thkt/verify
skills/verify/SKILL.md
Independent outcome-based verification with Codex + audit reviewers. Emits binary Ready/NotReady gate from reconciled static + dynamic evidence. Use when user mentions 検証して, verify, 独立検証, outcome verification, gate decision, trust score (legacy), adversarial testing. Do NOT use for quick code review (use /polish) or static-only audit (use /audit).
$ install --global
skillsauthnpx skillsauth add thkt/dotclaude verifyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 9:28 AM8.0s5 files scanned
SKILL.md
- name:
- verify
- description:
- |
- allowed-tools:
- Bash(codex:*), Bash(git worktree:*), Bash(git diff:*),
- Bash(git status:
- *), Bash(git log:*), Bash(git branch:*),
- Bash(npm ci:
- *), Bash(npm run:*), Bash(npm test:*),
- Bash(cargo:
- *), Bash(make:*), Bash(bun:*), Bash(pnpm:*),
- Bash(yarn:
- *), Bash(which:*), Bash(date:*), Bash(rm:*),
- model:
- opus
- argument-hint:
- [file paths or directory for target mode]
- user-invocable:
- true
/verify - Independent Outcome-Based Verification
Codex verifies independently in an isolated worktree. Claude Code orchestrates and synthesizes. Emits a binary Gate decision (Ready / NotReady) from reconciled static + dynamic evidence. No numeric score.
Rationalization Counters
| Excuse | Counter | | ------------------------------------ | ----------------------------------------------------------------- | | "Tests pass, so the code is correct" | Your tests, your environment. Independent verification is the gap | | "Codex will just find the same bugs" | Different model = different blind spots. That is the value | | "Adversarial testing takes too long" | Skip it if it does. Gate falls back to static-only mode | | "The code review already covered it" | Reviews read code. Verification runs code. Different evidence |
Input
| Arg | Value | Result |
| ---- | ----------------------- | ------------------------- |
| $1 | file path or directory | target mode |
| $1 | omitted (changes exist) | diff mode (auto-detect) |
Mode Selection
| Condition | Mode | Scope |
| ------------------------------------- | -------- | --------------------------- |
| $1 is a file path or directory | target | Specified paths |
| No $1, uncommitted changes exist | diff | Changed files (uncommitted) |
| No $1, commits ahead of base branch | diff | Changed files (branch diff) |
| No $1, no changes | — | Abort: "Nothing to verify" |
Base branch detection: main (default), override with --base <branch>.
Execution
| Phase | Action | Depends On | Detail | | ----- | ----------------------------------------- | ---------- | ------------------------------------------------------- | | 0 | Bootstrap worktree | — | references/bootstrap.md | | 1 | Evidence collection (parallel) | Phase 0 | references/phase-details.md § Phase 1 | | 2 | Deep verification (parallel) | Phase 1 | references/phase-details.md § Phase 2 | | 2.5 | Intent verification (adversarial results) | Phase 2 | references/phase-details.md § Phase 2.5 | | 3 | Evidence synthesis | Phase 2.5 | references/phase-details.md § Phase 3 | | final | Worktree cleanup | Always | references/phase-details.md § Cleanup |
Phase 0 constraints: Timeout 300s. On failure: skip Phase 1c, 2a → static-only verification. Log reason in report.
Parallel spawn rule: Phase 1 and Phase 2 must issue all Task / Bash / Codex exec calls concurrently within a single response. Sequential invocation negates the fan-out and doubles wall time.
Report
Gate rule canonical: references/gate-decision.md.
## Verification Report
| Field | Value |
| --------- | ------------------------------------------------------ |
| gate | Ready / NotReady |
| mode | diff (main) / diff (uncommitted) / target |
| scope | {file count} files |
| bootstrap | success / failed: {reason} |
### Gate Decision
| Check | Value |
| ----------- | ------------------------------------------- |
| Build | pass / fail / skipped |
| Tests | pass / fail (N passed, M failed) / skipped |
| Findings | 0 / N high, M medium, L low |
| Adversarial | N/M passed / skipped |
### Blockers
[All reconciled findings + build/test failures + adversarial failures with Fix suggestions]
Empty: `(none)` when gate = Ready.
### Root Causes
[RC-001... with description, category, findings, action]
### Findings
[High / Medium severity tables with Source, File:Line, Description, Evidence]
### Adversarial Test Results
[test name, target, result, verdict per test]
### Outcome Evidence
[build/test pass/fail with stderr excerpts]
### Diff from previous
[Resolved / New / Carried from workspace/history/. "Legacy format — diff skipped" for Trust Score era reports.]
`<promise>PASS</promise>` is emitted by evidence-integrator when gate = Ready. Leader relays verbatim without regenerating.
Error Handling
| Error | Recovery | | --------------------------- | ----------------------------------------------- | | codex not installed | Print install instructions, abort | | Bootstrap timeout (300s) | Skip outcome + adversarial, static-only mode | | Codex review fails | Log error, proceed with audit reviewers only | | Codex exec timeout (600s) | Skip that phase, log in report | | Reviewer stall (120s) | Proceed without, log warning | | Challenger stall | Proceed with verifier only | | Verifier stall | Proceed with challenger only | | Integrator stall | Leader synthesizes manually (simplified report) | | No findings from any source | gate = Ready with note "no issues found" | | Worktree cleanup fails | Log warning, suggest manual cleanup |
Escalation
| Condition | Action |
| ------------------------------------- | ---------------------------------- |
| Any reconciled finding | Block merge, suggest /fix |
| Architectural root causes found | Suggest /think for design review |
| Adversarial tests reveal coverage gap | Suggest /code to add tests |
Verification
| Check | Required | | -------------------------------- | -------- | | Mode detected? | Yes | | Bootstrap attempted? | Yes | | Phase 1 produced evidence? | Yes | | Phase 2 challenger/verifier ran? | Yes | | Integrator produced report? | Yes | | Gate decision displayed? | Yes | | Worktree cleaned up? | Yes |
Related Skills
thkt/use-workflow-plan-preview
tools
VerifiedTrustedCommunity
Internal helper for /think Step 11. Renders SOW.md + Spec.md as an integrated Astro view and returns a dev server URL.
9SKILL.mdUpdated Jun 1, 2026
thkt/probe
development
VerifiedTrustedCommunity
Extract repository spec while detecting bugs, spec gaps, and consistency drift via dual-purpose documentation. OUTCOME.md-axis question-driven exploration with ephemeral output. Do NOT use for code review (use /audit or /polish), feature implementation (use /code), planning only (use /think), or single-bug fix (use /fix).
9SKILL.mdUpdated Jun 1, 2026
thkt/audit-adr-gaps
development
VerifiedTrustedCommunity
Discover undocumented design decisions and challenge each candidate via critic-design before promotion. Rank by impact and reversibility, produce ADR promotion candidates. Treat each candidate as a position arguing for ADR status, not a fact to be filed. Pairs with audit-adr-drift, which scans existing ADRs for drift against code.
9SKILL.mdUpdated Jun 1, 2026
thkt/audit-adr-drift
development
VerifiedTrustedCommunity
Scan ADR Decision sections against current code and report drift with modification direction and priority. Do NOT use for repos without ADRs (use audit-adr-gaps instead).
9SKILL.mdUpdated Jun 1, 2026