Not loose screenshots. Reviewable proof receipts.

Claim: Neon can consume reusable audio exploration coverage receipts from Riddle Proof packs and verify the deployed target with a fast bounded live audit.

Bug: The reusable audio exploration coverage helper existed in Riddle Proof packs, but LilArcade still carried its own coverage summarizer and Markdown formatter inside the app proof script. That meant the real target could drift from the reusable proof-pack receipt language even after the package shipped.

Why normal checks missed it: Nothing looked broken from a normal pass/fail perspective. The app built, the proof passed, and the deployed target was healthy. The issue was architectural: the ratchet was still using app-local proof glue where the reusable pack should own the evidence shape.

Why this sells Riddle Proof: This is the ratchet becoming operationally useful: reusable proof-pack receipts are now consumed by the live app, and production deploy is no longer the default way to discover basic proof-script or receipt-shape mistakes.

Reusable profile seed: For app proof labs: move reusable evidence summarization into a proof pack, keep app scripts as orchestration, add a fast local unit/profile lane, add a bounded live post-deploy smoke, and reserve full promotion batches for broad release confidence.

Claim: A Neon claim-candidate packet should constrain target, direction, and magnitude for subtle natural-language mix requests before ranking metric-supported candidates for listening review.

Bug: The Neon ratchet loop could understand "turn the bass part down a little" as bass/down, but it had no objective receipt for the requested magnitude. The production packet therefore ranked the largest tested guardrail-preserving cut, bass -0.25, ahead of subtler candidates even though the user asked for "a little."

Why normal checks missed it: The run was not broken in the usual pass/fail sense. Fast mix health, mobile layout, playback sync, section-energy floors, clipping/headroom, low-level guardrails, and state restoration all passed. The problem only showed up when reading the claim translation: the packet proved target and direction, but not magnitude.

Why this sells Riddle Proof: This is the ratchet becoming more useful for natural agent instructions: it does not pretend to know taste, but it can now prove that a proposed edit matches the requested scope before handing candidates to a listener.

Reusable profile seed: For natural creative requests: parse target, direction, and requested magnitude into explicit claim constraints. Keep metric ranking as review order only, and reject candidates that are objectively safe but semantically too large for the request.

Claim: Neon can convert a metric-supported guitar-down review candidate into a development-only approval surrogate with explicit checks before applying a one-candidate proof, while preserving the listening-review boundary.

Bug: The approved-candidate flow could carry mixing_canon_surrogate as an approval mode, but the approval decision itself was not yet a first-class proof artifact. That made it harder to inspect why Codex was allowed to stand in for a human during development iteration.

Why normal checks missed it: The batch could already prove a supported candidate, apply a one-candidate profile, and prepare a durable patch plan. A normal pass/fail run would miss the missing handoff evidence because the approval mode appeared downstream, while the decision checklist that produced it was not independently reviewable.

Why this sells Riddle Proof: This is the practical shape of creative proof: Riddle Proof can keep development moving with a conservative approval surrogate, but every step remains auditable and refuses to claim subjective mix quality.

Reusable profile seed: For creative candidate loops: make approval a proof artifact. Require a ready review packet, conservative action size, passed objective receipts, preserved section-energy floors, clipping/headroom/low-level guardrails, state restoration, review-order-only ranking, and a clear listening-review caveat before applying a candidate.

Claim: Neon can consume reusable audio section-energy and loudness-style heuristics from Riddle Proof packs in browser app code without importing Node-oriented proof framework surfaces.

Bug: The reusable audio heuristics layer existed in Riddle Proof packs, but the first LilArcade cleanup imported the proof-pack root package from browser app code. That pulled Node-oriented proof framework chunks into the Vite browser bundle and failed the production build on Node externals.

Why normal checks missed it: The focused proof-contract tests passed because they bundle the contract for Node. The issue only appeared when the actual browser production build tried to resolve the package graph. Without the build gate, this would have looked like a harmless dedupe and then broken deploy.

Why this sells Riddle Proof: This is the kind of integration bug Riddle Proof should catch early: the proof code was correct in isolation, but the product boundary was wrong for a browser app. The ratchet turned that into a package contract and a post-deploy proof, not another local copy.

Reusable profile seed: For reusable app-contract helpers: expose browser-safe subpaths for pure runtime code, keep Node artifact/CLI helpers out of app bundles, then verify with both production build and a real app proof run.

Claim: A proof-backed Neon guitar-down candidate can be promoted into a durable deployed override and verified as active on the current target without claiming subjective mix quality.

Bug: The earlier guitar-down packet was still only a transient recommendation. That is useful for review, but it does not prove the app can safely carry the candidate into source, deploy it, and verify that the deployed target is actually running the durable override.

Why normal checks missed it: A normal mix-change workflow can stop after "candidate looks supported" or after a source patch lands. The risky gap is the handoff between transient browser state, durable source data, production deploy, and current-target proof. Any of those layers could drift while the packet still looked persuasive.

Why this sells Riddle Proof: Riddle Proof can manage the boring but critical handoff from supported candidate to deployed app state. It keeps the taste boundary explicit while proving the candidate is durable, active, reversible in source, and still inside deterministic audio guardrails.

Reusable profile seed: For promotion workflows: require a review packet, create an approval-scoped one-candidate profile, generate a durable patch plan, apply source data only after that handoff, then run a current-target proof after deploy.

Claim: A Neon review packet can preserve tiny nonzero tracked-instrument audio deltas in human-readable evidence while keeping candidate ranking as review order, not taste proof.

Bug: The Neon ratchet packet had started tracking requested-instrument section energy, but the human-facing Markdown rounded some very small nonzero guitar energy deltas to 0. The raw proof JSON still had the movement, but the review packet made a real rendered change look less observable than it was.

Why normal checks missed it: The proof still passed and the candidate recommendation was reasonable, so a normal pass/fail check would not catch it. The issue only showed up when reading the human packet as a reviewer would: the packet had the right tracked-instrument column, but the formatting was too coarse for tiny audio-energy deltas.

Why this sells Riddle Proof: Riddle Proof is not just collecting artifacts; it is improving the reliability of the human handoff. The same proof packet that guards against clipping and wrong-target edits now preserves tiny measurable audio deltas so a reviewer can evaluate supported candidates without digging into raw JSON.

Reusable profile seed: For audio proof packets: preserve small nonzero metric deltas in Markdown, keep tracked instruments explicit, and state that section-energy and loudness-style values rank candidates for review rather than proving subjective quality.

Claim: A Neon ratchet batch can accept a natural mix-change request as a run parameter, generate a constrained claim-candidate profile, and return proof-backed candidates for listening review without claiming automatic taste.

Bug: The Neon ratchet loop had become good at running a fixed chord-down claim, but trying a new musical request still meant editing profile JSON or leaning on hard-coded intent. That slowed the loop and made natural claim translation harder to prove.

Why normal checks missed it: The profile already supported claim candidates, receipts, section-energy comparisons, and review packets. The missing layer was ergonomic: the batch CLI could narrow focus tracks and iteration count, but it could not declare the actual claim text, target tracks, or direction as first-class run inputs.

Why this sells Riddle Proof: Riddle Proof is becoming a practical candidate operator: an agent can ask for a natural musical change, get bounded candidates with objective receipts, and hand off a compact review packet instead of a vague "sounds better" claim.

Reusable profile seed: For creative proof workflows: make claim text and target constraints first-class run parameters. Generate temporary profiles for local iteration, preserve objective receipts and state restoration, and keep ranking as review order rather than taste proof.

Claim: A Neon claim-candidate packet should not promote a candidate unless the candidate action matches the requested target track and direction, and matching candidates must still satisfy deterministic preservation receipts.

Bug: The Neon ratchet could ask for "turn the chord part down" and still surface a bass -0.18 candidate because broad review-order ranking found bass objectively guardrail-preserving. That was useful exploration evidence, but it was not support for the requested chord-down claim.

Why normal checks missed it: The candidate packet already separated metrics from taste, so a normal review could see that ranking was only review_order_only. The mismatch was subtler: the recommended candidate matched the ranking metric but not the natural-language claim target. Only comparing requested_intent, candidate action, and preservation receipts exposed the claim-translation gap.

Why this sells Riddle Proof: Riddle Proof caught a claim-translation bug in a creative loop. The system did not decide taste; it prevented a wrong-target candidate from becoming a proof-backed recommendation and refused to prepare a durable patch when every matching candidate broke deterministic preservation receipts.

Reusable profile seed: For natural-language change loops: parse or explicitly declare requested target and direction, attach receipts proving candidate-action alignment, allow no-candidate review packets, and make approval/durable patch handoffs require an actual supported candidate.

Claim: A Neon claim-candidate packet should reject a candidate when a required section lane drops below measurable energy floors, while ranking surviving candidates only for human review.

Bug: The Neon candidate loop needed a more inspectable reason to reject a small-looking chord cut. The control edit chord 0.16 -> 0.06 was just another bounded candidate, but the live section-energy receipt showed the required chord lane disappearing in the Intro Bed proof window.

Why normal checks missed it: A normal candidate table can say a candidate failed preservation, but it does not show whether the failure is a meaningful audio-lane disappearance or just a ranking preference. The new section-energy receipt compared baseline and candidate windows directly and exposed RMS, peak, and total-energy floors for the required chord lane.

Why this sells Riddle Proof: Riddle Proof turned a fuzzy mixing concern into a deterministic candidate guard: it did not claim to know the better mix, but it caught a candidate that would make a required chord lane vanish and produced a compact review packet explaining why.

Reusable profile seed: For audio/app proof packs: add section-window summaries, required-lane energy floors, headroom/clipping/low-level guardrails, and review-order-only ranking fields. Rejections should name the failed receipt and the baseline/candidate metric delta that supports it.

Claim: The deployed Neon current target and checked-in durable current-target profile should agree with the active app-owned durable override, not a stale pack sample.

Bug: After the chord 0.16 preservation candidate became the active durable override, the checked-in Neon durable current-target profile still referenced the older chord 0.18 candidate from the pack sample. The profile sync gate passed because it only compared local profiles to the published pack, not to the app source of truth.

Why normal checks missed it: The sync check was internally consistent: local files matched the reusable pack sample. The mismatch only appeared when comparing three evidence roles together: the active app override, the checked-in current-target profile, and the deployed browser proof target.

Why this sells Riddle Proof: Riddle Proof caught a source-of-truth drift bug in the proof machinery itself. The app had the right active override, but a stale synced profile could have produced misleading review evidence. The fix makes the ratchet more trustworthy without adding more deploy churn.

Reusable profile seed: For app-owned current-target audits: pack samples should provide profile shape, while active app state supplies concrete claims. Sync checks should fail when generated proof profiles drift from the app-owned source of truth.

Claim: A Neon claim-candidate loop should evaluate candidate edits under the same prepared audio path as deep exploration, isolate each candidate from prior attempts, and reject candidates that break required instrument preservation.

Bug: After the Neon chord 0.08 durable override shipped, the deeper production sweep found the required Monkberry chord lane missing in intro windows. Raising the active chord floor to 0.16 fixed that deterministic guardrail, but the claim-candidate loop still recommended another chord -0.10 cut because it rendered candidates without the prepared sample-source path used by deep exploration. Candidate attempts also inherited prior candidate edits instead of starting from the original mix each time.

Why normal checks missed it: The individual proof surfaces were each plausible: current-target proof could verify the active override, and the candidate packet could produce a green recommendation. The bug only appeared when comparing evidence roles across the ratchet: deep exploration loaded the piano/sample path and rejected the low chord floor, while the review loop used a different render setup where the same cut looked preserved.

Why this sells Riddle Proof: Riddle Proof caught a ratchet consistency bug: one proof path said the chord lane was missing, while another path was about to recommend cutting it further. The fix makes the creative loop safer and more reproducible without pretending the system can hear taste.

Reusable profile seed: For rich app proof loops: run deterministic sweeps first, use the same setup actions for candidate review, restore state before every candidate, treat candidate ranking as review order only, and reject candidates that violate required active lanes before any human approval surrogate can promote them.

Claim: A Neon durable current-target audit should prove the live app sees the active chord 0.08 source override and should expose the nested proof receipts needed to review that claim.

Bug: After the Neon chord 0.08 durable override was applied locally, the current-target proof passed but the batch artifact index only listed the three top-level batch files. The actual per-override proof receipt, generated profile, console capture, DOM summary, and screenshots were nested under the durable-current-target step and missing from the reviewer-facing artifact index.

Why normal checks missed it: The proof itself was green, so a normal pass/fail check would have stopped there. The weakness only appeared when treating the batch summary as the handoff surface a reviewer or agent would use to inspect the evidence after promotion.

Why this sells Riddle Proof: Riddle Proof found a handoff failure after the product proof passed: the app state was correct, but the evidence packet was too shallow for reliable review. The fix makes promoted creative changes easier to audit without claiming the mix is automatically better.

Reusable profile seed: For durable current-target audits: always index nested per-target receipts, not just batch-level summaries. The summary should answer what changed, what was proved, what stayed guarded, where the screenshots are, and what still requires human taste review.

Claim: A Neon human-review packet should carry the concrete candidate evidence a listener needs for review in Markdown, not only in raw JSON, while preserving that objective receipts do not prove subjective mix taste.

Bug: The local Neon preliminary ratchet could produce a valid human-review packet, but the Markdown artifact only showed the recommendation and counts. Candidate actions, measured target movement, receipt pass/fail status, and ranking values were present in JSON but hidden from the reviewer-readable packet.

Why normal checks missed it: The proof run was green and the packet said the right proof/taste boundary. The weakness only showed up when using the artifact for its actual purpose: deciding whether a supported candidate is worth listening to without reading raw JSON.

Why this sells Riddle Proof: Riddle Proof improved the handoff between objective browser proof and human creative judgment: the system still does not decide taste, but it gives reviewers the evidence needed to make the listening decision quickly.

Reusable profile seed: For creative proof loops: treat human-review Markdown as a first-class artifact. Include candidate rows, action deltas, target-movement deltas, pass/fail receipt summaries, ranking-as-review-order, and explicit caveats that objective guardrails are not taste.

Claim: A Neon ratchet batch should keep durable patch plans and durable current-target proofs semantically distinct, and should fail if the same override id points at different mixer levels.

Bug: The local Neon ratchet batch could show a new durable patch plan and a durable current-target proof with the same override id even though they referred to different mixer levels: the proposed future patch wanted chord 0.08 while the active current target still proved chord 0.18.

Why normal checks missed it: Each step looked reasonable alone. The approved-candidate proof produced a valid listening-review handoff, and the current-target proof correctly verified the already-active source override. The mismatch only appeared when the batch stitched the patch-plan and current-target roles together.

Why this sells Riddle Proof: Riddle Proof caught a workflow-level ambiguity: the product state was healthy, but the proof handoff could mislabel a future edit as the same durable object as the current target. The fix makes local batching safer before deployment without pretending to judge musical taste.

Reusable profile seed: For creative app patch handoffs: generate durable ids from absolute target state, compare planned edits against current-target receipts, fail on id collisions with different state, and label unapplied plans as handoffs rather than live proof.

Claim: A durable approved Neon mix override should be provable on the current production target through live contract state, source/profile descriptor state, visible UI text, and basic offline render guardrails.

Bug: The durable current-target proof could see the approved chord level in the live Neon app and visible UI, but the proof contract did not expose mixProfile.mixerLevels, so it could not prove the source/profile descriptor agreed with the running mixer state.

Why normal checks missed it: The production app looked correct: Monkberry Moon Delight (Tab) loaded, the mix profile id matched, the live contract level was chord 0.18, and the UI showed 0.18X. A weaker current-target smoke would have stopped there. The stricter durable override audit compared live state, visible text, and profile/source evidence together and found profileLevel null.

Why this sells Riddle Proof: Riddle Proof found a proof-contract weakness in a healthy-looking applied mix: the UI and live state were right, but the durable source/profile evidence was not strong enough yet. The fix makes future creative edits more auditable without pretending the proof has judged musical taste.

Reusable profile seed: For durable app edits: prove the current target by comparing the durable record, route identity, live app contract state, source/profile descriptors, visible UI tokens, render metrics, and artifact summary parser behavior. Keep subjective quality out of the verdict.

Claim: A deeper local Neon exploration proof should catch deterministic app/audio guardrail failures that the fast bounded loop can miss, then close with a repeatable command and a clean final receipt.

Bug: The bounded Neon proof loop was clean, but a deeper all-current-song local sweep found one proof-window calibration overclaim and five additional built-in preset clipping regressions.

Why normal checks missed it: The default ratchet was intentionally bounded for speed, and single-song smoke proofs only exercised the current target. They could miss later Monkberry parts whose active lanes differed from the declared proof window, plus hot presets outside the first sampled set.

Why this sells Riddle Proof: Riddle Proof found both proof weakness and product weakness: a declared-window overclaim and objective clipping in rich audio presets. The final command makes the expensive check repeatable locally, so deploys can be batched after a cleaner proof suite.

Reusable profile seed: Use a two-speed ratchet for rich apps: keep a fast bounded current-target profile for normal iteration, then run a deeper local exploration profile that samples more app states, validates declared assumptions against live contract receipts, records deterministic findings, restores state, and leaves subjective taste to human review.

Claim: A Neon playback interaction proof should not pass merely because Play was clicked; it should prove the visible control switched to Stop and the app contract reports playback running with the trainer playhead advanced.

Bug: The Neon playback-sync proof pack profile could pass after clicking Play even when the captured app contract still reported playback stopped: post-action isPlaying false and trainer currentStep 0.

Why normal checks missed it: The route loaded, the Play button was visible, the click did not throw, the screenshot was captured, and the profile only asserted that post-playback evidence existed. It did not wait for the visible Stop state or assert that playback was actually running and advancing.

Why this sells Riddle Proof: Riddle Proof caught a flaw in the proof, not just the product. The fix turns a vague click-and-screenshot interaction into a deterministic receipt that the target state actually changed.

Reusable profile seed: For interaction proofs: capture pre-action state, perform the user action, wait for a visible UI transition, capture post-action app-contract state, and assert both the state value and movement/delta implied by the claim.

Claim: A target app that consumes reusable Riddle Proof packs should fail tests when its local proof profiles drift from the published pack surface.

Bug: LilArcade had only five local Neon Riddle Proof profiles while the published Neon Step Sequencer pack had nine, and the existing local files were missing newer pack checks, receipts, and metadata.

Why normal checks missed it: The app tests and individual proof runs could still pass because they only exercised whichever local profile files happened to exist. Nothing forced the app-local profiles to stay generated from the reusable pack, so coverage could quietly lag behind the framework work.

Why this sells Riddle Proof: Riddle Proof caught a workflow bug in the proof system itself: the reusable pack had advanced, but the app was no longer carrying the whole proof surface. The fix turns that drift into a deterministic failing test.

Reusable profile seed: For apps consuming proof packs: generate local profile fixtures from the pack, store the source pack profile in metadata, fail test runs on drift, and run at least one representative current-target proof after syncing.

Claim: A proof-backed Neon mix candidate should not become product state until there is an explicit applied-candidate packet, a narrow durable source patch, and a final current-target proof showing the running app sees the durable level.

Bug: The Neon ratchet loop could produce and apply a proof-backed mix candidate inside the running browser, but that was still not enough to make the change a durable, reviewable source edit.

Why normal checks missed it: A normal browser proof can stop once the app state says the approved candidate was applied. That misses the last-mile question: whether the accepted candidate became a narrow source-level patch, whether its approval basis stayed attached, and whether the current target still passes after the durable edit lands.

Why this sells Riddle Proof: Riddle Proof did not pretend the chord reduction was artistically better. It made the path from candidate receipt to source patch observable, constrained, reversible, and auditable.

Reusable profile seed: For proof-backed creative edits: generate bounded candidates, produce a human-review packet, require explicit approval metadata before durable application, write a scoped source patch, and re-run a current-target proof to verify the app now sees the durable state.

Claim: A bounded Neon current-target exploration sweep should sample multiple songs and parts, preserve lane state, render offline proof windows, and fail when objective audio guardrails such as clipping are violated.

Bug: A bounded Neon Step Sequencer exploration sweep found objective clipping in built-in song presets even though the UI loaded, audio sources prepared, and the main Monkberry Tab proof windows were healthy.

Why normal checks missed it: A route smoke, a single selected-song proof, or a subjective listen pass could all miss this. The issue surfaced only after the proof contract swept multiple song/part states, normalized historical snapshots, rendered offline audio windows, and treated peak/headroom receipts as guardrails.

Why this sells Riddle Proof: Riddle Proof caught an objective audio regression in a running app without pretending to judge taste: it found clipping, explained the weak proof layers that had to be fixed first, and ended with inspectable before/final receipts.

Reusable profile seed: Medium term, Neon should become the audio proof lab for Riddle Proof: bounded current-target sweeps, interaction snapshots for edits, claim-candidate loops, app-contract diagnostics, and human-review packets that prove what changed and what stayed inside guardrails while leaving musical taste to people.

Claim: A mobile Ski Adventure drag should place the visual skier center at the finger target, not merely move the skier in the right direction.

Bug: Ski Adventure responded to touch movement, but the skier landed one half-width left of the finger because the touch handler subtracted half the player width before CSS translateX(-50%) applied the same offset visually.

Why normal checks missed it: A basic mobile smoke could prove the skier moved and the game stayed playable. The regression only appeared when the proof compared the drag target against the rendered player center after proving live obstacles existed.

Why this sells Riddle Proof: Riddle Proof caught a subtle mobile gameplay-feel bug that a clickability or movement smoke would likely miss: the player moved, but under the user finger it felt wrong.

Reusable profile seed: For mobile games: prove the moving world is live, dispatch a real touch gesture, read both intended input geometry and rendered actor geometry, set a tight alignment threshold, and repeat on phone/tablet viewports.

Claim: The Coin Clicker dashboard should compute next total-earned milestone ETA from lifetime totalCoins, even when current spendable coins are lower because the player bought upgrades.

Bug: Coin Clicker Math Dashboard selected the next total-earned milestone correctly, but computed the ETA from current spendable coins instead of lifetime totalCoins after the player had spent currency on upgrades.

Why normal checks missed it: The dashboard looked healthy: the route loaded, upgrades rendered, and the next milestone was the right 1.00M target. The bug only surfaced after seeding realistic prior-spend state and checking the arithmetic behind the ETA text.

Why this sells Riddle Proof: Riddle Proof caught a source-of-truth math bug in a healthy-looking dashboard by seeding realistic spent-state data and checking the arithmetic contract behind the displayed copy.

Reusable profile seed: For dashboards: seed persisted state with intentionally divergent source metrics, assert both the selected row/label and the derived calculation, then prove reset or cleanup so stale seed data cannot mask the result.

Claim: A Dashboard recent-jobs load failure should render an actionable retry affordance, and clicking it should recover the list without disturbing balance or API-key data.

Bug: The authenticated Dashboard correctly stopped showing a failed recent-jobs load as an empty account, but the recovery copy told users to try again without rendering a Retry recent jobs button.

Why normal checks missed it: The page looked broadly healthy: auth worked, balance loaded, API keys loaded, the recent-jobs section showed an honest unavailable message, raw backend details stayed hidden, layout stayed stable, and browser health was clean. The issue only surfaced when the proof required the recovery state to be actionable, not merely truthful.

Why this sells Riddle Proof: Riddle Proof caught a practical recovery UX gap: the dashboard no longer lied about failed history, but it still left users without the local retry action the copy promised.

Reusable profile seed: For dashboard recovery states: fail one list endpoint while adjacent account data succeeds, require honest unavailable copy plus an actionable retry control, click the control, and assert stale error/empty/backend text disappears after recovery.

Claim: A Dashboard recent-jobs load failure should show unavailable-history recovery, not the empty no-jobs account state, while balance and API-key sections remain usable.

Bug: The authenticated Dashboard rendered the empty-account recent-jobs state after the recent jobs endpoint failed, even though balance and API-key data loaded normally.

Why normal checks missed it: Most of the dashboard looked healthy: auth worked, balance loaded, API keys loaded, layout stayed stable, and the failed jobs request was just one section of a larger page. A shallow dashboard smoke could see useful account data and miss that a service outage was represented as no user activity.

Why this sells Riddle Proof: Riddle Proof caught an account-state lie in a Dashboard recent-jobs surface: a failed history load was shown as an empty account while other account data looked healthy.

Reusable profile seed: For dashboard list sections: fail one list endpoint while adjacent account data succeeds, require an unavailable/retry state, forbid empty-state copy and backend leakage, and prove responsive/browser health across the viewport matrix.

Claim: A Playground sync Screenshot response with terminal completed_error status, no screenshot, and secondary console/HAR evidence should render an error receipt immediately instead of falling into async polling.

Bug: The authenticated Playground Screenshot flow received a terminal completed_error JSON response with console and HAR evidence but no screenshot, then treated it like an async job receipt and kept waiting instead of rendering the returned evidence.

Why normal checks missed it: The request itself was correct: auth worked, Screenshot mode submitted sync:true with console and HAR included, the mock was hit exactly once per viewport, and the response carried a job ID plus useful secondary artifacts. A shallow API or click smoke could stop at the successful submission and miss that the visible receipt never appeared.

Why this sells Riddle Proof: Riddle Proof caught secondary evidence being hidden when a terminal Screenshot response returned no image but did return console and HAR artifacts.

Reusable profile seed: For API consoles with optional screenshot evidence: return terminal JSON with no screenshots but useful console/HAR evidence, require immediate receipt rendering and secondary evidence reviewability, and assert selector polarity plus browser health in the same viewport matrix.

Claim: A Playground sync Screenshot response with HTTP 200 but malformed JSON should render one generic screenshot failure, not parser-specific or raw response text, while avoiding success states and keeping browser evidence clean.

Bug: The authenticated Playground Screenshot flow handled an HTTP 200 response with malformed JSON by exposing parser-specific failure text and the raw malformed response body to the user.

Why normal checks missed it: Most of the flow looked healthy: authentication worked, Screenshot mode submitted the right sync request, the error container appeared, mock counts matched, browser health was clean, and layout stayed stable. A shallow recovery check would see a handled error state and miss that the recovery copy leaked internal response details.

Why this sells Riddle Proof: Riddle Proof caught raw-response leakage in a malformed-success recovery that otherwise looked visibly handled and browser-clean.

Reusable profile seed: For API consoles and action forms: return HTTP 200 with malformed JSON, require action-specific generic recovery, forbid parser/raw/object leaks and contradictory success UI, and keep selector polarity plus browser health in the same proof.

Claim: A Playground sync Workflow response with terminal completed_timeout status should render as a timeout with partial evidence, not as a bare timeout receipt, while preserving screenshots, console logs, HAR, billing, and raw response evidence.

Bug: The authenticated Playground sync Workflow flow rendered a terminal timeout and preserved screenshot, console, HAR, raw response, and billing evidence, but failed to tell the user that the returned evidence was partial.

Why normal checks missed it: The receipt looked mostly healthy: the route loaded, auth worked, the Workflow request body was correct, Timed Out rendered, the timeout message rendered, artifact sections were populated, and browser health was clean. A shallow timeout check would stop there and miss that the evidence status copy was incomplete.

Why this sells Riddle Proof: Riddle Proof caught incomplete evidence-status copy in a timeout receipt that otherwise looked healthy: the debug evidence was preserved, but the user was not told it was partial.

Reusable profile seed: For API consoles with timeout states: return terminal timeout JSON with partial evidence in a 200 response, require timeout status honesty and partial-results copy, preserve each artifact class, and assert positive/negative selectors in the same viewport matrix.

Claim: A Playground sync Script response with terminal completed_error status should render as an error with partial evidence, not as a successful run, while preserving screenshots, console logs, HAR, billing, and raw response evidence.

Bug: The authenticated Playground sync Script flow preserved screenshot, console, HAR, raw response, and billing evidence from a terminal completed_error response, but labeled the run Success and hid the service error message.

Why normal checks missed it: The proof surface looked rich: the route loaded, the sync request body was correct, the screenshot appeared, console and HAR evidence expanded, and billing metadata rendered. A shallow artifact check would see plenty of useful evidence and miss that the top-level receipt contradicted the terminal backend status.

Why this sells Riddle Proof: Riddle Proof caught a semantic receipt lie in a proof surface that otherwise looked artifact-rich: the debug evidence was there, but the user-facing result said the failed job succeeded.

Reusable profile seed: For sync API consoles: return terminal error JSON with partial evidence in a 200 response, require status honesty and service error copy, preserve each artifact class, and assert positive/negative selectors in the same viewport matrix.

Claim: A Billing transaction-history load failure should be presented as a load failure, not as an empty account, while the rest of Billing stays usable and browser-clean.

Bug: The authenticated Billing page handled balance and auto-recharge correctly when transaction history failed, but translated the failed history request into the empty-account state No transactions yet.

Why normal checks missed it: Most of the page looked healthy: the user was signed in, balance rendered, active job copy rendered, purchase controls loaded, auto-recharge loaded, and the history section stayed visible. The bug was a small but important state distinction inside one optional list.

Why this sells Riddle Proof: Riddle Proof caught an account-state lie in a Billing surface: the page looked usable, but a failed data load was being reported as if the user had no transactions.

Reusable profile seed: For optional list data: mock sibling data as healthy, fail the target list, require explicit unavailable copy, reject empty-state copy, reject raw backend text, and keep independent page sections visible.

Claim: A dropped API-key revoke request should preserve the active key row, show human recovery, count destructive confirm/cancel events, allow only the expected mocked resource failure, and emit no app-level fatal console errors.

Bug: The Dashboard API-key revoke flow handled a fetch-level transport failure visibly, but still emitted an app-level fatal console error for the expected recovery path.

Why normal checks missed it: The visible UI looked safe: canceling the confirm dialog preserved the active key, accepting the dialog kept the key active after the failed request, and the user saw Failed to revoke API key. The bug was hidden in browser evidence: the app logged the handled TypeError as fatal while the mocked net::ERR_FAILED resource event was expected.

Why this sells Riddle Proof: Riddle Proof caught operational-health debt in a transport failure that looked visibly handled: the UI recovered, but browser evidence still showed an app-level fatal error.

Reusable profile seed: For destructive network actions: include both cancel and accept paths, use fetch-level abort mocks for transport failures, cap destructive request counts, require preserved state, and separate expected resource errors from application console failures.

Claim: A failed Playground Batch job with no screenshots but valid console/HAR artifacts should show a useful error receipt, preserve secondary evidence, mark partial results available, avoid guessed artifact URLs, and stay browser-clean.

Bug: The authenticated Playground Batch result rendered a terminal error and no-screenshot guidance, but silently discarded returned console.json and network.har artifacts.

Why normal checks missed it: The route loaded, auth state worked, Batch submitted with sync:false, the service-provided artifacts_url was used, the backend error rendered, and the UI honestly said no screenshots were captured. A shallow check would see an error receipt and stop; the proof required secondary artifacts to be fetched and shown as partial evidence.

Why this sells Riddle Proof: Riddle Proof caught evidence loss in a page that otherwise looked like it had handled the failure: the useful debug artifacts existed, but the UI hid them.

Reusable profile seed: For async terminal jobs: include a zero-screenshot failed case with console/HAR artifacts, require the explicit artifact URL, assert partial-result copy, expand secondary sections, and verify no guessed fallback URL was used.

Claim: A public docs code-copy click should never report success while leaving a browser clipboard permission denial as an unhandled page error.

Bug: The public Preview docs code-copy control visibly claimed Copied! after the browser denied clipboard write permission, while the page recorded an unhandled clipboard permission error.

Why normal checks missed it: The docs route loaded, the code block rendered, required docs links stayed present, and the clicked button changed to Copied!. A shallow visual or smoke check would treat that as success; the proof required browser page health after the interaction.

Why this sells Riddle Proof: Riddle Proof caught feedback dishonesty in a public agent-facing docs control: the UI claimed success while the browser recorded a failed clipboard write.

Reusable profile seed: For public copy controls: click under realistic browser clipboard restrictions, require visible feedback plus clean page-error evidence, and then repeat the same contract for each sibling copy surface touched by the shared helper.

Claim: A malformed promo-code redeem success body on the public Redeem page should show one generic redeem error, preserve signed-in form state, avoid success copy, reject raw status/body/parser/object leaks, and stay clean on app/page health.

Bug: The public Redeem promo-code flow visibly recovered from a malformed 200 response, but showed Server error (200) and raw malformed response text to the user.

Why normal checks missed it: The route loaded, synthetic auth worked, the signed-in form stayed usable, the promo POST fired with the expected uppercase request body, and success UI stayed absent. A shallow check would see an error state and stop; the proof asserted the exact recovery text and raw-body absences.

Why this sells Riddle Proof: Riddle Proof caught sibling-surface contract drift: a backend recovery path fixed in Billing still leaked raw response text on public Redeem.

Reusable profile seed: For sibling action recovery: reuse the same malformed-success mock against each UI surface that calls the endpoint, require the local surface state to survive, and assert the exact fallback plus raw-text absences.

Claim: A malformed promo-code redeem success body should show one generic redeem error, preserve Billing state, avoid success copy, reject raw status/body/parser/object leaks, and stay clean on app/page health.

Bug: The Billing promo-code redeem flow visibly recovered from a malformed 200 response, but showed Server error (200) and raw malformed response text to the user.

Why normal checks missed it: The Billing route loaded, authentication worked, the promo POST fired with the expected request body, and the surrounding balance, transaction history, and auto-recharge state stayed visible. A shallow check would see an error state and stop; the proof asserted the exact recovery text and raw-body absences.

Why this sells Riddle Proof: Riddle Proof caught user-visible raw response leakage in a Billing action that otherwise looked like it had handled the failure.

Reusable profile seed: For handled action recovery: mock HTTP 200 with malformed body, require preserved surrounding state plus one visible fallback, assert success UI and raw response text stay absent, and keep app/page health clean.

Claim: A malformed API-key create success body should show one generic create error, preserve the existing API-key row, avoid the success modal, reject parser/object leaks, and stay clean on browser console health.

Bug: The Dashboard API-key create flow visibly recovered from a malformed 200 response, but still logged the JSON parser failure as a fatal browser console error.

Why normal checks missed it: The Dashboard route loaded, surrounding account data stayed visible, the existing API key remained active, the create form showed a generic failure, and the success modal stayed closed. The failure only appeared because the proof treated browser console health as part of the handled action contract.

Why this sells Riddle Proof: Riddle Proof caught hidden browser-health debt in a Dashboard action that looked correctly handled to the user.

Reusable profile seed: For handled action recovery: mock a successful HTTP status with malformed body, require preserved surrounding data plus one visible fallback, assert success UI stays absent, and fail on parser leaks or console/page noise.

Claim: The Playground should keep failed Script results reviewable when optional secondary artifacts are missing or malformed, without leaking browser warnings from artifact parsing.

Bug: A failed async Script result preserved screenshot evidence and rendered the correct error state, but malformed optional console.json leaked a browser console warning from the Playground artifact loader.

Why normal checks missed it: The page was usable, the route stayed stable, network and layout checks passed, and the failure receipt looked reviewable. The issue only appeared because the proof treated browser-health signals as part of the artifact contract.

Why this sells Riddle Proof: Riddle Proof caught an evidence-product bug that made a reviewable failed result look healthy while optional artifact parsing still leaked browser warning noise.

Reusable profile seed: For evidence viewers: load a failed result with one valid artifact and malformed optional secondary artifacts, require the useful receipt to remain visible, and fail on browser warnings or page errors.

Claim: The Playground should mark failed Script results as partial when any useful evidence exists, including console and HAR artifacts without screenshots.

Bug: A failed Script result with no screenshots but valid console and HAR artifacts rendered the secondary evidence, but omitted the partial results available receipt because the product counted only screenshots as partial evidence.

Why normal checks missed it: The route, failed state, console section, HAR section, layout, browser errors, and warning checks all passed. The semantic receipt check caught that console and HAR evidence were not treated as first-class partial results.

Why this sells Riddle Proof: Riddle Proof caught screenshot bias in an evidence UI by proving that console and HAR artifacts need the same recovery weight as screenshots.

Reusable profile seed: For failed-result evidence viewers: run one proof with screenshots absent and console/HAR present, assert the secondary evidence is visible, and require the same partial-results receipt used for screenshot-backed failures.

Claim: The Dashboard API-key creation modal should create a one-time key, show the secret and usage snippet, copy the secret under browser clipboard restrictions, show visible Copied feedback, and stay clean on page errors and console noise.

Bug: The Dashboard one-time API-key modal called the browser clipboard API directly. In Riddle's browser run, clipboard writes were denied, the page threw a fatal browser error, and the modal never reached the expected Copied state.

Why normal checks missed it: The Dashboard loaded, mocked account data rendered, the API-key POST succeeded, the one-time key modal appeared, and the curl snippet was visible. The failure only appeared when the proof clicked Copy inside the browser permission model and treated modal feedback plus page errors as part of the contract.

Why this sells Riddle Proof: Riddle Proof caught a real browser-permission failure in a credential-copy flow that looked healthy until the proof exercised the modal interaction.

Reusable profile seed: For one-time secret modals: set synthetic auth state, mock account APIs, submit the exact create action, assert request body and modal content, click Copy, require success or visible recovery, and fail on page errors plus console noise.

Claim: The Dashboard MCP Login Token card should let users copy a short-lived token without revealing it, reveal it only on explicit click, hide it again, and stay clean when clipboard writes are denied.

Bug: The Dashboard MCP Login Token card called the browser clipboard API directly. In Riddle's browser run, clipboard writes were denied, the page threw a fatal browser error, and the token copy flow never reached the expected masked Copied state.

Why normal checks missed it: The Dashboard loaded, mocked account data rendered, the token stayed masked, and the buttons looked right. The failure only appeared when the proof clicked Copy token inside the browser permission model and treated page errors plus token-redaction state as part of the contract.

Why this sells Riddle Proof: This is authenticated product proof material: Riddle Proof caught a real browser-permission failure in a token-control flow that looked healthy until the proof exercised the interaction.

Reusable profile seed: For sensitive auth/account controls: set synthetic auth state, mock account APIs, click the exact controls, assert secret redaction before and after copy, assert explicit reveal/hide behavior, and fail on page errors plus console noise.

Claim: Riddle Proof docs should expose clean, machine-consumable markdown examples without leaked HTML entity text while the rendered docs remain healthy.

Bug: The agent-facing Riddle Proof docs markdown export leaked HTML entity text into a code example, so the rendered docs were readable but the raw markdown that agents consume carried a stale escaped-code contract.

Why normal checks missed it: The human docs page loaded, the visible section looked correct, and normal route checks would not read the raw markdown body as an agent would. The failure only surfaced when the proof treated rendered docs and /docs/riddle-proof/markdown.md as separate public contracts.

Why this sells Riddle Proof: This is a public agent-surface catch: Riddle Proof caught docs drift that a human browser review could miss because the bug lived in the markdown contract agents actually read.

Reusable profile seed: For docs and agent surfaces: prove rendered HTML, raw markdown exports, required terms, forbidden stale or escaped snippets, viewport layout, fatal-console health, and warning hygiene together.

Claim: The Serverless docs should teach the current simple screenshot response contract and avoid stale polling-oriented screenshot guidance.

Bug: The Serverless docs still taught an old screenshot polling response shape, even though the current API returns immediate screenshot evidence for the simple screenshot flow.

Why normal checks missed it: The page loaded, the surrounding copy looked plausible, and stale API snippets can survive normal visual checks. The proof failed because it searched for the exact current contract and rejected the older polling-oriented language.

Why this sells Riddle Proof: This is public docs proof material: Riddle Proof caught stale integration guidance before it could keep teaching users and agents the wrong screenshot API shape.

Reusable profile seed: For API documentation: prove route health, exact current response-shape language, forbidden stale snippets, raw or rendered docs as needed, viewport layout, fatal-console health, and warning hygiene together.

Claim: The Riddle homepage should teach the current simple screenshot response shape and avoid stale screenshot JSON examples.

Bug: The homepage still advertised a stale screenshot JSON response shape, so the top public entry point taught a contract that no longer matched the simple screenshot API.

Why normal checks missed it: The homepage was visually polished and route-healthy. A normal screenshot review would see the marketing section, not whether the JSON example matched the actual API response contract.

Why this sells Riddle Proof: This is public conversion-surface proof: Riddle Proof caught stale API teaching copy on the homepage, where wrong examples shape a buyer or agent before they reach deeper docs.

Reusable profile seed: For homepages with live API examples: prove exact response-shape copy, forbidden stale examples, visible call-to-action context, viewport layout, fatal-console health, and warning hygiene together.

Claim: The Preview Tools guide should teach the current preview_url and /s/pv_* URL contract, and should not contain legacy subdomain Preview examples.

Bug: The Preview Tools guide still taught the old subdomain-style Preview URL and response field names instead of the current /s/pv_* preview_url contract.

Why normal checks missed it: The guide route loaded and the examples looked credible. The failure was a stale integration contract embedded in code snippets, so it needed exact text checks for both required current snippets and forbidden legacy snippets.

Why this sells Riddle Proof: This is public integration-docs proof: Riddle Proof caught a stale Preview URL contract in the guide that agents use to create before/after proof environments.

Reusable profile seed: For Preview and deployment docs: prove exact current URL shapes, response field names, before/after wiring examples, forbidden legacy snippets, viewport layout, fatal-console health, and warning hygiene together.

Claim: The public Playground should render async Workflow screenshot, console, and Network HAR evidence from the service-returned artifacts_url, including files[] and download_url artifact payloads.

Bug: The public Playground accepted an async Workflow job response with a service-returned artifacts_url, but still polled the guessed default /artifacts URL and rendered no Workflow screenshot, console, or HAR evidence.

Why normal checks missed it: The visible job result looked superficially successful: the Workflow request submitted, the job ID appeared, and the page showed a Success result. The failure lived in the evidence branch: the UI ignored the exact artifact collection URL returned by the service, so the proof artifacts existed but never reached the review surface.

Why this sells Riddle Proof: This is proof-driven-product material: Riddle Proof caught a mode-specific missing evidence branch inside Riddle Playground after the Workflow job itself already looked successful.

Reusable profile seed: For multi-mode artifact UIs: prove each mode honors service-returned artifact URLs, accepts files[] and artifacts[] payloads, supports url and download_url variants, avoids guessed fallback URLs, renders every expected evidence family, and stays clean on layout, fatal-console, and warning hygiene.

Claim: The public Playground should render screenshot, console, and Network HAR evidence from async Script files[] artifact payloads, including download_url-only HAR files.

Bug: The public Playground rendered screenshot and console artifacts from an async Script files[] response, but ignored the network.har artifact in the same payload.

Why normal checks missed it: The visible run looked mostly healthy: the async job completed, the custom artifacts_url was used instead of a guessed /artifacts URL, the screenshot label appeared, and console output rendered. The missing branch was narrower: HAR evidence existed in the artifact payload but never became a Network HAR review section.

Why this sells Riddle Proof: This is proof-driven-product material: Riddle Proof caught a missing evidence branch inside Riddle Playground after the async run already looked successful.

Reusable profile seed: For artifact UIs and agent-run consoles: prove service-returned artifact URLs, all artifact payload families, url and download_url variants, forbidden fallback URLs, expandable evidence panes, layout, fatal-console health, and warning hygiene together.

Claim: The public Playground should render partial async Script evidence from the explicit service-provided artifacts URL, including visible screenshot names for single-screenshot completed_error runs.

Bug: The public Playground preserved a partial screenshot from an async Script run that ended completed_error, but hid the screenshot name when there was only one screenshot.

Why normal checks missed it: The hard artifact contract worked: /v1/run returned an explicit artifacts_url, the UI used that custom endpoint instead of a guessed /artifacts path, accepted files[] with screenshot download_url, showed the structured error, preserved partial results, fetched console output, and stayed clean on overflow, fatal errors, and warnings. The remaining failure was evidence reviewability: the screenshot existed, but its visible artifact label was missing.

Why this sells Riddle Proof: This is proof-driven-product material: Riddle Proof caught an evidence-reviewability bug inside Riddle Playground itself after the underlying async artifact contract already worked.

Reusable profile seed: For hosted tool and agent UI audits: prove the service-returned artifact URL, artifact payload shape, partial-failure evidence, visible artifact labels, console evidence, forbidden fallback URLs, layout, fatal-console health, and warning hygiene together.

Claim: A public blog article referenced by Riddle-owned discovery surfaces should exist as a rendered route and raw markdown export, and should not contain unfinished placeholder copy.

Bug: Riddle public blog and agent-facing surfaces referred to the OpenClaw/Moltbook article, but /blog/openclaw-moltbook returned 404 and the unpublished source still carried draft placeholder copy.

Why normal checks missed it: The surrounding blog index, footer, sitemap, and existing article pages were healthy. The issue only surfaced when the proof treated the specific article route, its raw markdown export, and finished-copy markers as one public contract across the viewport matrix.

Why this sells Riddle Proof: This is a public proof-surface catch: Riddle Proof found a broken story route and draft-copy debt in the article explaining Riddle Proof/OpenClaw work, then proved the Preview and production fix with durable artifacts.

Reusable profile seed: For public article and agent-surface audits: prove the rendered route, index/discovery link, raw markdown export, sitemap entry, placeholder absence, viewport layout, fatal-console health, and warning hygiene together.

Claim: The public Good Catch Diary should be current, artifact-backed, and clean enough to use as proof material: route, content, artifacts, evidence links, layout, fatal-console health, and warning hygiene should all pass together.

Bug: The human-facing Good Catch Diary rendered the right stories and artifact links, but the browser console still emitted unused CSS preload warnings from prefetched internal routes.

Why normal checks missed it: The route loaded cleanly, all 39 catch cards rendered, the newest Profile Warnings story was visible, 39 screenshot artifacts and 39 evidence links were healthy, /llms.txt and Riddle Proof markdown were healthy, overflow stayed at 0px, and fatal console/page errors were clean. The failure lived in warning-level browser noise that only the no_console_warnings contract treats as product evidence.

Why this sells Riddle Proof: This is a public proof-surface catch: Riddle Proof found browser warning debt on the page that sells Riddle Proof catches, then proved the fix through Preview and production with durable artifacts.

Reusable profile seed: For proof diaries, galleries, and marketing evidence pages: prove story count, newest story text, screenshot artifact health, evidence-link health, machine-readable discovery surfaces, layout, fatal-console health, and no_console_warnings in one reusable profile.

Claim: Riddle Proof docs should expose Profile Warnings in both rendered and machine-consumable docs when the package can emit nonblocking warnings for ambiguous proof profiles.

Bug: Riddle Proof had shipped nonblocking profile warnings for ambiguous network mock response selectors, but the public Riddle Proof docs and agent-facing markdown did not mention Profile Warnings or the warnings result field.

Why normal checks missed it: The docs page loaded cleanly, the existing Profile Mode section and network mock terms were visible, /docs/riddle-proof/markdown.md returned 200 text/markdown with nonzero bytes, overflow stayed at 0px, and fatal console/page errors were clean. The gap was semantic: the newly shipped warning surface was absent from both human and machine-consumable docs.

Why this sells Riddle Proof: This is a self-audit catch with durable artifacts: Riddle Proof caught docs drift for its own newly shipped warning surface and proved the human page, agent markdown, Preview, and production fix with the same profile.

Reusable profile seed: For proof-product docs: prove rendered terms, raw markdown body terms, sidebar/navigation exposure, viewport layout, fatal-console health, and post-deploy production state together whenever a proof package adds a new reusable contract.

Claim: Builder build previews must accept only fresh temporary build preview URLs; same-host saved artifact paths must be rejected before Open in new tab or Save to Arcade can act on them.

Bug: LilArcade Builder accepted a same-host saved preview URL from /saved/riddle-proof-v454-sneaky-existing/index.html as if it were a fresh build artifact, leaving Open in new tab and Save to Arcade available instead of rejecting the stale saved-artifact path.

Why normal checks missed it: The unsafe URL used the trusted preview bucket host, auth and chat both worked, and the page stayed visually stable. The defect only surfaced when proof treated Builder preview context as stricter than saved-player context and required the forbidden saved-preview-path mock to stay at zero hits.

Why this sells Riddle Proof: This is a real product-boundary catch: normal same-host URL checks were not enough, but browser proof caught the unsafe Builder preview path before it became a reusable save/open escape.

Reusable profile seed: For generated-app builders: prove auth setup, build response URL classification, forbidden artifact-path hit counts, visible failure copy, and a full recovery save/play path in one profile.

Claim: The public Good Catch Evidence Manifest should be clean enough to serve as proof material: route, content, layout, fatal-console health, and warning hygiene should all pass together.

Bug: The public Good Catch Evidence Manifest looked healthy, but browser console evidence showed unused preload warnings from automatic route prefetch and eager below-the-fold proof screenshots.

Why normal checks missed it: The route loaded, all 36 manifest cards rendered, the Profile Mode docs catch and job IDs were visible, overflow stayed at 0px, and fatal console/page errors were clean. The issue lived in warning-level browser noise that the previous fatal-console contract intentionally ignored.

Why this sells Riddle Proof: This is a proof-system dogfood catch: a newly promoted base Riddle Proof warning contract immediately found real warning/performance debt on Riddle public proof material.

Reusable profile seed: For proof galleries, evidence manifests, and long artifact pages: prove route/content/layout/fatal-console health together with no_console_warnings so warning debt cannot accumulate under otherwise green browser proof.

Claim: Riddle Proof docs should expose the Profile Mode contract in both rendered and machine-consumable docs so agents can reuse audit/proof profiles without rediscovering the primitives from dogfood notes.

Bug: The public Riddle Proof docs explained profile text semantics, but they did not document the Profile Mode primitives that recent real proof runs were using: network mocks, repeated and delayed responses, request-body receipts, setup actions, and iframe checks.

Why normal checks missed it: The docs page loaded cleanly, the existing Profile Text Semantics section was visible, the raw markdown route returned 200, overflow stayed at 0px, and fatal console evidence was clean. The drift was semantic: the rendered and machine-consumable docs had not caught up with the reusable proof contract.

Why this sells Riddle Proof: This is a self-audit catch: Riddle Proof found that Riddle Proof docs had fallen behind the exact reusable profile primitives being used for real audits.

Reusable profile seed: For proof-product docs: prove rendered docs, raw markdown body terms, viewport layout, fatal-console health, and public proof-story promotion together so the human and agent surfaces stay aligned.

Claim: Riddle llms.txt should link agents directly to the raw proof example bundle, not only to the human proof example page.

Bug: The public llms.txt agent index linked to the human proof example page, but it did not link directly to the raw machine-consumable proof bundle that agents should ingest.

Why normal checks missed it: The file itself returned 200 text/plain, the human proof example page returned 200, the raw JSON bundle returned 200 application/json, overflow stayed at 0px, and fatal console evidence was clean. The missing contract was discovery: agents had to infer the raw proof receipt from the human page.

Why this sells Riddle Proof: This is an agent-discovery catch: the machine-consumable proof receipt was public and healthy, but the compact agent entrypoint hid it.

Reusable profile seed: For llms.txt and agent indexes: prove the file route, raw linked bodies, neighboring human review page, viewport layout, fatal-console health, and direct links to machine-consumable artifacts together.

Claim: Riddle public proof examples should keep the rendered review page, artifact links, and raw agent-facing proof bundle aligned with the current proof-loop contract.

Bug: The public proof example page rendered cleanly and linked to healthy artifacts, but the raw JSON bundle that agents consume was stale and did not carry proof receipts, the Bring your agent; Riddle brings the proof promise, or the agent-proof contract.

Why normal checks missed it: The human page looked trustworthy: the route loaded, the proof example status was passed, all seven artifact links were healthy, overflow was 0px, and fatal console evidence was clean. The drift lived in the machine-consumable proof contract behind the page.

Why this sells Riddle Proof: This is a machine-consumable proof-surface catch: the public page looked healthy, but Riddle Proof found the raw agent-facing bundle had drifted behind the product contract.

Reusable profile seed: For public proof examples: prove rendered status, artifact link quality, raw JSON body terms, viewport layout, and fatal-console health together so human and agent surfaces cannot drift independently.

Claim: The Agent Guide should point agents from raw browser API mechanics to the reusable Riddle Proof loop, and the public evidence surface should show the catch with durable artifacts.

Bug: The public Agent Guide explained raw browser screenshot and /v1/run mechanics, but it did not connect agents to the reusable Riddle Proof loop, proof receipts, or the "Bring your agent; Riddle brings the proof." contract.

Why normal checks missed it: The route loaded cleanly, the existing guide sections rendered, the raw markdown export returned 200, overflow stayed at 0px, and the neighboring Riddle Proof docs were healthy. The missing product contract was the bridge from browser primitives to durable proof workflow.

Why this sells Riddle Proof: This is an agent-surface catch on Riddle itself: the docs were healthy as browser API docs, but proof found the missing bridge to the productized evidence loop agents should reuse.

Reusable profile seed: For agent-facing docs: prove rendered copy, raw markdown copy, neighboring proof docs, responsive layout, fatal-console health, and public proof-story promotion together.

Claim: Riddle should expose a compact llms.txt agent index that points agents to docs, Proof, Preview, MCP, OpenAPI, sitemap, robots, and public proof evidence.

Bug: Riddle had markdown docs, Proof docs, Preview docs, MCP docs, OpenAPI YAML, and robots surfaces, but no public llms.txt entrypoint for agents to discover the set quickly.

Why normal checks missed it: The neighboring machine-readable surfaces were healthy and the rendered site worked. The missing contract was the compact agent index itself, which only surfaced when the proof treated agent-readable docs and discovery links as first-class product behavior.

Why this sells Riddle Proof: This is an agent-discovery catch: the public docs were individually healthy, but browser proof found that agents had no compact starting point for the product surface.

Reusable profile seed: For agent-facing products: prove llms.txt, raw markdown docs, OpenAPI specs, sitemap, robots, and public proof examples together so machine-consumable surfaces cannot drift independently.

Claim: Riddle public docs, blog, guide, proof, and Good Catch routes should be discoverable through sitemap.xml, not only reachable by direct URL.

Bug: Riddle public pages rendered correctly, but sitemap.xml omitted docs, MCP, blog, guide, proof, and Good Catch routes that crawlers and agents rely on for discovery.

Why normal checks missed it: The visible pages were healthy: docs and blog routes loaded, route text was present, responsive overflow stayed at 0px, and console/page evidence was clean. The defect lived in a machine-consumable discovery file, not in the rendered page.

Why this sells Riddle Proof: This is a machine-consumable discovery catch: the product looked fine to humans, but browser proof found that crawler and agent discovery was stale.

Reusable profile seed: For public docs and marketing sites: assert rendered page health, sitemap route coverage, robots policy, and raw agent artifacts together so human and machine surfaces cannot drift apart.

Claim: Riddle robots.txt should allow public raw markdown exports used by agents, while still advertising the sitemap.

Bug: robots.txt returned 200, advertised the sitemap, and allowed the site generally, but it explicitly disallowed the raw markdown exports that Riddle presents as agent-consumable docs.

Why normal checks missed it: The docs markdown itself was fetchable as text/markdown and the robots file looked superficially healthy. The mismatch only surfaced because the proof asserted absence of the four stale markdown Disallow rules.

Why this sells Riddle Proof: This is an agent-surface catch: the human docs existed, but crawler policy still discouraged the machine-readable versions that agents should consume.

Reusable profile seed: For agent-facing docs: prove rendered pages, raw markdown content, robots policy, sitemap references, and forbidden crawl rules in one profile.

Claim: A Builder save-success CTA that opens a saved game player should say Play saved game and not View on home page.

Bug: After a generated LilArcade game was saved, the success CTA linked to the saved player route but said View on home page.

Why normal checks missed it: The flow looked healthy: save worked, the saved-game link existed, the generated preview rendered, overflow stayed at 0px, and fatal console/page evidence was clean. The mismatch only surfaced because the proof treated CTA copy and destination as one browser-visible contract.

Why this sells Riddle Proof: This is a semantic UI contract catch: the product could save and open the game, but the browser proof caught that the call to action named the wrong destination.

Reusable profile seed: For post-submit CTAs: assert the visible label, destination, absence of stale copy, state confirmation text, responsive overflow, and console/page health across production and Preview.

Claim: An async-only Playground Batch result should show a generated curl command that includes "sync": false and matches the actual request body.

Bug: The authenticated Playground Batch flow correctly sent sync:false in the real /v1/run request body, returned a durable job receipt, and rendered screenshot artifacts, but the generated and copyable curl command omitted "sync": false.

Why normal checks missed it: The product behavior worked: submit succeeded, artifacts rendered, job receipt was visible, loading cleared, layout stayed clean, and browser console/page evidence was healthy. The mismatch only surfaced because the proof treated the integration snippet as part of the product contract, not as passive docs.

Why this sells Riddle Proof: This is a generated-command contract catch: Riddle Proof found that the UI worked but the integration command taught a subtly wrong async API call.

Reusable profile seed: For API playgrounds and copy buttons: assert the visible generated command includes the fields proven in the actual request body, especially mode flags, endpoints, auth shape, and artifact polling contracts.

Claim: An async Playground Script result should expose the durable Riddle job id alongside screenshot and console artifacts.

Bug: The authenticated Playground async Script result rendered screenshot and console artifacts from a successful mocked job, but did not expose the durable job id on the visible result screen.

Why normal checks missed it: The submit request worked, artifact polling worked, the screenshot item rendered, console output rendered, loading cleared, layout stayed clean, and browser console/page evidence was healthy. The missing receipt only surfaced because the proof required the result UI to be traceable back to the exact Riddle job.

Why this sells Riddle Proof: This is a receipt-traceability catch: the artifact UI looked successful but omitted the identifier users, support, and agents need to connect the result back to a durable Riddle proof bundle.

Reusable profile seed: For async artifact UIs: assert not only artifact rendering and terminal state, but also the visible job id or run receipt that makes the result shareable and supportable.

Claim: Billing should recover from a transient balance-load failure and render Stripe-backed payment UI without React hydration page errors.

Bug: The authenticated Billing page recovered from a forced transient balance-load failure and rendered the expected account state, but browser page-error evidence still captured Minified React error #418 from the Stripe Elements surface.

Why normal checks missed it: The visible page looked recovered: Billing & Credits rendered, the Retry flow worked, balance and transaction text appeared, and responsive layout stayed clean. The issue was only visible because the proof treated page errors as first-class evidence instead of trusting the final screenshot alone.

Why this sells Riddle Proof: This is a screenshot-is-not-enough catch: the UI looked healthy after recovery, but the browser still recorded a React hydration failure that would be easy to miss in manual review.

Reusable profile seed: For payment and embedded-widget pages: prove the visible account state and also require page_error_count 0; then run the same profile after mount/defer fixes to confirm the hidden browser error is gone.

Claim: An async Script artifact response with status: failed should render an error warning, preserve the service error message, and keep partial screenshot evidence visible.

Bug: The Playground async Script path received a terminal status: failed artifact response with a service error and partial screenshot, but rendered a neutral Result state without .error-warning, the backend message, or the partial results available warning.

Why normal checks missed it: The route loaded, auth setup worked, submit and artifacts mocks hit exactly once per viewport, one partial screenshot rendered, loading cleared, layout stayed clean, and final console/page evidence was clean. The issue only surfaced when the profile asserted exact terminal-failure UI semantics.

Why this sells Riddle Proof: This is an async artifact-status catch: the product preserved partial evidence but hid the terminal failure semantics users and support need.

Reusable profile seed: For async artifact UIs: include terminal failed, completed_error, completed_timeout, partial artifacts, exact service messages, and structural error-warning assertions.

Claim: Dashboard Recent Jobs should translate completed_timeout to Timed Out and completed_error to Failed across authenticated desktop, phone, and tablet views.

Bug: The authenticated dashboard Recent Jobs table rendered service terminal statuses as Completed Timeout and Completed Error instead of human labels Timed Out and Failed.

Why normal checks missed it: The dashboard route loaded, auth setup worked, balance data rendered, API keys rendered, recent job rows rendered, layout stayed clean, and final console/page evidence was clean. The issue only surfaced when the profile asserted exact status semantics for terminal service states.

Why this sells Riddle Proof: This is a practical dashboard-audit catch: every row existed and the page was clean, but the product leaked backend vocabulary where users needed clear terminal-state meaning.

Reusable profile seed: For account dashboards: mock representative service states, assert the visible human label for each state, add absence checks for raw service labels, and pair semantic checks with responsive and console evidence.

Claim: An async Script response with only job_id should poll /v1/jobs/{job_id}/artifacts and render the returned screenshot artifact.

Bug: The Playground async Script path accepted a job-id-only response, but then polled https://api.riddledc.comundefined/ instead of the standard /v1/jobs/{job_id}/artifacts endpoint.

Why normal checks missed it: The route loaded, auth setup worked, Script async controls were reachable, the submit request body was correct, and layout stayed clean. The issue only showed up when the proof required the artifacts endpoint hit count, screenshot result, loading-state cleanup, and final console health.

Why this sells Riddle Proof: This is an async-contract catch: the UI looked ready to run, but a valid response shape left users polling a malformed URL instead of seeing the artifact they requested.

Reusable profile seed: For async job UIs: return only job_id from submit, require /v1/jobs/{job_id}/artifacts, assert artifact rendering, and add a negative signal for malformed legacy poll URLs.

Claim: An async Workflow timeout should show the timeout message from job artifacts while preserving any partial screenshot evidence.

Bug: The Playground async Workflow timeout path preserved a partial screenshot, but replaced the service timeout detail with generic "Workflow timed out after 120 seconds" copy.

Why normal checks missed it: The route loaded, auth setup worked, Workflow async controls were reachable, the submit and artifacts mocks hit exactly once per viewport, the timeout state rendered, the partial screenshot stayed visible, layout stayed clean, and final console/page evidence was clean. The issue was only visible when the proof asserted the exact timeout reason from the artifacts payload.

Why this sells Riddle Proof: This is an artifact-trust catch: the proof showed the product kept a useful receipt but hid the reason the receipt mattered, making timeout triage weaker than the underlying Riddle evidence.

Reusable profile seed: For async artifact UIs: mock completed_timeout with a structured timeout message and partial artifacts, then assert both the visible failure reason and the preserved artifact rows/thumbnails.

Claim: A dashboard balance-load failure should show the backend human message while preserving other account data such as recent jobs and API keys.

Bug: The authenticated dashboard hid a structured balance-load backend failure and silently showed 0s / $0.00, making a dependency outage look like an empty account.

Why normal checks missed it: The dashboard route loaded, auth setup worked, recent jobs rendered, the API-key row rendered, layout stayed clean, and final console/page evidence was clean. The issue was only visible when the proof asserted the exact backend message from the failed balance dependency.

Why this sells Riddle Proof: This is a support-quality catch: the page looked healthy enough to trust, but the balance widget silently converted a backend failure into an apparent zero-credit account.

Reusable profile seed: For dashboards with multiple backend dependencies: mock one read dependency as a structured failure, keep sibling reads successful, assert the exact human message, and prove unaffected data remains visible.

Claim: A rejected auto-recharge disable request should roll the visible toggle back to the persisted on state and render the backend human message, never an object placeholder.

Bug: The billing page correctly rolled a failed auto-recharge disable attempt back to (ON), but rendered [object Object] instead of the backend human rejection message.

Why normal checks missed it: The route loaded, authenticated billing data rendered, the failed PUT fired exactly once per viewport, the inline error existed, and the visible toggle rollback was correct. The regression was only obvious when the proof asserted the exact backend message and object-placeholder absence.

Why this sells Riddle Proof: This is a billing-support catch: the account state stayed safe, but the UI hid the backend reason a user or support person would need to understand the failed settings change.

Reusable profile seed: For account settings: combine failed-write mocks, request-body assertions, rollback-state assertions, exact backend-message checks, object-placeholder absence, and expected 4xx console handling.

Claim: An async Workflow validation failure should preserve the backend human message and never render a structured error object placeholder.

Bug: The Playground async Workflow path handled a structured validation failure but rendered the error as [object Object] instead of showing the backend human message.

Why normal checks missed it: The route loaded, auth setup worked, the Workflow and Async controls were reachable, the request body was correct, and the mocked 400 fired exactly once per viewport. The regression was only visible when the proof asserted the exact structured backend message.

Why this sells Riddle Proof: This is a support-facing API-tool catch: the workflow failure was handled, but the UI hid the reason a user or support person would need to debug the request.

Reusable profile seed: For playgrounds and API consoles: drive the real mode controls, submit realistic request bodies, mock structured 4xx failures, and assert exact human backend messages instead of generic error boxes.

Claim: A rejected payment-method setup request should preserve the backend human error while keeping the account in the no-payment-method state.

Bug: The billing page handled a rejected payment-method setup request but replaced the backend human message with generic "Failed to create setup intent" copy.

Why normal checks missed it: The route loaded, the Stripe-backed form opened, the failed POST fired exactly once per viewport, the no-payment-method state remained, and an inline error rendered. Only the proof checked that the specific backend message survived to the user.

Why this sells Riddle Proof: This is a practical checkout/settings catch: the workflow failed safely, but the product hid the backend reason a user or support team would need.

Reusable profile seed: For billing and checkout fallbacks: mock structured 4xx failures, assert the exact backend message, assert the unchanged account state, and keep expected resource errors separate from application failures.

Claim: A rejected API-key revoke should show the user-facing failure and preserve the active key row without emitting an app-level fatal console error.

Bug: The dashboard visibly handled a rejected API-key revoke request, but still emitted an app-level console.error for the handled domain failure.

Why normal checks missed it: The visible fallback looked correct: the confirm dialog was accepted, the backend rejection message appeared, the active key row stayed present, and the revoked/empty states stayed absent. The bug was the hidden fatal console signal after an expected failure path.

Why this sells Riddle Proof: This catch is useful because the user-visible fallback was already correct. Riddle Proof still found the hidden app-level error that would make browser evidence noisy and mask real regressions later.

Reusable profile seed: For destructive dashboard actions: accept/dismiss browser dialogs explicitly, cap the destructive request count, assert preserved rows, and treat app console errors separately from expected mocked 4xx resource events.

Claim: A structured API-key validation error should render as human text without crashing the authenticated dashboard or dropping the existing key list.

Bug: The authenticated dashboard tried to render a structured API-key validation error object directly, crashing the API Keys section instead of showing the human message.

Why normal checks missed it: The dashboard loaded, auth setup worked, existing keys rendered, and the create request body was correct. The bug only appeared when the mocked backend returned a realistic nested error payload.

Why this sells Riddle Proof: This is a strong authenticated-product catch: the request was right and the API failure was realistic, but the UI crashed because it rendered an object as a React child.

Reusable profile seed: For admin/settings forms: mock structured error payloads, assert human copy, assert existing rows remain, and require [object Object] plus application-error text to stay absent.

Claim: A rejected auto-recharge settings save should display the failure while restoring the previous off state.

Bug: The billing page showed a rejected auto-recharge save error but left the toggle label at (ON), advertising a setting that the backend had not persisted.

Why normal checks missed it: The page loaded, payment-method state rendered, the expected error appeared, and the mocked PUT request fired. The regression was the stale optimistic UI state after the failed write.

Why this sells Riddle Proof: This is a settings-integrity catch: a route and error toast can both be green while the UI lies about whether the account setting was actually saved.

Reusable profile seed: For account settings: mock failed writes, assert rollback to the prior visible state, cap network hit counts, and keep expected mocked 4xx console evidence separate from product failures.

Claim: A dashboard recent-jobs row with status failed should visibly render as Failed across authenticated desktop, phone, and tablet views.

Bug: The authenticated Riddle site dashboard rendered a mocked failed job row as Queued, hiding the failed state from the recent-jobs table.

Why normal checks missed it: The dashboard route loaded, balance data rendered, API keys rendered, and auth storage was accepted. The issue only showed up when the proof asserted the exact status semantics of a non-happy job row.

Why this sells Riddle Proof: This is a product-quality dashboard catch: the page was alive and authenticated, but the business meaning of a failed browser job was wrong.

Reusable profile seed: For dashboards: mock representative completed, failed, and running rows, assert the visible status label for each state, and pair semantic assertions with responsive overflow checks.

Claim: An authenticated billing workflow should complete without widening the page shell on desktop, phone, or tablet viewports.

Bug: The authenticated Riddle site billing page desktop nav overflowed after the signed-in email and Sign Out control were present.

Why normal checks missed it: The billing route reached the final promo-code success state, all mocked billing calls behaved correctly, and the workflow looked usable. The regression was in the authenticated shell around the workflow.

Why this sells Riddle Proof: This shows why browser proof should stay on after the business flow succeeds: the workflow was green, but the authenticated product shell was visibly broken.

Reusable profile seed: For authenticated workflows: combine task success, retry cleanup, shell overflow, and expected-error console handling in the same profile.

Claim: A malformed identity-provider success response must not create an authenticated builder session.

Bug: The builder treated a successful Cognito response with an empty AuthenticationResult as a real authenticated session and mounted the builder UI without a usable token.

Why normal checks missed it: The HTTP status was 200 and the screen changed to the authenticated builder. A smoke test that only checks the happy path would never inspect whether a valid token was actually present.

Why this sells Riddle Proof: This is the kind of auth-boundary bug that looks fine in the browser until the proof asks whether the privileged UI opened from a valid token or just a friendly HTTP shape.

Reusable profile seed: For login surfaces: mock malformed success payloads, assert privileged selectors stay absent, and capture request bodies for the identity-provider exchange.

Claim: A delayed build completion from a prior session must not mutate a fresh logged-in builder session.

Bug: A delayed build response was allowed to apply preview and save state after the user logged out and returned to a fresh builder session.

Why normal checks missed it: A normal logout check can pass if no in-flight request completes late. The bug only appears when the browser keeps the delayed network response alive across a session reset.

Why this sells Riddle Proof: The browser proof makes race conditions reproducible: not by reading code, but by controlling timing and checking what the user sees after the stale response lands.

Reusable profile seed: For async workflows: add delayed network mocks, abort/reset actions, post-reset selector absence checks, and optional mock-hit evidence for stale responses.

Claim: Canceling a save draft should clear optional form state before a later save request is submitted.

Bug: After canceling a save form, stale optional name, emoji, and description fields leaked into a later save request even though the final player looked correct.

Why normal checks missed it: The route, iframe, layout, and console checks were all green. Only the captured /api/save request body showed the canceled draft values were still being submitted.

Why this sells Riddle Proof: This is the perfect “visually green, semantically wrong” catch: the browser reached the right page, but the network receipt proved the app submitted stale user data.

Reusable profile seed: For forms: capture request bodies, assert required and forbidden fields, and include cancel/reopen paths before the final submit.

Claim: A valid compound emoji entered in the builder should survive serialization into the save request body.

Bug: The builder emoji input truncated a valid compound emoji, saving the rainbow flag as the broken partial sequence 🏳️‍.

Why normal checks missed it: The builder preview, saved state, iframe, layout, and console checks all looked fine. The failure was inside the serialized save payload.

Why this sells Riddle Proof: This is a crisp example of why proof receipts should include network payload evidence: the page looked fine, but the saved data was corrupt.

Reusable profile seed: For user-generated content: include exact Unicode values, capture serialized request bodies, and assert both required and forbidden payload strings.