@intentsolutions/audit-harness 0.1.0 → 1.1.6

package/schemas/audit-profile/layer-applicability.md

@@ -0,0 +1,146 @@
+# Layer Applicability — GENERATED from `registry.v1.json`
+
+> ⚠️ **GENERATED FILE — do not edit by hand.**
+> Source of truth: [`registry.v1.json`](registry.v1.json) (the canonical dimension→gate datum; `classify` resolves against it).
+> Regenerate: `audit-harness gen-layer-applicability --write` (or `python3 scripts/gen-layer-applicability.py --write`).
+> CI gate `layer-applicability-drift` fails the build if this file drifts from the registry.
+>
+> registry `sha256:ffbc75700fb5eb501cb47f1e4038f47ab95ae1fba534b38095e1fe7820c80ed1`
+
+THE canonical dimension-to-gate registry: the single datum that answers 'which gates apply to repo-type X, in which dimension, at what applicability'. layer-applicability.md and each repo's TESTING.md are PROJECTIONS of this datum. `classify` resolves the UNION of a repo's detected classifications against this registry and records its sha256 as the audit-profile's registry_hash. Every gate defaults to enforcement=advisory; blocking is earned (engineer-pinned in TESTING.md, FP-rate-gated). applicability mirrors the matrix glyphs: required(✅) recommended(⭕) conditional(⚠) waived(❌).
+
+**Legend (applicability):** ✅ required · ⭕ recommended · ⚠ conditional · ❌ waived
+
+Every gate defaults to `enforcement: advisory`. Blocking is **earned** — engineer-pinned in the target repo's `tests/TESTING.md`, FP-rate-gated (see [`gate-promotion.md`](../../docs/gate-promotion.md)).
+
+## Base gates (apply to every repo)
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:hygiene-links` | hygiene | ⭕ recommended | advisory | `lychee` |
+| `audit-harness:local:hygiene-markdown` | hygiene | ⭕ recommended | advisory | `markdownlint` |
+| `audit-harness:local:hygiene-readme` | hygiene | ⭕ recommended | advisory | — |
+| `audit-harness:ci:cve-osv` | security | ⭕ recommended | advisory | `osv-scanner` |
+| `audit-harness:ci:secrets-gitleaks` | security | ⭕ recommended | advisory | `gitleaks` |
+
+## By classification
+
+A repo carries the **UNION** of every classification it matches (`classify` never picks a single winner). Gates dedup by `gate_id`, keeping the highest applicability.
+
+### `action`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:conform-action` | conformance | ✅ required | advisory | `yamllint` |
+| `audit-harness:ci:smoke` | testing-depth | ⭕ recommended | advisory | — |
+
+### `agent`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:conform-agent` | conformance | ✅ required | advisory | `validate-agent` |
+
+### `api`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:conform-openapi` | conformance | ✅ required | advisory | `spectral` |
+| `audit-harness:ci:sast` | security | ✅ required | advisory | `semgrep` |
+| `audit-harness:ci:contract` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:crap-score` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:integration` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:unit` | testing-depth | ✅ required | advisory | — |
+
+### `cli`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:ci:crap-score` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:smoke` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:unit` | testing-depth | ✅ required | advisory | — |
+
+### `embedded`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:ci:fuzz` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:sanitizers` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:unit` | testing-depth | ✅ required | advisory | — |
+
+### `frontend`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:ci:a11y` | testing-depth | ✅ required | advisory | `axe` |
+| `audit-harness:ci:contract` | testing-depth | ⚠ conditional | advisory | — |
+| `audit-harness:ci:crap-score` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:e2e` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:unit` | testing-depth | ✅ required | advisory | — |
+
+### `hook`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:conform-hook` | conformance | ✅ required | advisory | `validate-hook` |
+
+### `library`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:ci:cve-osv` | security | ✅ required | advisory | `osv-scanner` |
+| `audit-harness:ci:crap-score` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:property-based` | testing-depth | ⭕ recommended | advisory | — |
+| `audit-harness:ci:unit` | testing-depth | ✅ required | advisory | — |
+
+### `marketplace`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:conform-marketplace` | conformance | ✅ required | advisory | `validate-marketplace` |
+
+### `mcp`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:conform-mcp` | conformance | ✅ required | advisory | `validate-mcp` |
+
+### `monorepo`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:per-package-classify` | testing-depth | ✅ required | advisory | — |
+
+### `plugin`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:conform-plugin` | conformance | ✅ required | advisory | `validate-plugin` |
+| `audit-harness:server:skill-behavioral` | skill-quality | ⭕ recommended | advisory | `j-rig` |
+
+### `service`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:ci:sast` | security | ✅ required | advisory | `semgrep` |
+| `audit-harness:ci:sbom-syft` | security | ⭕ recommended | advisory | `syft` |
+| `audit-harness:ci:contract` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:crap-score` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:integration` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:migration` | testing-depth | ✅ required | advisory | — |
+| `audit-harness:ci:perf` | testing-depth | ⭕ recommended | advisory | — |
+| `audit-harness:ci:unit` | testing-depth | ✅ required | advisory | — |
+
+### `skill`
+
+| Gate | Dimension | Applicability | Enforcement | Tool |
+|---|---|---|---|---|
+| `audit-harness:local:conform-skillmd` | conformance | ✅ required | advisory | `validate-skillmd` |
+| `audit-harness:server:skill-behavioral` | skill-quality | ⭕ recommended | advisory | `j-rig` |
+
+## Overlays
+
+### `regulated`
+
+Compliance overlay (HIPAA/SOX/PCI-DSS/SOC2/GDPR/FedRAMP markers). Promotes recommended security + conformance gates to required and escalates uncovered SHOULD requirements.
+
+Promotes to **required**: `security`, `conformance`.

package/schemas/audit-profile/registry.v1.json

@@ -0,0 +1,87 @@
+{
+  "registry_version": "audit-profile-registry/v1",
+  "description": "THE canonical dimension-to-gate registry: the single datum that answers 'which gates apply to repo-type X, in which dimension, at what applicability'. layer-applicability.md and each repo's TESTING.md are PROJECTIONS of this datum. `classify` resolves the UNION of a repo's detected classifications against this registry and records its sha256 as the audit-profile's registry_hash. Every gate defaults to enforcement=advisory; blocking is earned (engineer-pinned in TESTING.md, FP-rate-gated). applicability mirrors the matrix glyphs: required(✅) recommended(⭕) conditional(⚠) waived(❌).",
+  "base": [
+    { "gate_id": "audit-harness:local:hygiene-readme", "dimension": "hygiene", "applicability": "recommended", "enforcement": "advisory", "result_class_default": "PASS" },
+    { "gate_id": "audit-harness:local:hygiene-links", "dimension": "hygiene", "applicability": "recommended", "enforcement": "advisory", "tool": "lychee", "result_class_default": "INDETERMINATE" },
+    { "gate_id": "audit-harness:local:hygiene-markdown", "dimension": "hygiene", "applicability": "recommended", "enforcement": "advisory", "tool": "markdownlint" },
+    { "gate_id": "audit-harness:ci:secrets-gitleaks", "dimension": "security", "applicability": "recommended", "enforcement": "advisory", "tool": "gitleaks", "result_class_default": "INDETERMINATE" },
+    { "gate_id": "audit-harness:ci:cve-osv", "dimension": "security", "applicability": "recommended", "enforcement": "advisory", "tool": "osv-scanner", "result_class_default": "INDETERMINATE" }
+  ],
+  "classifications": {
+    "service": [
+      { "gate_id": "audit-harness:ci:unit", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:crap-score", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:integration", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:contract", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:migration", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:sast", "dimension": "security", "applicability": "required", "enforcement": "advisory", "tool": "semgrep" },
+      { "gate_id": "audit-harness:ci:sbom-syft", "dimension": "security", "applicability": "recommended", "enforcement": "advisory", "tool": "syft" },
+      { "gate_id": "audit-harness:ci:perf", "dimension": "testing-depth", "applicability": "recommended", "enforcement": "advisory" }
+    ],
+    "api": [
+      { "gate_id": "audit-harness:ci:unit", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:crap-score", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:integration", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:contract", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:local:conform-openapi", "dimension": "conformance", "applicability": "required", "enforcement": "advisory", "tool": "spectral" },
+      { "gate_id": "audit-harness:ci:sast", "dimension": "security", "applicability": "required", "enforcement": "advisory", "tool": "semgrep" }
+    ],
+    "frontend": [
+      { "gate_id": "audit-harness:ci:unit", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:crap-score", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:e2e", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:a11y", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory", "tool": "axe" },
+      { "gate_id": "audit-harness:ci:contract", "dimension": "testing-depth", "applicability": "conditional", "enforcement": "advisory" }
+    ],
+    "cli": [
+      { "gate_id": "audit-harness:ci:unit", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:crap-score", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:smoke", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" }
+    ],
+    "library": [
+      { "gate_id": "audit-harness:ci:unit", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:crap-score", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:property-based", "dimension": "testing-depth", "applicability": "recommended", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:cve-osv", "dimension": "security", "applicability": "required", "enforcement": "advisory", "tool": "osv-scanner", "result_class_default": "INDETERMINATE" }
+    ],
+    "embedded": [
+      { "gate_id": "audit-harness:ci:unit", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:fuzz", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" },
+      { "gate_id": "audit-harness:ci:sanitizers", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" }
+    ],
+    "monorepo": [
+      { "gate_id": "audit-harness:local:per-package-classify", "dimension": "testing-depth", "applicability": "required", "enforcement": "advisory" }
+    ],
+    "skill": [
+      { "gate_id": "audit-harness:local:conform-skillmd", "dimension": "conformance", "applicability": "required", "enforcement": "advisory", "tool": "validate-skillmd" },
+      { "gate_id": "audit-harness:server:skill-behavioral", "dimension": "skill-quality", "applicability": "recommended", "enforcement": "advisory", "tool": "j-rig" }
+    ],
+    "agent": [
+      { "gate_id": "audit-harness:local:conform-agent", "dimension": "conformance", "applicability": "required", "enforcement": "advisory", "tool": "validate-agent" }
+    ],
+    "hook": [
+      { "gate_id": "audit-harness:local:conform-hook", "dimension": "conformance", "applicability": "required", "enforcement": "advisory", "tool": "validate-hook" }
+    ],
+    "mcp": [
+      { "gate_id": "audit-harness:local:conform-mcp", "dimension": "conformance", "applicability": "required", "enforcement": "advisory", "tool": "validate-mcp" }
+    ],
+    "plugin": [
+      { "gate_id": "audit-harness:local:conform-plugin", "dimension": "conformance", "applicability": "required", "enforcement": "advisory", "tool": "validate-plugin" },
+      { "gate_id": "audit-harness:server:skill-behavioral", "dimension": "skill-quality", "applicability": "recommended", "enforcement": "advisory", "tool": "j-rig" }
+    ],
+    "marketplace": [
+      { "gate_id": "audit-harness:local:conform-marketplace", "dimension": "conformance", "applicability": "required", "enforcement": "advisory", "tool": "validate-marketplace" }
+    ],
+    "action": [
+      { "gate_id": "audit-harness:local:conform-action", "dimension": "conformance", "applicability": "required", "enforcement": "advisory", "tool": "yamllint" },
+      { "gate_id": "audit-harness:ci:smoke", "dimension": "testing-depth", "applicability": "recommended", "enforcement": "advisory" }
+    ]
+  },
+  "overlays": {
+    "regulated": {
+      "description": "Compliance overlay (HIPAA/SOX/PCI-DSS/SOC2/GDPR/FedRAMP markers). Promotes recommended security + conformance gates to required and escalates uncovered SHOULD requirements.",
+      "promote_to_required": ["security", "conformance"]
+    }
+  }
+}

package/schemas/audit-profile/v1.schema.json

@@ -0,0 +1,294 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://evals.intentsolutions.io/audit-profile/v1.schema.json",
+  "title": "Audit Profile (v1)",
+  "description": "Closed, versioned, hash-bearing value describing the audit profile of a repository: the UNION of detected classifications, the resolved gate set (each with applicability + enforcement + dimension), and the explicit unresolved residue. Produced by `audit-harness classify` as read-only stdout JSON; the classifier NEVER mutates the repo. A profile is a deterministic function of (repo contents at commit_sha, the canonical dimension-to-gate registry pinned by registry_hash, and any engineer .audit-harness.yml overrides). Mirrors the gate-result/v1 closed-value conventions (additionalProperties:false, version-in-$id) so the two predicates compose in one Evidence Bundle.",
+  "type": "object",
+  "required": [
+    "schema_version",
+    "subject",
+    "classifier",
+    "registry_hash",
+    "timestamp",
+    "classifications",
+    "gates",
+    "unresolved"
+  ],
+  "additionalProperties": false,
+  "properties": {
+    "schema_version": {
+      "description": "Self-describing schema identity. MUST equal the version segment of $id.",
+      "const": "audit-profile/v1"
+    },
+    "subject": {
+      "description": "Identity of the repository (or monorepo package) the profile was computed for.",
+      "type": "object",
+      "required": [
+        "name",
+        "commit_sha"
+      ],
+      "additionalProperties": false,
+      "properties": {
+        "name": {
+          "type": "string",
+          "description": "Repository or package name (e.g. 'audit-harness', '@j-rig/core').",
+          "minLength": 1
+        },
+        "commit_sha": {
+          "type": "string",
+          "description": "Git commit SHA the classification was computed against. Full 40-hex or short 7-hex.",
+          "pattern": "^[a-f0-9]{7,40}$"
+        },
+        "root": {
+          "type": "string",
+          "description": "Repo-relative path of the classified root. '.' for the repo root; a package path (e.g. 'packages/core') for a monorepo member classified independently.",
+          "default": "."
+        }
+      }
+    },
+    "classifier": {
+      "type": "string",
+      "description": "Tool + semver identifier that produced the profile. Same shape as gate-result/v1 'runner'.",
+      "pattern": "^[a-z0-9][a-z0-9-]*@[0-9]+\\.[0-9]+\\.[0-9]+(-[A-Za-z0-9.-]+)?(\\+[A-Za-z0-9.-]+)?$",
+      "examples": [
+        "audit-harness@1.2.0"
+      ]
+    },
+    "registry_hash": {
+      "type": "string",
+      "description": "SHA-256 of the canonical dimension-to-gate registry datum the profile was resolved against, prefixed sha256:. The registry is the single canonical source of 'which gates apply to repo-type X'; layer-applicability.md and TESTING.md are projections of it. Recording its hash makes a profile reproducible against the exact registry version.",
+      "pattern": "^sha256:[a-f0-9]{64}$"
+    },
+    "timestamp": {
+      "type": "string",
+      "format": "date-time",
+      "description": "RFC 3339 UTC timestamp. Moment the classifier emitted the profile."
+    },
+    "classifications": {
+      "type": "array",
+      "description": "The UNION of all repo-type classifications detected (NOT a single winner). A repo that is a TS monorepo AND ships SKILL.md AND an MCP server carries all three entries; picking one silently drops the others' gates (a false-negative, worse than a false-positive).",
+      "minItems": 1,
+      "items": {
+        "$ref": "#/$defs/classification"
+      }
+    },
+    "dimensions": {
+      "type": "array",
+      "description": "Convenience projection: the distinct audit dimensions covered by the resolved gates. Derivable from gates[].dimension; consumers MUST treat gates[] as authoritative.",
+      "items": {
+        "$ref": "#/$defs/dimension"
+      },
+      "uniqueItems": true
+    },
+    "gates": {
+      "type": "array",
+      "description": "The resolved gate set for this repo: every gate the registry maps to the detected classifications, each tagged with applicability (from the registry) and enforcement (advisory by default; blocking only when engineer-pinned in TESTING.md and FP-rate-gated).",
+      "items": {
+        "$ref": "#/$defs/gate"
+      }
+    },
+    "unresolved": {
+      "type": "array",
+      "description": "The explicit residue the DETERMINISTIC classifier could not resolve. This is the ONLY surface a Claude inspector (/audit-tests) may refine — it never co-authors the deterministic classification value, so CI stays reproducible. An empty array means a fully deterministic profile.",
+      "items": {
+        "$ref": "#/$defs/unresolved_item"
+      }
+    },
+    "overrides": {
+      "type": "object",
+      "description": "Engineer-owned .audit-harness.yml directives that influenced this profile (classification pins, per-gate advisory/disable toggles, kill-switch). Informative provenance; the effect is already baked into classifications[] and gates[].",
+      "additionalProperties": false,
+      "properties": {
+        "source": {
+          "type": "string",
+          "description": "Path of the override file applied, repo-relative.",
+          "examples": [
+            ".audit-harness.yml"
+          ]
+        },
+        "override_hash": {
+          "type": "string",
+          "description": "SHA-256 of the applied override file, prefixed sha256:.",
+          "pattern": "^sha256:[a-f0-9]{64}$"
+        },
+        "kill_switch": {
+          "type": "boolean",
+          "description": "True when AUDIT_HARNESS_DISABLE=1 or the override file disabled all gates. A killed profile still emits classifications for visibility but marks every gate enforcement=disabled.",
+          "default": false
+        }
+      }
+    }
+  },
+  "$defs": {
+    "dimension": {
+      "type": "string",
+      "description": "The comprehensive audit dimensions. testing-depth = the 7-layer pyramid; conformance = artifact/schema/protocol validation; currency = upstream-drift (advisory only); security = supply-chain; hygiene = repo docs/links/changelog; skill-quality = behavioral verdicts consumed from j-rig.",
+      "enum": [
+        "testing-depth",
+        "conformance",
+        "currency",
+        "security",
+        "hygiene",
+        "skill-quality"
+      ]
+    },
+    "classification": {
+      "type": "object",
+      "required": [
+        "kind",
+        "confidence"
+      ],
+      "additionalProperties": false,
+      "properties": {
+        "kind": {
+          "type": "string",
+          "description": "Repo-type or artifact-kind classification. The first block mirrors layer-applicability.md repo types; the second covers Claude-ecosystem artifact kinds; 'regulated' is an overlay that escalates gate severity.",
+          "enum": [
+            "service",
+            "api",
+            "frontend",
+            "cli",
+            "library",
+            "embedded",
+            "monorepo",
+            "regulated",
+            "skill",
+            "agent",
+            "hook",
+            "mcp",
+            "plugin",
+            "marketplace",
+            "action",
+            "unknown"
+          ]
+        },
+        "confidence": {
+          "type": "string",
+          "description": "How the classification was reached. 'declared' = an explicit engineer override/marker; 'detected' = an unambiguous deterministic signal; 'inferred' = a weaker heuristic; 'unresolved' = the classifier could not decide (a matching entry MUST appear in unresolved[]).",
+          "enum": [
+            "declared",
+            "detected",
+            "inferred",
+            "unresolved"
+          ]
+        },
+        "signals": {
+          "type": "array",
+          "description": "Deterministic evidence for the classification (e.g. 'package.json:react', 'SKILL.md present', 'pnpm-workspace.yaml').",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    },
+    "gate": {
+      "type": "object",
+      "required": [
+        "gate_id",
+        "dimension",
+        "applicability",
+        "enforcement"
+      ],
+      "additionalProperties": false,
+      "properties": {
+        "gate_id": {
+          "type": "string",
+          "description": "Pipeline-hop-qualified gate identifier, same regex as gate-result/v1 gate_id (tool:side:gate-id). The gate-result row a run later emits for this gate MUST carry the same gate_id.",
+          "pattern": "^[a-z0-9][a-z0-9-]*:(client|server|ci|sandbox|local):[a-zA-Z0-9][a-zA-Z0-9.-]*$",
+          "examples": [
+            "audit-harness:ci:crap-score",
+            "audit-harness:local:conform-skillmd",
+            "audit-harness:ci:secrets-gitleaks"
+          ]
+        },
+        "dimension": {
+          "$ref": "#/$defs/dimension"
+        },
+        "applicability": {
+          "type": "string",
+          "description": "From the registry, given the detected classifications. required = P0 (✅); recommended = P1 advisory (⭕); conditional = fires P0/P1 only if a sibling signal is present (⚠); waived = not run for this repo type (❌).",
+          "enum": [
+            "required",
+            "recommended",
+            "conditional",
+            "waived"
+          ]
+        },
+        "enforcement": {
+          "type": "string",
+          "description": "What a FAIL does. New gates ship 'advisory' (exit 0, finding logged). 'blocking' is earned: an engineer pins it in the hash-pinned TESTING.md after the gate shows a measured false-positive rate below the stated bar on the IEP corpus. 'disabled' = waived or kill-switched.",
+          "enum": [
+            "blocking",
+            "advisory",
+            "disabled"
+          ]
+        },
+        "result_class_default": {
+          "type": "string",
+          "description": "The result class a successful no-finding run would emit (informative). INDETERMINATE is reserved for infra failures (≠ policy failure): pure-local policy gates fail closed (FAIL); network-touching checks fail open/advisory (INDETERMINATE).",
+          "enum": [
+            "PASS",
+            "FAIL",
+            "ADVISORY",
+            "NOT_APPLICABLE",
+            "INDETERMINATE"
+          ]
+        },
+        "tool": {
+          "type": "string",
+          "description": "External tool this gate shells out to, if any (e.g. 'gitleaks', 'osv-scanner', 'spectral', 'ajv', 'markdownlint', 'lychee'). Absent for native/policy gates. A missing tool at run-time yields an 'unmeasured' gate-result, not a FAIL.",
+          "examples": [
+            "gitleaks",
+            "osv-scanner",
+            "spectral"
+          ]
+        }
+      },
+      "allOf": [
+        {
+          "if": {
+            "properties": {
+              "applicability": {
+                "const": "waived"
+              }
+            }
+          },
+          "then": {
+            "properties": {
+              "enforcement": {
+                "const": "disabled"
+              }
+            }
+          }
+        }
+      ]
+    },
+    "unresolved_item": {
+      "type": "object",
+      "required": [
+        "kind",
+        "reason"
+      ],
+      "additionalProperties": false,
+      "properties": {
+        "kind": {
+          "type": "string",
+          "description": "What could not be resolved (e.g. 'repo-type', 'monorepo-package-boundary', 'is-published-library').",
+          "minLength": 1
+        },
+        "reason": {
+          "type": "string",
+          "description": "Why the deterministic classifier abstained — the question a human (or /audit-tests) must answer.",
+          "minLength": 1
+        },
+        "candidates": {
+          "type": "array",
+          "description": "The candidate classifications the classifier was torn between, if any.",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    }
+  }
+}

package/schemas/conform/v1/agent-frontmatter.schema.json

@@ -0,0 +1,24 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://evals.intentsolutions.io/conform/v1/agent-frontmatter.schema.json",
+  "title": "Subagent definition frontmatter — deterministic structural floor (conform/v1)",
+  "description": "The DETERMINISTIC STRUCTURAL FLOOR for a Claude subagent definition (.md with YAML frontmatter): it parses and carries name + description. tools/model are type-checked when present. Trigger-precision + tool-allowlist-tightness judgment stays in /validate-agent. additionalProperties:true for forward-compat.",
+  "type": "object",
+  "required": ["name", "description"],
+  "additionalProperties": true,
+  "properties": {
+    "name": {
+      "type": "string",
+      "minLength": 1,
+      "pattern": "^[a-zA-Z0-9][a-zA-Z0-9_-]*$"
+    },
+    "description": { "type": "string", "minLength": 1 },
+    "tools": {
+      "anyOf": [
+        { "type": "string" },
+        { "type": "array", "items": { "type": "string" } }
+      ]
+    },
+    "model": { "type": "string" }
+  }
+}

package/schemas/conform/v1/mcp-config.schema.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://evals.intentsolutions.io/conform/v1/mcp-config.schema.json",
+  "title": ".mcp.json MCP server config — deterministic structural floor (conform/v1)",
+  "description": "The DETERMINISTIC STRUCTURAL FLOOR for a Claude .mcp.json: it parses, declares an mcpServers map, and each declared server is launchable (carries either a `command` for a stdio server or a `url` for a remote sse/http server). Server entries keep additionalProperties:true for forward-compat with newer transport fields; the floor only asserts the launch contract + types of known keys.",
+  "type": "object",
+  "required": ["mcpServers"],
+  "additionalProperties": true,
+  "properties": {
+    "mcpServers": {
+      "type": "object",
+      "additionalProperties": {
+        "type": "object",
+        "additionalProperties": true,
+        "anyOf": [
+          { "required": ["command"] },
+          { "required": ["url"] }
+        ],
+        "properties": {
+          "command": { "type": "string", "minLength": 1 },
+          "args": { "type": "array", "items": { "type": "string" } },
+          "env": { "type": "object" },
+          "url": { "type": "string", "minLength": 1 },
+          "type": { "type": "string", "enum": ["stdio", "sse", "http"] },
+          "headers": { "type": "object" },
+          "cwd": { "type": "string" }
+        }
+      }
+    }
+  }
+}

package/schemas/conform/v1/plugin-manifest.schema.json

@@ -0,0 +1,26 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://evals.intentsolutions.io/conform/v1/plugin-manifest.schema.json",
+  "title": ".claude-plugin/plugin.json manifest — deterministic structural floor (conform/v1)",
+  "description": "The DETERMINISTIC STRUCTURAL FLOOR for a Claude plugin manifest: it parses and carries a name. Version/description/author are type-checked when present. The richer catalog-invariant + cross-artifact checks (INV-PLUGIN-SKILL etc.) live in /validate-plugin + the SAK kernel — conform asserts only the manifest floor. additionalProperties:true for forward-compat with the evolving plugin manifest surface.",
+  "type": "object",
+  "required": ["name"],
+  "additionalProperties": true,
+  "properties": {
+    "name": {
+      "type": "string",
+      "minLength": 1,
+      "pattern": "^[a-zA-Z0-9][a-zA-Z0-9_-]*$"
+    },
+    "version": { "type": "string" },
+    "description": { "type": "string" },
+    "author": {
+      "anyOf": [
+        { "type": "string" },
+        { "type": "object" }
+      ]
+    },
+    "license": { "type": "string" },
+    "homepage": { "type": "string" }
+  }
+}