Verifiers can’t be quietly widened until they pass everything. A gate that stops catching errors is treated as broken — not as lenient — and a check that never ran is a halt, not a pass.
Each verifier must be able to fail on bad input, and that failure must halt the work. A verifier that can no longer fail is itself flagged as broken.
Coverage isn’t assumed. A step with no applicable check does not slide through as “fine” — the absence is recorded and surfaced.
Why an absent check is a haltInvariant A verifier that cannot fail is treated as broken. A check that did not run is never counted as a pass.
Go deeper — fail-closed & real checks
Why the absence of a check is treated as a halt, and how verifiers are kept from decaying into rubber stamps.
