${classification.path} is absent; deleted related tests require review before marking the task verified.`);
+                continue;
+            }
+            if (isJavaScriptTestPath(classification.path)) {
+                const fileText = fileTextIfReadable(projectRoot, classification.path);
+                if (fileText !== null && SKIP_OR_ONLY_MARKER.test(fileText)) {
+                    addRisk('skip_or_only_marker_present', 'medium', classification.path, `Changed test path ${classification.path} contains a .skip or .only marker; review whether validation was weakened before marking the task verified.`);
+                }
+                if ((fileText !== null && TODO_OR_PENDING_MARKER.test(fileText)) || TODO_OR_PENDING_MARKER.test(addedText)) {
+                    addRisk('todo_or_pending_marker_added', 'medium', classification.path, `Changed test path ${classification.path} contains a todo or pending marker; review whether validation was deferred before marking the task verified.`);
+                }
+                const removedAssertionCount = countMatching(diff.removed, ASSERTION_CALL);
+                const addedAssertionCount = countMatching(diff.added, ASSERTION_CALL);
+                if (removedAssertionCount > addedAssertionCount) {
+                    addRisk('assertion_count_decreased', 'high', classification.path, riskDetail(classification.path, `removes ${removedAssertionCount} assertion line(s) and adds ${addedAssertionCount}; review whether validation strength decreased.`));
+                }
+                if (hasAny(diff.removed, STRONG_ASSERTION) && hasAny(diff.added, WEAK_ASSERTION)) {
+                    addRisk('assertion_matcher_weakened', 'high', classification.path, riskDetail(classification.path, 'replaces a stronger assertion with a weaker presence or truthiness assertion.'));
+                }
+                if (hasAny(diff.removed, NEGATIVE_ASSERTION)) {
+                    addRisk('negative_assertion_removed', 'high', classification.path, riskDetail(classification.path, 'removes a negative assertion; confirm the denied behavior is still covered.'));
+                }
+                if (hasAny(diff.removed, EXCEPTION_ASSERTION)) {
+                    addRisk('exception_assertion_removed', 'high', classification.path, riskDetail(classification.path, 'removes an exception assertion; confirm failure behavior is still covered.'));
+                }
+            }
+            if (SNAPSHOT_PATH.test(classification.path) && diff.added.length + diff.removed.length >= 20) {
+                addRisk('snapshot_mass_updated', 'medium', classification.path, riskDetail(classification.path, 'changes a large snapshot region; review that the update does not hide a regression.'));
+            }
+            if (GOLDEN_PATH.test(`${classification.path} `) && diff.added.length + diff.removed.length >= 20) {
+                addRisk('golden_output_replaced', 'medium', classification.path, riskDetail(classification.path, 'replaces a broad golden or expected-output region; review the behavioral reason.'));
+            }
+        }
+        if (isCommandContractPath(classification.path)) {
+            if (hasAny(diff.added, /\bstatus\s*=\s*"(?:manual_only|disabled|unknown)"/u)) {
+                addRisk('verification_intent_disabled', 'high', classification.path, riskDetail(classification.path, 'adds a non-runnable verification intent status.'));
+            }
+            if (hasAny(diff.removed, /\brequired_after\s*=/u) && !hasAny(diff.added, /\brequired_after\s*=/u)) {
+                addRisk('verification_required_after_removed', 'high', classification.path, riskDetail(classification.path, 'removes a required_after mapping from the command contract.'));
+            }
+            if (hasAny(diff.added, /\bsuccess_exit_codes\s*=\s*\[[^\]]*(?:[1-9]\d*|true)[^\]]*\]/u)) {
+                addRisk('success_exit_codes_widened', 'critical', classification.path, riskDetail(classification.path, 'widens success exit codes beyond the normal zero-exit contract.'));
+            }
+            if (hasAny(diff.added, COMMAND_ALLOWS_NO_TESTS_PATTERN)) {
+                addRisk('command_allows_no_tests', 'critical', classification.path, riskDetail(classification.path, 'allows a test command to pass when no tests run.'));
+            }
+            if (hasAny(diff.added, COMMAND_FORCES_SNAPSHOT_UPDATE_PATTERN)) {
+                addRisk('command_forces_snapshot_update', 'medium', classification.path, riskDetail(classification.path, 'adds snapshot update behavior to a verification command.'));
+            }
+            if (hasAny(diff.added, COMMAND_HIDES_FAILURE_PATTERN)) {
+                addRisk('command_hides_failure', 'critical', classification.path, riskDetail(classification.path, 'adds shell behavior that can hide command failure.'));
+            }
         }
-        const fileText = fileTextIfReadable(projectRoot, classification.path);
-        if (fileText !== null && SKIP_OR_ONLY_MARKER.test(fileText)) {
-            risks.push({
-                code: 'skip_or_only_marker_present',
-                severity: 'medium',
-                path: classification.path,
-                detail: `Changed test path ${classification.path} contains a .skip or .only marker; review whether validation was weakened before marking the task verified.`,
-            });
+        if (isValidationConfigPath(classification.path)) {
+            const removedCoverageNumbers = extractCoverageNumbers(diff.removed);
+            const addedCoverageNumbers = extractCoverageNumbers(diff.added);
+            if (removedCoverageNumbers.length > 0 &&
+                addedCoverageNumbers.length > 0 &&
+                Math.min(...addedCoverageNumbers) < Math.max(...removedCoverageNumbers)) {
+                addRisk('coverage_threshold_lowered', 'medium', classification.path, riskDetail(classification.path, 'lowers a coverage-related numeric threshold.'));
+            }
+            if (hasAny(diff.added, COMMAND_ALLOWS_NO_TESTS_PATTERN)) {
+                addRisk('command_allows_no_tests', 'critical', classification.path, riskDetail(classification.path, 'allows a validation script to pass when no tests run.'));
+            }
+            if (hasAny(diff.added, COMMAND_FORCES_SNAPSHOT_UPDATE_PATTERN)) {
+                addRisk('command_forces_snapshot_update', 'medium', classification.path, riskDetail(classification.path, 'adds snapshot update behavior to a validation script.'));
+            }
+            if (hasAny(diff.added, COMMAND_HIDES_FAILURE_PATTERN)) {
+                addRisk('command_hides_failure', 'critical', classification.path, riskDetail(classification.path, 'adds shell behavior that can hide validation failure.'));
+            }
+            if (hasAny(diff.added, TEST_SELECTION_PATTERN)) {
+                addRisk('test_selection_narrowed', 'medium', classification.path, riskDetail(classification.path, 'adds a test-selection filter; confirm coverage still matches the change.'));
+            }
         }
     }
     return risks;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mustflow",
-  "version": "2.11.0",
+  "version": "2.17.0",
   "description": "Agent workflow documents and CLI for mustflow repository roots.",
   "type": "module",
   "license": "MIT-0",
@@ -70,9 +70,9 @@
     "workflow"
   ],
   "devDependencies": {
-    "@types/node": "^25.6.2",
+    "@types/node": "^25.8.0",
     "@types/sql.js": "^1.4.11",
-    "fast-check": "^4.7.0",
+    "fast-check": "^4.8.0",
     "typescript": "^6.0.3"
   },
   "dependencies": {

package/schemas/dashboard-export.schema.json

@@ -326,6 +326,7 @@
             "source",
             "verification_plan_id",
             "changed_file_count",
+            "criteria",
             "matched_intents",
             "ran_intents",
             "passed_intents",
@@ -337,6 +338,14 @@
             "scope_diff_risk_count",
             "repeated_failure_count",
             "validation_ratchet_risk_count",
+            "repro_evidence_risk_count",
+            "external_evidence_risk_count",
+            "write_drift_risk_count",
+            "receipt_binding_risk_count",
+            "stale_receipt_count",
+            "plan_mismatch_count",
+            "risks",
+            "receipt_binding",
             "latest_run_status"
           ],
           "properties": {
@@ -346,6 +355,7 @@
               "pattern": "^sha256:[0-9a-f]{64}$"
             },
             "changed_file_count": { "type": ["integer", "null"] },
+            "criteria": { "$ref": "#/$defs/completionVerdictCriteria" },
             "matched_intents": { "type": "integer" },
             "ran_intents": { "type": "integer" },
             "passed_intents": { "type": "integer" },
@@ -357,6 +367,14 @@
             "scope_diff_risk_count": { "type": "integer" },
             "repeated_failure_count": { "type": "integer" },
             "validation_ratchet_risk_count": { "type": "integer" },
+            "repro_evidence_risk_count": { "type": "integer" },
+            "external_evidence_risk_count": { "type": "integer" },
+            "write_drift_risk_count": { "type": "integer" },
+            "receipt_binding_risk_count": { "type": "integer" },
+            "stale_receipt_count": { "type": "integer" },
+            "plan_mismatch_count": { "type": "integer" },
+            "risks": { "$ref": "#/$defs/completionVerdictRisks" },
+            "receipt_binding": { "$ref": "#/$defs/completionVerdictReceiptBinding" },
             "latest_run_status": { "type": ["string", "null"] }
           }
         },
@@ -374,6 +392,71 @@
         }
       }
     },
+    "completionVerdictCriteria": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["total", "covered", "partially_covered", "uncovered", "blocked", "contradicted"],
+      "properties": {
+        "total": { "type": "integer" },
+        "covered": { "type": "integer" },
+        "partially_covered": { "type": "integer" },
+        "uncovered": { "type": "integer" },
+        "blocked": { "type": "integer" },
+        "contradicted": { "type": "integer" }
+      }
+    },
+    "completionVerdictRisks": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "source_anchor",
+        "scope_diff",
+        "repeated_failure",
+        "validation_ratchet",
+        "repro_evidence",
+        "external_evidence",
+        "write_drift",
+        "receipt_binding",
+        "stale_receipt",
+        "plan_mismatch"
+      ],
+      "properties": {
+        "source_anchor": { "type": "integer" },
+        "scope_diff": { "type": "integer" },
+        "repeated_failure": { "type": "integer" },
+        "validation_ratchet": { "type": "integer" },
+        "repro_evidence": { "type": "integer" },
+        "external_evidence": { "type": "integer" },
+        "write_drift": { "type": "integer" },
+        "receipt_binding": { "type": "integer" },
+        "stale_receipt": { "type": "integer" },
+        "plan_mismatch": { "type": "integer" }
+      }
+    },
+    "completionVerdictReceiptBinding": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "plan_bound_count",
+        "plan_unbound_count",
+        "fingerprint_bound_count",
+        "fingerprint_unbound_count",
+        "current_state_bound_count",
+        "current_state_unavailable_count",
+        "stale_count",
+        "plan_mismatch_count"
+      ],
+      "properties": {
+        "plan_bound_count": { "type": "integer" },
+        "plan_unbound_count": { "type": "integer" },
+        "fingerprint_bound_count": { "type": "integer" },
+        "fingerprint_unbound_count": { "type": "integer" },
+        "current_state_bound_count": { "type": "integer" },
+        "current_state_unavailable_count": { "type": "integer" },
+        "stale_count": { "type": "integer" },
+        "plan_mismatch_count": { "type": "integer" }
+      }
+    },
     "harnessReport": {
       "type": "object",
       "additionalProperties": false,