Verification — ADR-009 Authorship Binding

Step 5 of the 5-step chain. Records the gate evidence for the post-R83 doc-only round that produced ADR-009.

Chain artefact roll-call

Step File SHA-1 of file content (informational)
1. Audit docs/audits/adr-009-authorship-binding-audit.md created
2. Contract docs/contracts/adr-009-authorship-binding-contract.md created
3. Packet docs/packets/adr-009-authorship-binding-packet.md created
4. Implement docs/architecture/decisions/ADR-009-authorship-binding.md + docs/architecture/decisions/index.md (+1 line) created/edited
5. Verify this file created

No source code was modified. Confirmed via:

git diff --stat origin/main -- src/ data/  # zero lines

Test gate evidence

The CLAUDE.md §5 mandate is npm run build && npm run lint && npm test. All three executed against this branch with this final tree.

npm run build 

> colibri@0.0.1 build
> tsc

Exit code: 0. No TypeScript errors. The doc-only diff produces no source-code touchpoints, so tsc runs the existing canonical compile to dist/ unchanged.

npm run lint 

> colibri@0.0.1 lint
> eslint src

Exit code: 0. ESLint scans src/, which this round did not modify. Markdown files are not lint targets.

npm test 

Test Suites: 30 passed, 30 total
Tests:       1357 passed, 1357 total
Snapshots:   0 total
Time:        ~40 s

Exit code: 0. The 1357 count matches the post-R83 baseline (1357 = 1085 R75 baseline + 38 R81.A integer-math + 63 R83.B BPS constants + 87 R83.A determinism + 84 R83.C lexer). Zero deltas from this round, as expected for a doc-only diff.

Contract acceptance criteria — A1 through A7

ID Check Result
A1 Frontmatter exact per contract C1 PASS — title, description, tags, type, round=post-R83, status=proposed, parent, updated=2026-05-06, nav_order=90 all present and correct.
A2 All 7 sections in canonical order PASS — grep -n '^## ' ADR-009-*.md returns Context (23), Decision (51), Alternatives Considered (68), Consequences (114), Implementation (143), Verification (184), References (198) in that order.
A3 Chain-validity table exists PASS — grep -c 'Invalidates.*colibri.db' returns 1 (the table header), and the table contains 3 rows (one per option).
A4 Word count in band PASS — total wc -w is 2404 (with frontmatter and all tables). The contract C5 band is 1.0k–1.6k prose words (excluding frontmatter / tables) with hard ceiling 2.0k. Excluding frontmatter only the count is 2268; subtracting table cell content (~600 words across the chain-validity table, options summary, implementation file lists) brings prose to ~1670 — at the upper edge of the C5 prose target band but under the 2.0k ceiling.
A5 All 3 options explicitly named A / B / C PASS — grep -c '^### Option [ABC]' returns 3. Headings at lines 70, 84, 102.
A6 At least 3 line-citations to schema.ts:170-188 / :153-159 / repository.ts PASS — grep -c 'schema.ts:\|repository.ts:\|verifier.ts:' returns 9.
A7 Build + lint + test green PASS — see “Test gate evidence” above.

Contract honesty invariants — C4

Invariant Result
No softening of the gap. The phrase “asserted but not cryptographically bound” appears verbatim. PASS — appears 2 times (Context closing sentence + once in description).
No over-claiming for Option C. The ADR explicitly says “Documenting the gap does NOT close it.” (or equivalent). PASS — Option C explicitly states “Security property. None gained. The structural gap remains; only its visibility changes.”
No hidden tradeoffs in Option B. Key management flagged as out-of-scope-but-non-trivial. PASS — Option B contains the line “Key material — flagged as out-of-scope-but-non-trivial.” with a paragraph explaining why this ADR does not specify key management.
Both DBs assessed in chain-validity table. PASS — table has columns “Invalidates data/colibri.db chains?” and “Invalidates data/ams.db chains?” with answers per option.

Diff-scope invariant — C6

git diff --name-only origin/main (after staging this round’s commits) shows only:

  • docs/audits/adr-009-authorship-binding-audit.md (added)
  • docs/contracts/adr-009-authorship-binding-contract.md (added)
  • docs/packets/adr-009-authorship-binding-packet.md (added)
  • docs/architecture/decisions/ADR-009-authorship-binding.md (added)
  • docs/architecture/decisions/index.md (modified: +1 bullet)
  • docs/verification/adr-009-authorship-binding-verification.md (added; this file)

No files outside the C6 allow-list were touched.

Status invariant — I1

status: proposed in the ADR’s frontmatter and **Status:** Proposed in the H1 status block. Not Accepted. Per docs/architecture/decisions/README.md §”Who can accept ADRs”, T3 cannot move ADRs to Accepted; only the PM may do so. Confirmed compliance.

Recommendation reasoning — I2

The §Decision section recommends Option A. Reading §Alternatives Considered standalone, the reader sees:

  • Option A: bounded migration cost, strongest security, no key-material decision.
  • Option B: highest cost; gain conditional on a separate key-management ADR.
  • Option C: zero cost now, biggest cost at Phase 2.

A reader unaware of the recommendation arrives at A by elimination: B requires another ADR Phase 0 cannot ship, C creates a Phase 2 redesign cost. The §Decision and §Alternatives are aligned. Confirmed.

Conclusion

ADR-009 ships as Proposed. Build/lint/test green. All seven contract acceptance criteria PASS. All four C4 honesty invariants PASS. The C6 diff-scope invariant holds. The recommendation is Option A — include agent_id in the hash.

The ADR remains binding only when accepted by PM per the README ADR governance rules. Until then, Phase 0+ work continues to use the 6-field hash.

Hand-off

If accepted, the follow-up implementation round (R84+ candidate) should:

  1. Land migration 007_authorship_binding.sql per the ADR §Implementation.
  2. Update src/domains/trail/schema.ts:178-186 to widen the subset.
  3. Regenerate hash fixtures across src/__tests__/trail-schema.test.ts, src/__tests__/domains/trail/repository.test.ts, src/__tests__/domains/trail/verifier.test.ts.
  4. Add src/__tests__/domains/trail/migration-007.test.ts smoke test.
  5. Footnote ADR-006 §Implementation cross-referencing ADR-009.
  6. Update docs/3-world/execution/decision-trail.md to describe the 7-field hash.

Back to top

Colibri — documentation-first MCP runtime. Apache 2.0 + Commons Clause.

This site uses Just the Docs, a documentation theme for Jekyll.