Skip to content

docs: add evidence verification pattern for spec-driven development#3442

Draft
jiezeng2004-design wants to merge 2 commits into
github:mainfrom
jiezeng2004-design:docs/evidence-verification-pattern
Draft

docs: add evidence verification pattern for spec-driven development#3442
jiezeng2004-design wants to merge 2 commits into
github:mainfrom
jiezeng2004-design:docs/evidence-verification-pattern

Conversation

@jiezeng2004-design

Copy link
Copy Markdown

Description

Adds a new concept page, docs/concepts/evidence-verification.md, naming a complementary pattern to Spec Kit's existing in-session verification commands.

Spec Kit's /speckit.analyze (before implementation) and /speckit.converge (after implementation) verify within a single agent session but do not emit a durable, machine-readable record of what was verified, what risks remain, or what changed. This PR documents the evidence verification pattern: producing a bounded, traceable, secret-free, provenance-tagged pack of files that traces an implementation back to its spec and tasks. The pack is positioned as a derivative artifact for cross-session review, audit, and supply-chain intake — not a replacement for the spec, plan, or tasks.

The page is tool-agnostic: it describes the concerns an evidence pack should cover (verification status, risk findings, change scope, lineage, provenance, redactions) without mandating a specific tool. PatchWarden's Evidence Pack v2 is included as one reference implementation, with a file-to-concern mapping table and a sample risk.json entry. The severity mapping is deliberately aligned with /speckit.converge's gap classification (missing/partial/contradicts/unrequested) so the two can be read together.

It also notes how such a supervisor can be wired into Spec Kit via the existing extension hook system (before_implement, after_converge, etc. in .specify/extensions.yml) without changing core commands.

The page is added to docs/toc.yml under Concepts, next to Spec Persistence Models, which it complements.

This is a docs-only change. No code, templates, scripts, or tests are modified.

Testing

  • markdownlint-cli2 passes on the new file (0 errors), using the repo's .markdownlint-cli2.jsonc config.
  • Verified the new file uses LF line endings and no BOM, matching other files under docs/concepts/.
  • docs/toc.yml diff is a clean 2-line addition with no line-ending changes.
  • uv run specify --help — N/A (no CLI/template/script changes).
  • uv sync && uv run pytest — N/A (no code changes).

This is a docs-only addition; no slash command or script behavior is affected, so the manual command-testing flow in CONTRIBUTING.md does not apply.

AI Disclosure

  • I did use AI assistance for this contribution.

This PR was authored by an AI coding agent (GLM-5.2 via Trae IDE), acting on a delegated task. The agent read CONTRIBUTING.md, README.md, the existing docs/concepts/ pages, and the /speckit.analyze and /speckit.converge command templates to align the new page with Spec Kit's terminology and verification model. The PatchWarden Evidence Pack v2 schema was referenced from its own repository. The doc content, structure, and wording were generated by the agent and have not yet received human review — one reason this is opened as a draft. A human reviewer should confirm the framing is appropriate and that naming PatchWarden as a reference is acceptable before merging.

Opened as a draft per CONTRIBUTING.md guidance for changes that have not had prior maintainer discussion.

Add docs/concepts/evidence-verification.md describing a tool-agnostic
pattern for producing bounded, traceable, secret-free evidence packs
that trace an implementation back to its spec and tasks. The pattern
complements the in-session /speckit.analyze and /speckit.converge
commands by emitting durable, machine-readable verification artifacts
for cross-session review, audit, and supply-chain intake. PatchWarden
Evidence Pack v2 is included as one reference implementation.

Wire the new page into docs/toc.yml under Concepts, next to Spec
Persistence Models.
Copilot AI review requested due to automatic review settings July 10, 2026 00:18

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new Concepts documentation page describing an “evidence verification pattern” intended to complement Spec Kit’s in-session verification commands by producing a durable, bounded, machine-readable evidence pack for cross-session review/audit.

Changes:

  • Add new concept page: docs/concepts/evidence-verification.md.
  • Link the new page from docs/toc.yml under the Concepts section.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
docs/toc.yml Adds the new concept page to the documentation table of contents.
docs/concepts/evidence-verification.md Introduces and explains the evidence verification pattern and provides a concrete reference example.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread docs/concepts/evidence-verification.md Outdated
| Concern | Example file | Contents | Why it matters |
|---|---|---|---|
| Verification status | `verify.json` | Per-task pass/fail, audit verdict, command counts | Answers "did the implementation pass its checks?" without re-running them |
| Risk findings | `risk.json` | Aggregated findings with severity (high/medium/low) and category | Surfaces what `/speckit.converge` would classify as `missing`, `partial`, `contradicts`, or `unrequested`, plus non-convergence risks |
Comment thread docs/concepts/evidence-verification.md Outdated
Comment on lines +136 to +140
The `severity` mapping mirrors how `/speckit.converge` grades findings: a
failed check is high, a warning check is medium, and a lineage-level warning
is low. A reviewer can read `risk.json` alongside a converge report and expect
the two to agree on severity ordering, even though they come from different
tools.
Copilot AI review requested due to automatic review settings July 10, 2026 01:13

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants