Code that compiles, is called, returns Ok — and does nothing. The bug that hides best.
ADR-044's exact target: functions that compile, are called from production code, and return Ok / default / hardcoded values without doing the work the docstring promised. Structs declared but never constructed. Parameters accepted then suppressed. Persistence hooks wired in one of N consumers. AI cargo-culting at industrial scale.
Large codebases accumulate code that satisfies the static type system and the nearest test, but does not do the work the business depends on. The result compiles, runs, returns Ok — and quietly does nothing. The bug only surfaces when production traffic relies on the missing work.
The wired-but-inert specialist enumerates 12 shapes Securie's static + dynamic analysis catches: from `let _ = arg` suppression through `Mock*` returned-from-production-factory to flag-off-in-default-build.
Sandbox-replay confirms the function actually performs the work its docstring promises — not just that it returns Ok. A function whose runtime behavior is `pass` despite a thousand-line docstring fails the gate.
Securie reads the surrounding codebase's idiom (via Ring 0 KB) and flags new code that adopts the shape without the substance — e.g., a new HTTP handler that imports the same middleware as siblings but never wires the middleware up.
Dead code (unused functions) and inert surfaces (called but no-op) are different. Linters catch the first; Securie catches both, with priority on the second.
TODO / FIXME comments are intentional markers. Inert surfaces are the opposite — code that looks intentional but is, by behavior, unimplemented. The most expensive bug shape AI introduces.