strict-enforcement

Strict Enforcement Verification Methodology

When to use this skill

Use this skill when you need to:

• Run the claudikins-kernel:verify command
• Validate implementation before shipping
• Decide pass/fail verdicts
• Check code integrity after changes
• Enforce cross-command gates

Core Philosophy

"Evidence before assertions. Always." - Verification philosophy

Never claim code works without seeing it work. Tests passing is not enough. Claude must SEE the output.

The Three Laws

1. See it working - Screenshots, curl responses, CLI output. Actual evidence.
2. Human checkpoint - No auto-shipping. Human reviews evidence and decides.
3. Exit code 2 gates - Verification failures block claudikins-kernel:ship. No exceptions.

Verification Phases

Phase 1: Automated Quality Checks

Run the automated checks first. Fast feedback.

Check	Command Pattern	What It Catches
Tests	npm test / pytest / cargo test	Logic errors, regressions
Lint	npm run lint / ruff / clippy	Style issues, common bugs
Types	tsc / mypy / cargo check	Type mismatches, interface drift
Build	npm run build / cargo build	Compilation errors, bundling issues

Flaky Test Detection (C-12):

Test fails?
├── Re-run failed tests
├── Pass 2nd time?
│   └── Yes → STOP: [Accept flakiness] [Fix tests] [Abort]
└── Fail 2nd time?
    ├── Run isolated
    └── Still fail? → STOP: [Fix] [Skip] [Abort]

Phase 2: Output Verification (catastrophiser)

This is the feedback loop that makes Claude's code actually work.

Project Type	Verification Method	Evidence
Web app	Start server, screenshot, test flows	Screenshots, console logs
API	Curl endpoints, check responses	Status codes, response bodies
CLI	Run commands, capture output	stdout, stderr, exit codes
Library	Run examples, check results	Output values, test coverage
Service	Check logs, verify health endpoint	Log patterns, health responses

Fallback Hierarchy (A-3):

If primary method unavailable, fall back:

1. Start server + screenshot (preferred for web)
2. Curl endpoints (preferred for API)
3. Run CLI commands (preferred for CLI)
4. Run tests only (fallback)
5. Code review only (last resort)

Timeout: 30 seconds per verification method (CMD-30).

Phase 3: Code Simplification (Optional)

After verification passes, optionally run cynic for polish.

Prerequisites:

• Phase 2 (catastrophiser) must PASS
• Human approves: "Run cynic for polish pass?"

cynic Rules:

• Preserve exact behaviour (tests MUST still pass)
• Remove unnecessary abstraction
• Improve naming clarity
• Delete dead code
• Flatten nested conditionals

If tests fail after simplification:

• Log failure reasons
• Show human
• Proceed anyway (A-5) with caveat

See cynic-rollback.md for recovery patterns.

Phase 4: Klaus Escalation

If stuck during verification:

Is mcp__claudikins-klaus available? (E-16)
├── No →
│   Offer: [Manual review] [Ask Claude differently] (E-17)
│   Fallback: [Accept with uncertainty] [Max retries, abort] (E-18)
└── Yes →
    Spawn klaus via SubagentStop hook

Phase 5: Human Checkpoint

The final gate. Present comprehensive evidence.

Verification Report
-------------------
Tests:  ✓ 47/47 passed
Lint:   ✓ 0 issues
Types:  ✓ 0 errors
Build:  ✓ success

Evidence:
- Screenshot: .claude/evidence/login-flow.png
- API test: POST /api/auth → 200 OK
- CLI test: mycli --help → exit 0

[Ready to Ship] [Needs Work] [Accept with Caveats]

Human decides. If approved, set unlock_ship = true.

Rationalizations to Resist

Agents under pressure find excuses. These are all violations:

Excuse	Reality
"Tests pass, that's good enough"	Tests aren't enough. SEE it working. Screenshots, curl, output.
"I'll verify after shipping"	Verify BEFORE ship. That's the whole point.
"The type checker caught everything"	Types don't catch runtime issues. Get evidence.
"Screenshot failed but it probably works"	"Probably" isn't evidence. Fix the screenshot or use fallback.
"Human checkpoint is just a formality"	Human checkpoint is the gate. No auto-shipping.
"Code review is enough for this change"	Code review is last resort fallback. Try harder.
"Tests are flaky, I'll ignore the failure"	Flaky tests hide real failures. Fix or explicitly accept with caveat.
"Exit code 2 is too strict"	Exit code 2 exists to block bad ships. Pass properly.

All of these mean: Get evidence. Human decides. No shortcuts.

Red Flags — STOP and Reassess

If you're thinking any of these, you're about to violate the methodology:

• "It should work because..."
• "The tests pass so..."
• "I'm confident that..."
• "It worked before..."
• "The types check so..."
• "I'll just skip verification this once"
• "Human will approve anyway"
• "Evidence isn't necessary for this change"

All of these mean: STOP. Get evidence. Present to human. Let them decide.

Exit Code 2 Pattern (CRITICAL)

The verify-gate.sh hook enforces the gate:

# Both conditions MUST be true
ALL_PASSED=$(jq -r '.all_checks_passed' "$STATE")
HUMAN_APPROVED=$(jq -r '.human_checkpoint.decision' "$STATE")

if [ "$ALL_PASSED" != "true" ]; then
  exit 2  # Blocks claudikins-kernel:ship
fi

if [ "$HUMAN_APPROVED" != "ready_to_ship" ]; then
  exit 2  # Blocks claudikins-kernel:ship
fi

File Manifest (C-6):

At verification completion, generate SHA256 hashes of all source files:

find . \( -name '*.ts' -o -name '*.py' -o -name '*.rs' \) \
  | xargs sha256sum > .claude/verify-manifest.txt

This lets claudikins-kernel:ship detect if code was modified after verification.

Cross-Command Gate (C-14)

claudikins-kernel:verify requires claudikins-kernel:execute to have completed:

if [ ! -f "$EXECUTE_STATE" ]; then
  echo "ERROR: claudikins-kernel:execute has not been run"
  exit 2
fi

This enforces the claudikins-kernel:outline → claudikins-kernel:execute → claudikins-kernel:verify → claudikins-kernel:ship flow.

Agent Integration

Agent	Role	When
catastrophiser	See code working	Phase 2: Output verification
cynic	Polish pass	Phase 3: Simplification (optional)

Both agents run with context: fork and background: true.

See agent-integration.md for coordination patterns.

State Tracking

verify-state.json

{
  "session_id": "verify-2026-01-16-1100",
  "execute_session_id": "execute-2026-01-16-1030",
  "branch": "execute/task-1-auth-middleware",
  "phases": {
    "test_suite": { "status": "PASS", "count": 47 },
    "lint": { "status": "PASS", "issues": 0 },
    "type_check": { "status": "PASS", "errors": 0 },
    "output_verification": { "status": "PASS", "agent": "catastrophiser" },
    "code_simplification": { "status": "PASS", "agent": "cynic" }
  },
  "all_checks_passed": true,
  "human_checkpoint": {
    "decision": "ready_to_ship",
    "caveats": []
  },
  "unlock_ship": true,
  "verified_manifest": "sha256:...",
  "verified_commit_sha": "abc123..."
}

Anti-Patterns

Don't do these:

• Trusting test results without seeing code run
• Skipping output verification because "tests pass"
• Auto-approving verification without human checkpoint
• Modifying code after verification passes
• Ignoring flaky test warnings
• Proceeding when lint/type checks fail

Edge Case Handling

Situation	Reference
Tests hang or timeout	test-timeout-handling.md
Auto-fix breaks code	lint-fix-validation.md
Primary verification fails	verification-method-fallback.md
Type-check results unclear	type-check-confidence.md
cynic breaks tests	cynic-rollback.md
Large project state	verify-state-compression.md

References

Full documentation in this skill's references/ folder:

• verification-checklist.md - Complete verification checklist
• red-flags.md - Common rationalisation patterns
• agent-integration.md - How catastrophiser and cynic coordinate
• advanced-verification.md - Complex verification scenarios
• test-timeout-handling.md - When tests hang (S-13)
• lint-fix-validation.md - Validating auto-fix safety (S-14)
• verification-method-fallback.md - Fallback strategies (S-15)
• type-check-confidence.md - Interpreting type results (S-16)
• cynic-rollback.md - Rolling back failed simplifications (S-17)
• verify-state-compression.md - State management for large projects (S-18)