I've been working on the exact same philosophical problem, but at the production execution layer rather than the dev tooling layer. I built a zero-trust policy engine that sits right before an AI agent triggers a real-world consequence (like a financial transaction or DB write), requiring deterministic, cryptographically verifiable proof before allowing the execution.
It’s incredibly refreshing to see this strict, "fail-closed" deterministic fact-checking mindset being applied to the debugging phase too. Awesome work on the implementation!