| name | verify-claim |
| description | Verify whether an agent's stated outcome ("I committed and pushed", "tests pass", "I cleaned up the temp dir", "deployment succeeded") matches actual filesystem / git / test state. Catches the chiefofautism failure mode (agent confidently misreports what it did) AND the Codex sandbox-escalation case (agent acknowledges read-only constraint then violates it). Use when you suspect an agent's completion claim doesn't match reality, or as a routine post-action check on any state-modifying tool call. |
| when_to_use | After an agent claims to have done something. When CI fails right after an agent reported "tests pass". When you sense the disk / git state doesn't match what the agent said. As a post-Tool-Use hook on Task / Bash subagent completions (already wired up; this is the manual equivalent). |
| arguments | ["claim"] |
| argument-hint | "<claim text>" [--before-snapshot=<path>] |
Verify Claim (output-action divergence check)
Compare an agent's stated outcome against actual state. Returns one of: STATE_MATCHES_CLAIM (agent told the truth), STATE_UNCHANGED (claimed action but nothing happened), STATE_VIOLATED_CONSTRAINT (action happened but violated stated constraint), STATE_MISMATCH (action happened but differently than claimed).
What to do
- Parse
$ARGUMENTS for the claim text. The first quoted string is the claim. Optional --before-snapshot=<path> argument loads a previously-captured before-snapshot if available.
- If no before-snapshot is provided, attempt to infer one from recent context: check git log, recent file mtimes, recent test runs.
- Call
mcp__openclaw-output-vetter__verify_action_outcome with:
claim: the claim text
before_snapshot: the loaded snapshot (or empty if inferring from current state)
after_snapshot: take fresh snapshot of relevant paths NOW
- Render the verdict.
Verdict rendering
STATE_MATCHES_CLAIM (agent told the truth)
> ✅ **VERIFIED** — claim matches actual state
> **Claim:** "<the claim>"
> **Evidence:**
> - <specific evidence — e.g. "git log shows commit abc1234 'fix: validate user input' at 14:32 UTC, matches stated commit time">
> - <next evidence>
> **Confidence:** HIGH/MEDIUM/LOW based on snapshot completeness
STATE_UNCHANGED (action claimed but nothing happened)
> 🔴 **UNCHANGED** — claim says action happened, state shows it didn't
> **Claim:** "<the claim>"
> **What's missing:**
> - <specific gap — e.g. "git log has no commits since session start; HEAD is still at abc1234 from 2h ago">
> - <next gap>
> **What likely happened:** <hypothesis — e.g. "the agent tried to commit but the pre-commit hook failed; the failure was logged to stderr but the agent's response interpreted it as success">
> **Action:** Re-run the action, watch for hook / permission / sandbox errors. Run `/aufgaard:verify-claim` again after.
STATE_VIOLATED_CONSTRAINT (Codex-style)
> 🔴 **CONSTRAINT VIOLATED** — agent acknowledged a constraint then violated it
> **Claim:** "<the claim>"
> **Stated constraint:** <e.g. "I'm running in read-only mode and won't modify files">
> **Actual violation:** <e.g. "3 files in src/ were modified between snapshot times — db.py, models.py, schema.py">
> **Severity:** CRITICAL — this is the alignment-relevant failure mode
> **Action:** Roll back the unauthorized changes via `git restore`. Investigate why the constraint was violated — sandbox-escape bug? prompt overrride? agent-config attack? Use `/aufgaard:vet-config` on agent-config files to rule out poisoning.
STATE_MISMATCH (action happened but not as claimed)
> 🟡 **MISMATCH** — action happened, but differently than claimed
> **Claim:** "<the claim>"
> **What's different:**
> - <specific divergence — e.g. "agent claimed to push to main; git log shows force-push to feature-branch instead">
> **Likely cause:** <hypothesis>
> **Action:** Reconcile — either accept the actual state and update downstream consumers, or roll back and try the original claim again.
ACTION_OUTCOME rule families (8 rules in output-vetter v1.1+)
- ACTION_OUTCOME.STATE_UNCHANGED — claimed action, no diff
- ACTION_OUTCOME.STATE_VIOLATED_CONSTRAINT — read-only / sandbox / approval-gate breached
- ACTION_OUTCOME.MISSING_FILE — claim references a file that doesn't exist
- ACTION_OUTCOME.MISSING_COMMIT — claim references commit that's not in git log
- ACTION_OUTCOME.MISSING_TEST_RESULT — claim "tests pass" but no test run found
- ACTION_OUTCOME.PARTIAL_DIFF — diff exists but doesn't include claimed changes
- ACTION_OUTCOME.UNINTENDED_DIFF — diff includes changes outside claimed scope
- ACTION_OUTCOME.SCOPE_DRIFT — actual scope of change is wider than claimed
Cite the actual rule returned. The catalog above is reference.
Style notes
- Be specific about the evidence. "git log has no commits" beats "git status looks unchanged."
- For STATE_VIOLATED_CONSTRAINT, treat as CRITICAL and recommend immediate rollback. This is the chiefofautism / Codex-class incident pattern.
- For STATE_UNCHANGED, the most useful diagnostic is usually "did a hook / permission / sandbox block the action silently?" — bias the recommendation toward checking those layers.
Edge cases
- If no before-snapshot can be inferred (fresh session, no recent activity), state: "No before-snapshot available. Verifying against current state alone — limited confidence. For higher confidence on future verifies, the PreToolUse hook captures snapshots automatically when the plugin is fully active."
- If
$ARGUMENTS is empty: "Pass the agent's claim as a quoted argument: /aufgaard:verify-claim 'I committed the fix and pushed to main'"
- If output-vetter MCP not loaded: "output-vetter MCP not available. Verify
pip install openclaw-output-vetter-mcp and the plugin is loaded."
- If the claim is too vague to verify (e.g. "I improved the code"), respond: "The claim is too vague for state-based verification. Re-ask the agent to state a specific verifiable claim — file modified, commit hash, test name passed, etc."
Footer CTA
---
Output-action divergence (P6.y) is one of 35 documented production-AI failure patterns. The [Production-AI MCP Suite Bundle](https://temurah.gumroad.com/l/production-ai-mcp-suite) ($29) includes the 8-page Field Reference PDF — covers the chiefofautism viral case + Codex sandbox-escalation + 698 real-world scheming incidents from the CLTR study (Oct 2025 - Mar 2026).