Skip to content
AyoKoding

Artifact: Trust-or-Verify Decision Log for One Session

A table mapping every change in one session to an explicit trust-lightly-or-verify-closely decision, with a matching verify entry on every risky row -- exercises co-17, co-24.

ChangeDecisionRationaleVerify entry
Add .gitignore entry for build/Trust-lightlyLow-stakes, standard, reversible--
Rename internal helper _fmt -> _format_currencyTrust-lightlyMechanical rename; the type-checker catches misses--
Add HMAC-based session-token comparisonVerify-closelySecurity-critical; timing-attack surfaceLine-by-line review + human sign-off before merge (ex-41)
Change discount-cap constant to a config valueVerify-closelyAffects real money; a wrong value ships silentlyReconciled against the finance spec; property test added covering 0/10/50/100% cases
DROP COLUMN migration on ordersVerify-closelyIrreversible in productionHuman decision gate + backup confirmed before applying (ex-44)
Update README wordingTrust-lightlyNo runtime effect--

The three Trust-lightly rows carry no verify entry -- that is the point of trusting them lightly, per co-17's calibration: a skim was sufficient, and demanding a full verify entry for every row regardless of risk would defeat the purpose of calibrating review depth at all. Every Verify-closely row, by contrast, carries a specific, named verification step, not a generic "reviewed."

Verify: every row marked Verify-closely (the HMAC comparison, the discount-cap constant, the DROP COLUMN migration) has a non-empty, specific Verify entry describing what verification actually happened -- satisfying ex-48's rule that every risky change has a matching verify entry.

Last updated July 17, 2026

Command Palette

Search for a command to run...