Record Verus and Stateright phase-1 boundary (4.1.3) by leynos · Pull Request #311 · leynos/netsuke

leynos · 2026-05-22T19:07:59Z

Summary

Implements roadmap item (4.1.3) by recording the phase-1 Verus and Stateright scope boundary.
Updates docs/formal-verification-methods-in-netsuke.md to define Verus as optional and proof-kernel-only, with no phase-1 Cargo, Make, or CI surface.
Updates docs/developers-guide.md with the contributor-facing support boundary: Kani is supported and gated, Verus is optional, and Stateright is deferred.
Marks docs/roadmap.md item 4.1.3 and its subitems done.
Keeps the implementation record in docs/execplans/4-1-3-record-phase-1-scope-boundary-for-verus-and-stateright.md.

Review Walkthrough

Start with docs/execplans/4-1-3-record-phase-1-scope-boundary-for-verus-and-stateright.md for the approved plan, implementation decisions, validation record, and scope notes. Then review docs/formal-verification-methods-in-netsuke.md for the normative phase-1 boundary and docs/developers-guide.md for contributor workflow guidance.

Validation

make check-fmt
make lint
make test
make markdownlint
make nixie
coderabbit review --agent completed twice during implementation with zero findings.

Notes

This is documentation-only. No Rust code, Cargo manifests, Make targets, CI workflows, OrthoConfig surfaces, locale files, Verus files, or Stateright files were added.
docs/users-guide.md remains unchanged because no user-facing behaviour changed.
make fmt was attempted, but mdformat-all tried to rewrite unrelated Markdown files and then failed on pre-existing line-length findings outside this task. The formatter churn was restored, and all checking gates passed afterwards.

References

Lody session: https://lody.ai/leynos/sessions/693be2b0-950d-4b69-a7cb-a1ca0a269025

coderabbitai · 2026-05-22T19:08:06Z

Summary

This pull request implements roadmap item 4.1.3 by formally recording the phase-1 scope boundary for Verus and Stateright formal verification tooling in Netsuke. The changes are documentation-only, with supporting workflow and build configuration updates to align with the documented scope.

Key Changes

New ExecPlan Document: Added docs/execplans/4-1-3-record-phase-1-scope-boundary-for-verus-and-stateright.md — an approval-gated living document that establishes phase-1 constraints for formal verification:

Kani: Supported and gating (mandatory for phase 1)
Verus: Optional and proof-kernel-only, limited to src/ir/cycle.rs cycle-canonicalisation model, excluded from normal Cargo/Make/CI surfaces
Stateright: Deferred until Netsuke has an accepted stateful concurrent subsystem suitable for model checking

Documentation Updates:

docs/formal-verification-methods-in-netsuke.md: Formalised Verus as proof-kernel-only with explicit exclusions from PR/test/lint/check-fmt/formal targets; updated Stateright deferral with concrete subsystem requirements; documented delegation to rust-prover-tools CLI via uv tool run
docs/developers-guide.md: Replaced local script descriptions with make install-kani/rust-prover-tools/uv tool run workflow; clarified supported/gated scope (Kani only; Verus optional; Stateright deferred); updated kani-smoke CI job documentation
docs/roadmap.md: Marked item 4.1.3 and subitems complete; noted rust-prover-tools-backed Kani installation and extended Stateright deferral language
docs/documentation-style-guide.md: Significantly expanded and reorganised (RFC/ADR template sections, document type guidance, spelling/punctuation rules)
AGENTS.md: Restructured assistant guidance with heading capitalisation changes, expanded "Rust specific guidance" and new "Observability" sections

Tooling Migration:

.github/workflows/ci.yml: Updated kani-smoke job to install uv and invoke make install-kani instead of local script; adjusted Kani tools cache key to hash tools/kani/VERSION and Makefile; resolved uv cache configuration issue (removed enable-cache: true to avoid uv.lock glob failure)
Makefile: Introduced PROVER_TOOLS_SOURCE/PROVER_TOOLS variables for pinned verification tool invocation; added install-kani, install-verus, and verus targets; updated kani target to use rust-prover-tools; added optional flags (KANI_INSTALL_FLAGS, KANI_CHECK_FLAGS, VERUS_FLAGS, VERUS_INSTALL_FLAGS)
Removed: scripts/install-kani.sh and scripts/check-kani-version.sh (functionality now provided by rust-prover-tools)

Validation

All validation checks passed:

make check-fmt, make lint, make test, make markdownlint, make nixie
CodeRabbit review (two runs) with zero findings
CI workflow fixed to resolve uv cache dependency-glob failure

No changes to Rust code, Cargo manifests, CI workflows beyond uv setup, OrthoConfig, locale, or docs/users-guide.md.

Walkthrough

This PR consolidates formal verification tool management by delegating Kani and Verus installation to rust-prover-tools via Makefile, updates the CI workflow to use uv for pinned tools, documents the narrowed phase-1 scope (Kani supported/gated, Verus optional/proof-kernel-only, Stateright deferred), and extends documentation standards for design documents and code guidance.

Changes

Prover Tool Delegation Infrastructure

Layer / File(s)	Summary
Makefile prover tool variables and targets `Makefile`	`PROVER_TOOLS_SOURCE` and `PROVER_TOOLS` variables invoke `rust-prover-tools` via `uv`; new targets `install-kani`, `install-verus`, and `verus` delegate to the wrapper. Configuration flags added for Kani/Verus installation and checking.
CI workflow integration with uv and pinned tools `.github/workflows/ci.yml`	`kani-smoke` job adds `uv` installation, updates Kani cache key to hash `tools/kani/VERSION` and `Makefile`, and replaces script invocation with `make install-kani`.
Developer guide Kani installation workflow `docs/developers-guide.md`	Updated to describe `make install-kani` delegation through `rust-prover-tools` via `uv tool run`, including version pinning, installation, setup, and verification steps.

Formal Verification Phase 1 Scope Boundaries

Layer / File(s)	Summary
Formal verification scope boundaries in design document `docs/formal-verification-methods-in-netsuke.md`	Verus restricted to phase-1 proof-kernel-only scope, excluding installer scripts/Make targets/CI. Cycle-canonicalisation model retained as sole entry point. Stateright deferral conditions enumerated; `scripts/` directory removed from layout. Tool execution delegated to `rust-prover-tools` CLI instead of repository shell scripts.
ExecPlan approval and phase-1 scope boundary record `docs/execplans/4-1-3-record-phase-1-scope-boundary-for-verus-and-stateright.md`	New living approval-gated ExecPlan formalises phase-1 scope: Kani supported/gated, Verus optional proof-kernel-only, Stateright deferred. Includes constraints, risks, progress checklist, decision log, implementation plan, and validation strategy for documentation-only changes.
Developer guide formal verification scope `docs/developers-guide.md`	Clarified supported/gated surface (Kani only; Verus optional; Stateright deferred). Reiterated Kani exclusion from routine targets. Documented `kani-smoke` CI job cache strategy and cached directories.
Roadmap progress tracking for verification tooling `docs/roadmap.md`	Marked completion of `rust-prover-tools`-backed Kani installation, retained CI caching guidance, completed phase 4.1.3 Verus scope documentation, and expanded Stateright deferral conditions.

Documentation Standards and Code Guidance

Layer / File(s)	Summary
Documentation style guide introduction and spelling rules `docs/documentation-style-guide.md`	Introduction refined with df12 Productions branding. Spelling rules updated to permit US spelling for API identifiers (`color`), standardise `LICENSE` filename, and adjust collective-noun grammar.
Standard document types and repository layout `docs/documentation-style-guide.md`	New section describing complementary documentation files (contents, users' guide, developers' guide, design documents, ADRs, RFCs) with canonical paths and audience-focused responsibilities.
RFC and ADR template guidance and structure `docs/documentation-style-guide.md`	RFC guidance expanded with explicit template block including full section skeleton. ADR template overhauled with explicit Requirements subsections (functional/technical), restructured ordering, and extended with Goals/non-goals, Migration plan, Known risks/limitations, and Outstanding decisions.
Repository layout and remaining style guide sections `docs/documentation-style-guide.md`	Added repository layout guidance and extended Rust API doc conventions, diagrams/images, and roadmap writing with GIST-aligned step writing instructions.
Code guidance in AGENTS.md for testing and observability `AGENTS.md`	Updated heading capitalisation, narrowed English exception clause (external APIs only), expanded Rust guidance covering environment-variable testing, capability-based filesystem access (`cap_std`). Added Observability section for `tracing`/`metrics` usage with subscriber/recorder constraints.

Possibly related PRs

leynos/netsuke#305: Directly updates the Kani Makefile workflow by replacing KANI_VERSION_CHECK/scripts/check-kani-version.sh with PROVER_TOOLS/make install-kani targets.
leynos/netsuke#308: Updates kani-smoke CI job with pinned Kani installation and caching; main PR refines this approach using uv + make install-kani instead of direct script invocation.
leynos/agent-template-rust#33: Main PR's AGENTS.md testing/proof and Observability guidance matches corresponding logic changes introduced in that PR's template.

Suggested labels

Roadmap

Suggested reviewers

codescene-delta-analysis

🛠️ Rust tools now flow through delegation,
Phase boundaries documented with precision keen,
Verus stays proof-kernel, Stateright waits serene,
Kani stands gating—all with clear intention. ✨

Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

Ignore

❌ Failed checks (2 errors, 2 warnings)

Check name	Status	Explanation	Resolution
Testing (Overall)	❌ Error	New Makefile targets and CI workflow changes were introduced but no tests verify the new functionality works correctly. Only existing checks ran.	Add tests verifying: (1) make install-kani calls uv tool run with PROVER_TOOLS; (2) make kani delegates to PROVER_TOOLS check-version; (3) kani-smoke CI caches directories correctly.
Unit Architecture	❌ Error	Two review comments unaddressed: ExecPlan references removed `scripts/install-kani.sh` (should be `make install-kani`), and AGENTS.md uses `initialise` instead of Oxford-style `initialize`.	Update ExecPlan line 40 from `scripts/install-kani.sh` to `make install-kani`; fix AGENTS.md line 294: `initialise` to `initialize`.
Developer Documentation	⚠️ Warning	ExecPlan references deleted scripts/install-kani.sh; AGENTS.md uses 'initialise' instead of 'initialize'.	Replace scripts/install-kani.sh with make install-kani in ExecPlan line 39; change initialise to initialize in AGENTS.md line 294.
Architectural Complexity And Maintainability	⚠️ Warning	Introduces rust-prover-tools abstraction without credible multi-project reuse justification required by the custom check.	Document rust-prover-tools reuse path and concrete consumer projects. Fix ExecPlan line 40: replace `scripts/install-kani.sh` with `make install-kani`. Fix AGENTS.md line 294: change `initialise` to `initialize`.

✅ Passed checks (16 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title precisely aligns with the PR's primary objective of implementing roadmap item 4.1.3, recording the Verus and Stateright phase-1 scope boundary, and includes the required roadmap reference.
Description check	✅ Passed	The description comprehensively documents the implementation of roadmap item 4.1.3, detailing changes to formal verification documentation, validation steps, and scope boundaries.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
User-Facing Documentation	✅ Passed	PR updates only developer-internal tooling and planning documentation. No user-facing Netsuke library/CLI functionality changes occur; users-guide.md correctly remains unchanged.
Module-Level Documentation	✅ Passed	PR is documentation-only with no new Rust code modules added. Module-level docstring requirement does not apply to documentation, workflows, or configuration changes.
Testing (Unit And Behavioural)	✅ Passed	The PR modifies Makefile and CI configuration without new executable code. The kani-smoke job provides end-to-end testing of the uv tool and Kani verifier installation/execution changes.
Testing (Property / Proof)	✅ Passed	This PR introduces no code that contains invariants, lemmas, or proof assumptions. Changes are documentation and tooling configuration only; the custom check does not apply.
Testing (Compile-Time / Ui)	✅ Passed	No Rust code, Cargo manifests, or tests modified—only documentation, workflows, Makefile, and deleted shell scripts. No compile-time or UI output to test.
Domain Architecture	✅ Passed	PR contains zero domain code changes; all modifications are infrastructure/build/documentation only, maintaining proper segregation of domain logic from tooling and CI concerns.
Observability	✅ Passed	PR introduces no new operational Rust code. Changes delegate prover management to external rust-prover-tools; no logging, metrics, or tracing additions needed.
Security And Privacy	✅ Passed	No secrets, command injection risks, overly broad permissions, or sensitive data exposure found; external dependency pinned to commit hash; safe environment variable scoping.
Performance And Resource Use	✅ Passed	No Rust source changes, no hot path modifications, no algorithmic regressions, no unbounded resource allocation; caching strategy preserved.
Concurrency And State	✅ Passed	PR contains only documentation, CI workflow, and Makefile changes; no Rust code modifications or concurrency-related patterns introduced.
Rust Compiler Lint Integrity	✅ Passed	PR makes zero Rust code changes and adds no compiler lint suppressions. Only documentation, workflows, Makefile, and shell script deletions—no problematic allow/expect attributes.

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch 4-1-3-record-phase-1-scope-boundary-for-verus-and-stateright

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

sourcery-ai · 2026-05-22T19:08:22Z

Reviewer's Guide

Adds a detailed, approval-gated ExecPlan document for roadmap item 4.1.3 that defines how to document and enforce the phase-1 boundary for Verus and Stateright, keeping them out of the mandatory tooling surface while preserving Kani as the only phase-1 formal verification gate.

File-Level Changes

Change	Details	Files
Introduce an approval-gated, documentation-first ExecPlan describing how to record the phase-1 Verus/Stateright boundary and its impact on tooling, scope, and workflow.	Create a new ExecPlan Markdown document outlining constraints, tolerances, risks, and validation strategy for roadmap item 4.1.3. Specify that implementation is documentation-only and must not introduce Verus/Stateright code, dependencies, or CI integration without explicit approval. Define the intended documentation updates for the formal-verification design doc, developers’ guide, and roadmap to capture Kani as the supported gate, Verus as optional proof-kernel-only, and Stateright as deferred with concrete re-entry criteria. Document a staged implementation sequence, including required validation commands, CodeRabbit review usage, and commit/pull-request conventions for the eventual implementation. Record current project state, discoveries about existing tooling and docs, and decisions justifying the plan’s scope and boundaries.	`docs/execplans/4-1-3-record-phase-1-scope-boundary-for-verus-and-stateright.md`

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

Draft the approval-gated ExecPlan for roadmap item `4.1.3` so the implementation can record Verus as optional and proof-kernel-only while keeping Stateright deferred until Netsuke has stateful concurrent behaviour. Capture the expected documentation scope, validation gates, OrthoConfig boundary guardrails, Wyvern reconnaissance, and CodeRabbit rate-limit status.

Document the phase-1 formal-verification scope so Kani remains the supported gate, Verus stays optional and proof-kernel-only, and Stateright remains deferred until Netsuke has stateful concurrent behaviour to model.

Replace repository-local Kani shell scripts with the shared `rust-prover-tools` CLI pinned in the Makefile. Route Kani installation and version checks through `uv tool run`, add optional Verus install/run Make targets, and update the `kani-smoke` job to install `uv` before running `make install-kani`. Update the formal-verification docs and roadmap so contributor guidance points at the shared prover tooling instead of local scripts.

leynos · 2026-05-26T17:51:59Z

@coderabbitai Please investigate the cause of the following issue using codegraph exploration and research, identify a fix and provide an AI coding agent prompt for the fix:

Run astral-sh/setup-uv@4cda7d73322c50eac316ad623a716f09a2db2ac7
  with:
    enable-cache: true
    version: latest
    github-token: ***
    cache-dependency-glob: **/uv.lock
  env:
    CARGO_TERM_COLOR: always
    RUSTUP_TOOLCHAIN: stable
    CARGO_HOME: /home/runner/work/netsuke/netsuke/.kani-cargo
    KANI_HOME: /home/runner/work/netsuke/netsuke/.kani-home
    CARGO_INCREMENTAL: 0
    CARGO_PROFILE_DEV_DEBUG: 0
    RUST_BACKTRACE: short
    RUSTFLAGS: -D warnings
    CARGO_UNSTABLE_SPARSE_REGISTRY: true
    CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
    UV_CACHE_DIR: /home/runner/work/_temp/setup-uv-cache
    SCCACHE_PATH: /opt/hostedtoolcache/sccache/0.15.0/x64/sccache
    ACTIONS_CACHE_SERVICE_V2: on
    ACTIONS_RESULTS_URL: https://results-receiver.actions.githubusercontent.com/
    ACTIONS_RUNTIME_TOKEN: ***
Downloading uv from "https://github.com/astral-sh/uv/releases/latest/download/uv-x86_64-unknown-linux-gnu.tar.gz" ...
/usr/bin/tar xz --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/8e1c1711-d14e-491a-a141-1edb461892c4 -f /home/runner/work/_temp/aed62f4f-d89d-4acb-bc66-f5eb92b00f92
Added /opt/hostedtoolcache/uv/0.11.16/x86_64 to the path
Added /home/runner/.local/bin to the path
Successfully installed uv version 0.11.16
Set UV_CACHE_DIR to /home/runner/work/_temp/setup-uv-cache
Searching files using cache dependency glob: **/uv.lock
No matches found for glob
Error: No file in /home/runner/work/netsuke/netsuke matched to [**/uv.lock], make sure you have checked out the target repository

Remove `enable-cache: true` from the Kani smoke workflow uv setup. This job uses uv only as a tool installer, so the default `uv.lock` cache dependency glob is not applicable to this repository.

Replace the repository agent guidance with the updated AGENTS.md from the referenced memoryd branch so local agent rules stay in sync.

Replace the local documentation style guide with the latest version from the referenced memoryd main branch.

sourcery-ai

Sorry @leynos, you have reached your weekly rate limit of 2500000 diff characters.

Please try again later or upgrade to continue using Sourcery

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 19f8eabe67

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-05-26T21:10:49Z

 MDLINT ?= $(shell command -v markdownlint-cli2 2>/dev/null || printf '%s' "$$HOME/.bun/bin/markdownlint-cli2")
 NIXIE ?= nixie
+PROVER_TOOLS_SOURCE ?= git+https://github.com/leynos/rust-prover-tools@b07ef696f8373d54ae68e517d39d47a5d27a5bd5
+PROVER_TOOLS ?= uv tool run --from $(PROVER_TOOLS_SOURCE) prover-tools


Remove hard runtime fetch from the Kani smoke path

The new PROVER_TOOLS command shells out to uv tool run --from git+https://... for both make install-kani and make kani, which means the formal-verification smoke path now depends on reaching GitHub at runtime. In any restricted or offline environment, make kani/make formal-pr can fail before invoking cargo kani, even when Kani is already installed, because the helper itself cannot be resolved. This introduces a reliability regression in CI and local validation compared with the previous repository-local scripts.

Useful? React with 👍 / 👎.

coderabbitai

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@AGENTS.md`:
- Line 294: Replace the British spelling "initialise" with the Oxford -ize form
"initialize" in the sentence containing "install global recorders or
subscribers. Applications should initialise" in AGENTS.md so the file follows
the en-GB-oxendict rule; update the single occurrence to "initialize" ensuring
the rest of the sentence and punctuation remain unchanged.

In
`@docs/execplans/4-1-3-record-phase-1-scope-boundary-for-verus-and-stateright.md`:
- Around line 37-40: The docs currently list a stale local install script
`scripts/install-kani.sh` in the preserved phase-1 contract; update the sentence
that enumerates the supported tooling to remove `scripts/install-kani.sh` and
replace it with the delegated CLI `make install-kani` so the line reads with
`tools/kani/VERSION`, `make install-kani`, and the `kani-smoke` CI job while
keeping `make kani`, `make kani-full`, and `make formal-pr` intact; ensure the
wording reflects delegation to `rust-prover-tools` rather than repository-local
shell scripts.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 49506a98-1498-4e1b-ac79-31436ec12094

📥 Commits

Reviewing files that changed from the base of the PR and between ee10490 and 19f8eab.

📒 Files selected for processing (10)

.github/workflows/ci.yml
AGENTS.md
Makefile
docs/developers-guide.md
docs/documentation-style-guide.md
docs/execplans/4-1-3-record-phase-1-scope-boundary-for-verus-and-stateright.md
docs/formal-verification-methods-in-netsuke.md
docs/roadmap.md
scripts/check-kani-version.sh
scripts/install-kani.sh

💤 Files with no reviewable changes (2)

scripts/check-kani-version.sh
scripts/install-kani.sh

coderabbitai · 2026-05-26T21:16:22Z

+  user input, request IDs, paths with unbounded parameters, or raw error
+  strings into labels.
+- Libraries may emit `metrics` and `tracing` instrumentation, but must not
+  install global recorders or subscribers. Applications should initialise


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use Oxford -ize spelling in normative guidance.

Replace initialise with initialize to align with the repository’s en-GB-oxendict rule.

Triage: [type:spelling] [type:docstyle]

Suggested patch

- install global recorders or subscribers. Applications should initialise + install global recorders or subscribers. Applications should initialize

As per coding guidelines: “Use British English based on the Oxford English Dictionary locale en-GB-oxendict, including suffix -ize in words like 'realize' and 'organization'.”

🧰 Tools

🪛 LanguageTool

[style] ~294-~294: Would you like to use the Oxford spelling “initialize”? The spelling ‘initialise’ is also correct.
Context: ...ers or subscribers. Applications should initialise exporters/subscribers once, as early ...

(OXFORD_SPELLING_Z_NOT_S)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@AGENTS.md` at line 294, Replace the British spelling "initialise" with the Oxford -ize form "initialize" in the sentence containing "install global recorders or subscribers. Applications should initialise" in AGENTS.md so the file follows the en-GB-oxendict rule; update the single occurrence to "initialize" ensuring the rest of the sentence and punctuation remain unchanged.

coderabbitai · 2026-05-26T21:16:22Z

+- Preserve the existing Kani phase-1 contract from roadmap items `4.1.1` and
+  `4.1.2`: `make kani`, `make kani-full`, `make formal-pr`,
+  `tools/kani/VERSION`, `scripts/install-kani.sh`, and the `kani-smoke` CI job
+  remain the supported formal-verification tooling and gating surface.


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove stale scripts/install-kani.sh from the preserved phase-1 surface.

Update this constraint to match the current delegated Kani workflow and avoid documenting a legacy path that is no longer the supported contract.

Triage: [type:docstyle]

Patch

- Preserve the existing Kani phase-1 contract from roadmap items `4.1.1` and `4.1.2`: `make kani`, `make kani-full`, `make formal-pr`, - `tools/kani/VERSION`, `scripts/install-kani.sh`, and the `kani-smoke` CI job + `tools/kani/VERSION`, `make install-kani`, and the `kani-smoke` CI job remain the supported formal-verification tooling and gating surface.

Based on learnings: "Ensure Kani and Verus installation and execution are delegated to the rust-prover-tools CLI rather than repository-local shell scripts."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@docs/execplans/4-1-3-record-phase-1-scope-boundary-for-verus-and-stateright.md` around lines 37 - 40, The docs currently list a stale local install script `scripts/install-kani.sh` in the preserved phase-1 contract; update the sentence that enumerates the supported tooling to remove `scripts/install-kani.sh` and replace it with the delegated CLI `make install-kani` so the line reads with `tools/kani/VERSION`, `make install-kani`, and the `kani-smoke` CI job while keeping `make kani`, `make kani-full`, and `make formal-pr` intact; ensure the wording reflects delegation to `rust-prover-tools` rather than repository-local shell scripts.