---
id: 02-boot-assertions
epic: conformance-system-v1
title: assertFeatureConformance + boot wiring
type: technical-story
status: done
feature: core-shared
depends-on: [01-define-feature-helper]
blocks: [03-eslint-rules]
---

## Goal
Runtime boot-time verification that every manifest-declared use case is bound
through the brand-attaching wrappers. Each feature's `bindProductionX(ctx)`
self-asserts at the tail; `pnpm dev` refuses to boot on drift.

## Why
Type casts can mask unwrapped factories; manifest edits can drift from
binders without TypeScript noticing. Boot assertions catch what the type
system can't see — at zero cost during the inner agent feedback loop, and
synchronously at startup so failures fire loudly.

## Done when
- `withSpan`, `withCapture`, `withAudit` attach non-enumerable runtime markers
  matching the type-level brand names
- `assertFeatureConformance(container, manifest, symbols, ctx)` resolves each
  manifest use case and throws `ConformanceError` on a missing brand
- `auth.bindProductionAuth(ctx)` self-asserts at the tail
- `pnpm dev` boots cleanly for the existing `auth` wiring; rebinding `signIn`
  with an unwrapped factory causes `pnpm dev` to throw at startup

## In scope
- Runtime marker attachment via `Object.defineProperty(fn, "__brand", { … })`
  (non-enumerable, non-writable, non-configurable)
- `isInstrumented` / `isCaptured` / `isAudited` predicates
- `ConformanceError` class (extends `Error`)
- `assertFeatureConformance(container, manifest, symbols, ctx)` helper
- Wiring into `packages/auth/src/di/bind-production.ts` (tail-of-binder
  self-assertion)
- `withAudit` upgraded from passthrough to a thin wrapper that attaches its
  runtime brand without changing observable behaviour

## Out of scope
- `assertConformance` over a multi-feature container collection at the app's
  `bindAll()` (current per-feature self-assertion is sufficient and
  forward-compatible)
- Wiring boot assertions into `cms` and `web-tanstack` — neither has a
  `bind-production.ts` yet; they'll inherit the check whenever they grow one
- Manifests for `blog`, `media`, `navigation`, `marketing-pages` (their
  `bindProductionX` stays unchanged in this story)
- Automated audit recording driven by manifest `audits[]` declarations
  (deferred to a later story)

## Tasks
- [x] Re-export `authManifest` from auth root barrel
- [x] TODO breadcrumb in `withAudit` pointing at future automation
- [x] Runtime marker helpers (`attachBrand`, `isInstrumented`, `isCaptured`, `isAudited`)
- [x] `withSpan` attaches runtime `__instrumented` marker
- [x] `withCapture` attaches runtime `__captured` marker
- [x] `withAudit` wraps + attaches runtime `__audited` marker
- [x] `ConformanceError` class
- [x] `assertFeatureConformance` helper + tests
- [x] Conformance barrel + subpath exports updated
- [x] `bindProductionAuth` self-asserts at the tail
- [x] Final verification + story closeout