Case study · v1.0 · published 2026-04-28
ClarityLift, the documentation-drift audit.
Second internal audit under The Integrity Framework v1.0. Mostly clean. The interesting finding was not in the code. INTEGRITY.md claimed two things had shipped. The code disagreed. Three days had passed.
Source documents are public: ClarityLift's INTEGRITY.md and audits/tif-compliance.md.
What was audited
ClarityLift is a Startvest LLC product. Organizational health intelligence from communication signals — Slack, Teams, Discord. Aggregate-only insights with a 10-person minimum group floor; retention-zero processing; no individual-level signals; no DM scopes. Audit conducted 2026-04-28. Same methodology as the FieldLedger audit: qualitative pass against the code and INTEGRITY.md, mechanical pass via integrity-cli, cross-checked against each other.
Headline result
22 dimensions · Layer 1 vetoes (6) + Layer 2 constraints (8 incl. 2 N/A) + Layer 3 guardrails (8 incl. 1 N/A)
13
Pass
6
Partial / Needs update
1
Buyer-driven
0
Fail
N/A: Layer 2 Constraint 1 (Evidence Chain Integrity — not a verification product) and Constraint 3 (Self-Attestation Isolation — no customer-attested compliance claims produced). Layer 3 Annual Independent Audit correctly framed as buyer-driven for the sub-enterprise tier — SOC 2 is not load-bearing for ClarityLift's segment.
Mechanical: 68 of 71 integrity-cli rules passed on first run. Three real failures: two documentation-drift cases described below, plus one missing .auditignore exemption that caused a CRITICAL CL-specific rule to fire on a methodology page that legitimately documents the forbidden scopes in a “never” context.
The headline finding: documentation drift
Two of three CLI failures were claims in INTEGRITY.md (Recent Changes 2026-04-25) that referenced code changes never actually shipped — three days after the entry was written.
INTEGRITY.md claim
“Trust Principles link added to /privacy and integrity@startvest.aisurfaced in marketing footer.”
Code reality at audit
Zero occurrences of trust-principles, startvest.ai/trust, or integrity@startvest in any source file. Footer.tsx and PrivacyClient.tsx both lacked the references.
INTEGRITY.md claim
“.auditignore exempts the methodology page from CRIT-C-SLACK-DM-SCOPE.”
Code reality at audit
The exemption was never added to .auditignore. The methodology page legitimately documents the forbidden DM scopes in a 'never requested' context, and the rule fired on those mentions.
This is the silent-pass pattern at the documentation layer. INTEGRITY.md said “we did X” and assumed it was true. The audit checked. It wasn't.
The framework prohibits silent-pass at the code layer (CRIT-SV-NO-SILENT-PASS). ClarityLift's audit drove the same discipline at the documentation layer.
Framework revision: v1.5.0
Added HIGH-SV-INTEGRITY-MD-CLAIMS-VERIFIABLE to the base manifest. Two-tier check on INTEGRITY.md:
- Structural lint. Every dated
Recent Changesentry must contain a file path, commit hash, version tag, or#Nissue/PR reference. No vague “we did things” allowed. - Runnable assertions. When the entry contains a high-value claim phrasing (link added, marker added, exemption added, Trust Principles), an entry in
audits/integrity-claims.jsonmust contain a runnable assertion (file-contains,file-not-contains,file-exists) that the runner verifies on every audit.
Strikethrough text (~~...~~) is stripped before evaluation, so INTEGRITY.md can carry honest correction history. When a claim is found to be drift, retract it via strikethrough and add a CORRECTED <date>note. The audit log keeps the receipts; the rule doesn't re-fail.
Two case-study sequels followed: IdeaLift v1.7.0 extended this rule to scan the Outstanding Risks / Known Gapssection with a claim-absence policy (for reverse drift — claims of absence when the resource is actually present).
Open items at audit close
Eight remediation tickets opened on the ClarityLift repo:
Finalize MSA refund-on-failure clause and roll into standard template
Same shape as FieldLedger's P0. Consider shared MSA template across products.
Add generatedByModel marker to Insight entity for AI traceability
Substantive AI accountability is enforced via retention-zero LLM wrapper. Marker is defense-in-depth and clears the rule structurally.
Ship integrity@startvest.ai and trust-principles links to Footer + Privacy
The forward-drift claim from the audit. Shipping the change that was previously claimed.
Publish public kill criteria — Service Standards page
Classifier error floor, false-positive rate on adverse signals, regulatory response window.
Add src/app/methodology/** exemption to .auditignore for CRIT-C-SLACK-DM-SCOPE
The methodology page documents forbidden scopes in 'never' context. Restores INTEGRITY.md → reality alignment.
Add quarterly automated reproducibility test of classifier outputs
Sampler that re-runs classification on stored signals; asserts agreement-rate floor.
Add auditor_readonly role to access control
DSAR export covers self-export. External CPA / counsel needs scoped read-only mode.
Identify or stand up an accountability community
Or document why public-methodology + CISO reviews are sufficient.
What this teaches
- Documentation can drift faster than code. Three days from claim to audit. The author wrote it in good faith and forgot to ship it. Without a forcing function the next audit could be six months later, and the claim would have sat untrue that whole time.
- The framework prohibits silent-pass; that has to apply to the framework's own outputs too. INTEGRITY.md is one of those outputs. v1.5.0 closes the recursion.
- Strikethrough > deletion. When drift is found, retract via strikethrough rather than deletion. Keeps the audit history visible. Future readers see the correction chain, which matters more than a clean diff.
Reproducibility
The audit is mechanically reproducible.
# from a clone of the integrity-cli repo node bin/integrity.mjs check ../claritylift --format=json \ > ../claritylift/audits/tif-compliance.cli-output.json
Changelog
- 2026-04-28 — v1.0. Initial publication. Third case study under The Integrity Framework v1.0. Drove base manifest v1.5.0.