feat(cli): add specify validate command for deterministic verification

[mvanhorn]

Summary

Adds specify validate - a CLI command that verifies completed tasks have corresponding implementations through deterministic checks. No AI required - runs in CI/CD pipelines with machine-readable output.

Why this matters

Multiple issues request verification that marked-done tasks were actually implemented. The existing spec-kit-verify extension relies on an AI agent, costs money per invocation, and can't run in CI.

Source	Evidence	Engagement
#1865	"verify that [X]-marked tasks were actually implemented"	enhancement label
#1862	"Add a Verification Spec to Support Automated Agent Loops"	Detailed analysis of AI-specific failure modes
#1745	"/speckit.verify Command for Implementation Validation"	1 thumbs up

The comment on #1862 by @raye-deng captures it: "AI agents generate code that satisfies explicit test assertions but fails in ways the tests never thought to check." Deterministic verification catches what AI verification misses.

Key differentiator from spec-kit-verify extension: This command is deterministic and CI-runnable. It checks file existence, parses task descriptions for file references, and maps spec requirements to tasks by keyword overlap. No LLM calls, no cost, reproducible results.

Changes

• Added specify validate command to the CLI (src/specify_cli/__init__.py)
• Helper functions: _parse_tasks(), _extract_keywords(), _verify_task_files(), _parse_spec_requirements(), _trace_requirement_to_tasks()
• Task parsing: extracts - [x]/- [ ] items from tasks.md with keyword extraction
• File verification: checks if files referenced in completed task descriptions exist
• Spec traceability: maps functional requirements to tasks by keyword overlap (2+ shared meaningful words)
• Options: --feature (target specific), --ci (exit 1 on failure), --json (machine-readable), --strict (warnings become failures)
• 19 unit tests in tests/test_validate.py

Testing

$ .venv/bin/python -m pytest tests/test_validate.py -v
19 passed in 0.16s

$ .venv/bin/python -m pytest tests/ -v
401 passed in 2.51s

Sample output:

Implementation Validation Report

  Task Verification (003-user-auth)
    ✓ Create auth/login.py endpoint
      files verified: auth/login.py
    ✓ Add password hashing with bcrypt
      no file references to verify
    ⚠ Write tests for auth module
      referenced files not found: tests/test_auth.py
    ○ Update API documentation
      not completed

  Spec Traceability (003-user-auth)
    ✓ Users can log in with email and password
    ✓ Passwords are stored securely
    ⚠ Users can reset their password via email
      no matching task found

Validation: 4/5 checks passed, 2 warnings, 1 skipped

The --ci flag makes this usable in GitHub Actions:

- run: specify validate --ci --strict

This contribution was developed with AI assistance (Claude Code).

[mnriem]

Can you deliver this as an extension? See https://github.com/github/spec-kit/tree/main/extensions

[mvanhorn]

Got it - will repackage these as an extension. Closing these and will submit a PR with a bundled extension that provides resume, doctor, and validate as extension commands.