Reviewer final reports must not claim proof-sensitive workflow steps
unless each claim carries explicit command/tool evidence or structured
MCP result metadata:
- New reviewer_proof_backed_claims.py verifier covering the five claim
families from the issue: inventory completeness (explicit pagination
metadata required; page-size assumptions rejected), earlier-PR skips
(per-PR command/tool or structured mergeability/blocker evidence),
baseline validation (worktree path, target SHA, dirty-before, exact
command, exact result, dirty-after), master integration (exact
merge/rebase/simulation command), and cleanup (final git worktree
list proof).
- PROOF_PROVENANCE_CLASSES constant distinguishes command actually run,
MCP metadata, inherited from previous blocker state, and not checked.
- Re-export from review_proofs and wire into build_final_report as a
downgrade check with proof_backed_claims_proven/violations fields.
- New workflow section 30A documents the rule; contract test locks the
marker and an export test locks the re-export.
- 13 tests in tests/test_reviewer_proof_backed_claims.py covering the
required scenarios: baseline claim without command, skipped-PR claim
without evidence, inventory-complete from page-size assumption only,
cleanup without final worktree proof, and a fully proof-backed report
passing.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>