Purpose: turn predictable failures into defenses, validators, or required evidence.
| Failure | Why likely | Cost if missed | Defense | Validator or evidence | Status |
|---|---|---|---|---|---|
| SDK drift | Agent invents or changes SDK shape | App fails in ChatGPT | Approved recipes and SDK API validator | sdk-api-check | Pending |
| Missing intent | Destination unclear | Wrong compliance standard | Deployment Intent gate | profile-check | Pending |
| Unsafe tool | Tool mutates more than expected | Data loss or wrong user action | Tool contract and hints | tool-contract-check | Pending |
| Widget drift | UI state diverges from MCP output | Broken UX | structuredContent and widget state checks | widget-check | Pending |
| Secret exposure | Credentials leak into client or repo | Account compromise | No secrets in code and secret scan | security-check | Pending |
| PII leakage | Logs or structuredContent expose data | Privacy failure | Data minimization and redaction | evidence-check | Pending |
| Public review mismatch | App claims differ from behavior | Rejection or user harm | Golden and negative prompts | golden-prompts.md | Pending |
| Weak app value | App does not add know/do/show value | App feels useless in ChatGPT | App value contract and focused capability surface | app-value-check | Pending |
- Contracts before code.
- Profile-specific compliance.
- Know/do/show value gate.
- Static validators before handoff.
- Golden and negative prompts.
- Verification report tied to Deployment Intent.
- Live ChatGPT connector status: Not verified.
- Cloudflare Tunnel status: Not verified.
- Production approval status: Not approved.
- Status: FAIL
- Reason: Failure model has not been updated for the final app.