@intentsolutions/audit-harness 1.1.5 → 1.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. package/CHANGELOG.md +71 -0
  2. package/bin/audit-harness.js +90 -0
  3. package/docs/gate-promotion.md +45 -0
  4. package/package.json +3 -1
  5. package/schemas/audit-profile/layer-applicability.md +146 -0
  6. package/schemas/audit-profile/registry.v1.json +87 -0
  7. package/schemas/audit-profile/v1.schema.json +294 -0
  8. package/schemas/conform/v1/agent-frontmatter.schema.json +24 -0
  9. package/schemas/conform/v1/mcp-config.schema.json +31 -0
  10. package/schemas/conform/v1/plugin-manifest.schema.json +26 -0
  11. package/schemas/conform/v1/skillmd-frontmatter.schema.json +40 -0
  12. package/schemas/currency/pins.v1.json +55 -0
  13. package/scripts/audit.py +386 -0
  14. package/scripts/classify.py +403 -0
  15. package/scripts/conform.py +481 -0
  16. package/scripts/currency.py +118 -0
  17. package/scripts/fp-rate.py +145 -0
  18. package/scripts/gen-layer-applicability.py +157 -0
  19. package/scripts/scan.py +228 -0
package/schemas/audit-profile/v1.schema.json ADDED
@@ -0,0 +1,294 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://evals.intentsolutions.io/audit-profile/v1.schema.json",
4
+ "title": "Audit Profile (v1)",
5
+ "description": "Closed, versioned, hash-bearing value describing the audit profile of a repository: the UNION of detected classifications, the resolved gate set (each with applicability + enforcement + dimension), and the explicit unresolved residue. Produced by `audit-harness classify` as read-only stdout JSON; the classifier NEVER mutates the repo. A profile is a deterministic function of (repo contents at commit_sha, the canonical dimension-to-gate registry pinned by registry_hash, and any engineer .audit-harness.yml overrides). Mirrors the gate-result/v1 closed-value conventions (additionalProperties:false, version-in-$id) so the two predicates compose in one Evidence Bundle.",
6
+ "type": "object",
7
+ "required": [
8
+ "schema_version",
9
+ "subject",
10
+ "classifier",
11
+ "registry_hash",
12
+ "timestamp",
13
+ "classifications",
14
+ "gates",
15
+ "unresolved"
16
+ ],
17
+ "additionalProperties": false,
18
+ "properties": {
19
+ "schema_version": {
20
+ "description": "Self-describing schema identity. MUST equal the version segment of $id.",
21
+ "const": "audit-profile/v1"
22
+ },
23
+ "subject": {
24
+ "description": "Identity of the repository (or monorepo package) the profile was computed for.",
25
+ "type": "object",
26
+ "required": [
27
+ "name",
28
+ "commit_sha"
29
+ ],
30
+ "additionalProperties": false,
31
+ "properties": {
32
+ "name": {
33
+ "type": "string",
34
+ "description": "Repository or package name (e.g. 'audit-harness', '@j-rig/core').",
35
+ "minLength": 1
36
+ },
37
+ "commit_sha": {
38
+ "type": "string",
39
+ "description": "Git commit SHA the classification was computed against. Full 40-hex or short 7-hex.",
40
+ "pattern": "^[a-f0-9]{7,40}$"
41
+ },
42
+ "root": {
43
+ "type": "string",
44
+ "description": "Repo-relative path of the classified root. '.' for the repo root; a package path (e.g. 'packages/core') for a monorepo member classified independently.",
45
+ "default": "."
46
+ }
47
+ }
48
+ },
49
+ "classifier": {
50
+ "type": "string",
51
+ "description": "Tool + semver identifier that produced the profile. Same shape as gate-result/v1 'runner'.",
52
+ "pattern": "^[a-z0-9][a-z0-9-]*@[0-9]+\\.[0-9]+\\.[0-9]+(-[A-Za-z0-9.-]+)?(\\+[A-Za-z0-9.-]+)?$",
53
+ "examples": [
54
+ "audit-harness@1.2.0"
55
+ ]
56
+ },
57
+ "registry_hash": {
58
+ "type": "string",
59
+ "description": "SHA-256 of the canonical dimension-to-gate registry datum the profile was resolved against, prefixed sha256:. The registry is the single canonical source of 'which gates apply to repo-type X'; layer-applicability.md and TESTING.md are projections of it. Recording its hash makes a profile reproducible against the exact registry version.",
60
+ "pattern": "^sha256:[a-f0-9]{64}$"
61
+ },
62
+ "timestamp": {
63
+ "type": "string",
64
+ "format": "date-time",
65
+ "description": "RFC 3339 UTC timestamp. Moment the classifier emitted the profile."
66
+ },
67
+ "classifications": {
68
+ "type": "array",
69
+ "description": "The UNION of all repo-type classifications detected (NOT a single winner). A repo that is a TS monorepo AND ships SKILL.md AND an MCP server carries all three entries; picking one silently drops the others' gates (a false-negative, worse than a false-positive).",
70
+ "minItems": 1,
71
+ "items": {
72
+ "$ref": "#/$defs/classification"
73
+ }
74
+ },
75
+ "dimensions": {
76
+ "type": "array",
77
+ "description": "Convenience projection: the distinct audit dimensions covered by the resolved gates. Derivable from gates[].dimension; consumers MUST treat gates[] as authoritative.",
78
+ "items": {
79
+ "$ref": "#/$defs/dimension"
80
+ },
81
+ "uniqueItems": true
82
+ },
83
+ "gates": {
84
+ "type": "array",
85
+ "description": "The resolved gate set for this repo: every gate the registry maps to the detected classifications, each tagged with applicability (from the registry) and enforcement (advisory by default; blocking only when engineer-pinned in TESTING.md and FP-rate-gated).",
86
+ "items": {
87
+ "$ref": "#/$defs/gate"
88
+ }
89
+ },
90
+ "unresolved": {
91
+ "type": "array",
92
+ "description": "The explicit residue the DETERMINISTIC classifier could not resolve. This is the ONLY surface a Claude inspector (/audit-tests) may refine — it never co-authors the deterministic classification value, so CI stays reproducible. An empty array means a fully deterministic profile.",
93
+ "items": {
94
+ "$ref": "#/$defs/unresolved_item"
95
+ }
96
+ },
97
+ "overrides": {
98
+ "type": "object",
99
+ "description": "Engineer-owned .audit-harness.yml directives that influenced this profile (classification pins, per-gate advisory/disable toggles, kill-switch). Informative provenance; the effect is already baked into classifications[] and gates[].",
100
+ "additionalProperties": false,
101
+ "properties": {
102
+ "source": {
103
+ "type": "string",
104
+ "description": "Path of the override file applied, repo-relative.",
105
+ "examples": [
106
+ ".audit-harness.yml"
107
+ ]
108
+ },
109
+ "override_hash": {
110
+ "type": "string",
111
+ "description": "SHA-256 of the applied override file, prefixed sha256:.",
112
+ "pattern": "^sha256:[a-f0-9]{64}$"
113
+ },
114
+ "kill_switch": {
115
+ "type": "boolean",
116
+ "description": "True when AUDIT_HARNESS_DISABLE=1 or the override file disabled all gates. A killed profile still emits classifications for visibility but marks every gate enforcement=disabled.",
117
+ "default": false
118
+ }
119
+ }
120
+ }
121
+ },
122
+ "$defs": {
123
+ "dimension": {
124
+ "type": "string",
125
+ "description": "The comprehensive audit dimensions. testing-depth = the 7-layer pyramid; conformance = artifact/schema/protocol validation; currency = upstream-drift (advisory only); security = supply-chain; hygiene = repo docs/links/changelog; skill-quality = behavioral verdicts consumed from j-rig.",
126
+ "enum": [
127
+ "testing-depth",
128
+ "conformance",
129
+ "currency",
130
+ "security",
131
+ "hygiene",
132
+ "skill-quality"
133
+ ]
134
+ },
135
+ "classification": {
136
+ "type": "object",
137
+ "required": [
138
+ "kind",
139
+ "confidence"
140
+ ],
141
+ "additionalProperties": false,
142
+ "properties": {
143
+ "kind": {
144
+ "type": "string",
145
+ "description": "Repo-type or artifact-kind classification. The first block mirrors layer-applicability.md repo types; the second covers Claude-ecosystem artifact kinds; 'regulated' is an overlay that escalates gate severity.",
146
+ "enum": [
147
+ "service",
148
+ "api",
149
+ "frontend",
150
+ "cli",
151
+ "library",
152
+ "embedded",
153
+ "monorepo",
154
+ "regulated",
155
+ "skill",
156
+ "agent",
157
+ "hook",
158
+ "mcp",
159
+ "plugin",
160
+ "marketplace",
161
+ "action",
162
+ "unknown"
163
+ ]
164
+ },
165
+ "confidence": {
166
+ "type": "string",
167
+ "description": "How the classification was reached. 'declared' = an explicit engineer override/marker; 'detected' = an unambiguous deterministic signal; 'inferred' = a weaker heuristic; 'unresolved' = the classifier could not decide (a matching entry MUST appear in unresolved[]).",
168
+ "enum": [
169
+ "declared",
170
+ "detected",
171
+ "inferred",
172
+ "unresolved"
173
+ ]
174
+ },
175
+ "signals": {
176
+ "type": "array",
177
+ "description": "Deterministic evidence for the classification (e.g. 'package.json:react', 'SKILL.md present', 'pnpm-workspace.yaml').",
178
+ "items": {
179
+ "type": "string"
180
+ }
181
+ }
182
+ }
183
+ },
184
+ "gate": {
185
+ "type": "object",
186
+ "required": [
187
+ "gate_id",
188
+ "dimension",
189
+ "applicability",
190
+ "enforcement"
191
+ ],
192
+ "additionalProperties": false,
193
+ "properties": {
194
+ "gate_id": {
195
+ "type": "string",
196
+ "description": "Pipeline-hop-qualified gate identifier, same regex as gate-result/v1 gate_id (tool:side:gate-id). The gate-result row a run later emits for this gate MUST carry the same gate_id.",
197
+ "pattern": "^[a-z0-9][a-z0-9-]*:(client|server|ci|sandbox|local):[a-zA-Z0-9][a-zA-Z0-9.-]*$",
198
+ "examples": [
199
+ "audit-harness:ci:crap-score",
200
+ "audit-harness:local:conform-skillmd",
201
+ "audit-harness:ci:secrets-gitleaks"
202
+ ]
203
+ },
204
+ "dimension": {
205
+ "$ref": "#/$defs/dimension"
206
+ },
207
+ "applicability": {
208
+ "type": "string",
209
+ "description": "From the registry, given the detected classifications. required = P0 (✅); recommended = P1 advisory (⭕); conditional = fires P0/P1 only if a sibling signal is present (⚠); waived = not run for this repo type (❌).",
210
+ "enum": [
211
+ "required",
212
+ "recommended",
213
+ "conditional",
214
+ "waived"
215
+ ]
216
+ },
217
+ "enforcement": {
218
+ "type": "string",
219
+ "description": "What a FAIL does. New gates ship 'advisory' (exit 0, finding logged). 'blocking' is earned: an engineer pins it in the hash-pinned TESTING.md after the gate shows a measured false-positive rate below the stated bar on the IEP corpus. 'disabled' = waived or kill-switched.",
220
+ "enum": [
221
+ "blocking",
222
+ "advisory",
223
+ "disabled"
224
+ ]
225
+ },
226
+ "result_class_default": {
227
+ "type": "string",
228
+ "description": "The result class a successful no-finding run would emit (informative). INDETERMINATE is reserved for infra failures (≠ policy failure): pure-local policy gates fail closed (FAIL); network-touching checks fail open/advisory (INDETERMINATE).",
229
+ "enum": [
230
+ "PASS",
231
+ "FAIL",
232
+ "ADVISORY",
233
+ "NOT_APPLICABLE",
234
+ "INDETERMINATE"
235
+ ]
236
+ },
237
+ "tool": {
238
+ "type": "string",
239
+ "description": "External tool this gate shells out to, if any (e.g. 'gitleaks', 'osv-scanner', 'spectral', 'ajv', 'markdownlint', 'lychee'). Absent for native/policy gates. A missing tool at run-time yields an 'unmeasured' gate-result, not a FAIL.",
240
+ "examples": [
241
+ "gitleaks",
242
+ "osv-scanner",
243
+ "spectral"
244
+ ]
245
+ }
246
+ },
247
+ "allOf": [
248
+ {
249
+ "if": {
250
+ "properties": {
251
+ "applicability": {
252
+ "const": "waived"
253
+ }
254
+ }
255
+ },
256
+ "then": {
257
+ "properties": {
258
+ "enforcement": {
259
+ "const": "disabled"
260
+ }
261
+ }
262
+ }
263
+ }
264
+ ]
265
+ },
266
+ "unresolved_item": {
267
+ "type": "object",
268
+ "required": [
269
+ "kind",
270
+ "reason"
271
+ ],
272
+ "additionalProperties": false,
273
+ "properties": {
274
+ "kind": {
275
+ "type": "string",
276
+ "description": "What could not be resolved (e.g. 'repo-type', 'monorepo-package-boundary', 'is-published-library').",
277
+ "minLength": 1
278
+ },
279
+ "reason": {
280
+ "type": "string",
281
+ "description": "Why the deterministic classifier abstained — the question a human (or /audit-tests) must answer.",
282
+ "minLength": 1
283
+ },
284
+ "candidates": {
285
+ "type": "array",
286
+ "description": "The candidate classifications the classifier was torn between, if any.",
287
+ "items": {
288
+ "type": "string"
289
+ }
290
+ }
291
+ }
292
+ }
293
+ }
294
+ }
package/schemas/conform/v1/agent-frontmatter.schema.json ADDED
@@ -0,0 +1,24 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://evals.intentsolutions.io/conform/v1/agent-frontmatter.schema.json",
4
+ "title": "Subagent definition frontmatter — deterministic structural floor (conform/v1)",
5
+ "description": "The DETERMINISTIC STRUCTURAL FLOOR for a Claude subagent definition (.md with YAML frontmatter): it parses and carries name + description. tools/model are type-checked when present. Trigger-precision + tool-allowlist-tightness judgment stays in /validate-agent. additionalProperties:true for forward-compat.",
6
+ "type": "object",
7
+ "required": ["name", "description"],
8
+ "additionalProperties": true,
9
+ "properties": {
10
+ "name": {
11
+ "type": "string",
12
+ "minLength": 1,
13
+ "pattern": "^[a-zA-Z0-9][a-zA-Z0-9_-]*$"
14
+ },
15
+ "description": { "type": "string", "minLength": 1 },
16
+ "tools": {
17
+ "anyOf": [
18
+ { "type": "string" },
19
+ { "type": "array", "items": { "type": "string" } }
20
+ ]
21
+ },
22
+ "model": { "type": "string" }
23
+ }
24
+ }
package/schemas/conform/v1/mcp-config.schema.json ADDED
@@ -0,0 +1,31 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://evals.intentsolutions.io/conform/v1/mcp-config.schema.json",
4
+ "title": ".mcp.json MCP server config — deterministic structural floor (conform/v1)",
5
+ "description": "The DETERMINISTIC STRUCTURAL FLOOR for a Claude .mcp.json: it parses, declares an mcpServers map, and each declared server is launchable (carries either a `command` for a stdio server or a `url` for a remote sse/http server). Server entries keep additionalProperties:true for forward-compat with newer transport fields; the floor only asserts the launch contract + types of known keys.",
6
+ "type": "object",
7
+ "required": ["mcpServers"],
8
+ "additionalProperties": true,
9
+ "properties": {
10
+ "mcpServers": {
11
+ "type": "object",
12
+ "additionalProperties": {
13
+ "type": "object",
14
+ "additionalProperties": true,
15
+ "anyOf": [
16
+ { "required": ["command"] },
17
+ { "required": ["url"] }
18
+ ],
19
+ "properties": {
20
+ "command": { "type": "string", "minLength": 1 },
21
+ "args": { "type": "array", "items": { "type": "string" } },
22
+ "env": { "type": "object" },
23
+ "url": { "type": "string", "minLength": 1 },
24
+ "type": { "type": "string", "enum": ["stdio", "sse", "http"] },
25
+ "headers": { "type": "object" },
26
+ "cwd": { "type": "string" }
27
+ }
28
+ }
29
+ }
30
+ }
31
+ }
package/schemas/conform/v1/plugin-manifest.schema.json ADDED
@@ -0,0 +1,26 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://evals.intentsolutions.io/conform/v1/plugin-manifest.schema.json",
4
+ "title": ".claude-plugin/plugin.json manifest — deterministic structural floor (conform/v1)",
5
+ "description": "The DETERMINISTIC STRUCTURAL FLOOR for a Claude plugin manifest: it parses and carries a name. Version/description/author are type-checked when present. The richer catalog-invariant + cross-artifact checks (INV-PLUGIN-SKILL etc.) live in /validate-plugin + the SAK kernel — conform asserts only the manifest floor. additionalProperties:true for forward-compat with the evolving plugin manifest surface.",
6
+ "type": "object",
7
+ "required": ["name"],
8
+ "additionalProperties": true,
9
+ "properties": {
10
+ "name": {
11
+ "type": "string",
12
+ "minLength": 1,
13
+ "pattern": "^[a-zA-Z0-9][a-zA-Z0-9_-]*$"
14
+ },
15
+ "version": { "type": "string" },
16
+ "description": { "type": "string" },
17
+ "author": {
18
+ "anyOf": [
19
+ { "type": "string" },
20
+ { "type": "object" }
21
+ ]
22
+ },
23
+ "license": { "type": "string" },
24
+ "homepage": { "type": "string" }
25
+ }
26
+ }
package/schemas/conform/v1/skillmd-frontmatter.schema.json ADDED
@@ -0,0 +1,40 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://evals.intentsolutions.io/conform/v1/skillmd-frontmatter.schema.json",
4
+ "title": "SKILL.md frontmatter — deterministic structural floor (conform/v1)",
5
+ "description": "The DETERMINISTIC STRUCTURAL FLOOR for a SKILL.md frontmatter block: it parses, carries the Anthropic-spec required pair (name + description), and the known optional fields are the right type. This is NOT the IS 100-point marketplace rubric or the 8-field enterprise required set — that grading is judgment-bearing and stays in /validate-skillmd (Tier 1) + the SAK authoring kernel. conform validates the floor; Claude adds judgment on top. additionalProperties is true because SKILL.md frontmatter is intentionally extensible (model, effort, context, hooks, metadata, user-invocable, etc.).",
6
+ "type": "object",
7
+ "required": ["name", "description"],
8
+ "additionalProperties": true,
9
+ "properties": {
10
+ "name": {
11
+ "type": "string",
12
+ "minLength": 1,
13
+ "pattern": "^[a-zA-Z0-9][a-zA-Z0-9_-]*$"
14
+ },
15
+ "description": {
16
+ "type": "string",
17
+ "minLength": 1
18
+ },
19
+ "allowed-tools": {
20
+ "anyOf": [
21
+ { "type": "string" },
22
+ { "type": "array", "items": { "type": "string" } }
23
+ ]
24
+ },
25
+ "disallowed-tools": {
26
+ "anyOf": [
27
+ { "type": "string" },
28
+ { "type": "array", "items": { "type": "string" } }
29
+ ]
30
+ },
31
+ "version": { "type": "string" },
32
+ "author": { "type": "string" },
33
+ "license": { "type": "string" },
34
+ "compatibility": { "type": "string", "maxLength": 500 },
35
+ "tags": { "type": "array", "items": { "type": "string" } },
36
+ "user-invocable": { "type": "boolean" },
37
+ "disable-model-invocation": { "type": "boolean" },
38
+ "argument-hint": { "type": "string" }
39
+ }
40
+ }
package/schemas/currency/pins.v1.json ADDED
@@ -0,0 +1,55 @@
1
+ {
2
+ "pins_version": "currency-pins/v1",
3
+ "description": "Per-upstream-identity pin relation. Each upstream the harness/skills depend on carries ITS OWN pinned version + the date it was last verified against upstream (checked_at) + a staleness window. The `currency` advisory report reads this datum and flags pins whose checked_at is older than their window — i.e. it makes the PIN'S OWN STALENESS detectable, without ever live-fetching. Currency is advisory-only: it reports + (in /sync-testing-harness) opens PRs; it has no exit-code authority and never auto-fixes. Updating a pin (after a human re-verifies against upstream) is an engineer edit to this file + a fresh checked_at.",
4
+ "default_staleness_window_days": 90,
5
+ "pins": [
6
+ {
7
+ "identity": "mcp-spec",
8
+ "pinned_version": "2025-06-18",
9
+ "source": "https://spec.modelcontextprotocol.io/ (protocol revision)",
10
+ "checked_at": "2026-06-06",
11
+ "staleness_window_days": 90,
12
+ "notes": "MCP protocol spec revision the .mcp.json conform schema targets."
13
+ },
14
+ {
15
+ "identity": "skill-md-schema",
16
+ "pinned_version": "3.7.0",
17
+ "source": "claude-code-plugins 000-docs/SCHEMA_CHANGELOG.md",
18
+ "checked_at": "2026-06-06",
19
+ "staleness_window_days": 90,
20
+ "notes": "IS SKILL.md schema the conform skillmd-frontmatter floor tracks (full rubric stays in /validate-skillmd)."
21
+ },
22
+ {
23
+ "identity": "claude-code",
24
+ "pinned_version": "2.1.152",
25
+ "source": "https://code.claude.com/docs/en/changelog",
26
+ "checked_at": "2026-06-06",
27
+ "staleness_window_days": 60,
28
+ "notes": "Claude Code release (added disallowed-tools frontmatter at 2.1.152)."
29
+ },
30
+ {
31
+ "identity": "gate-result-predicate",
32
+ "pinned_version": "v1",
33
+ "source": "@intentsolutions/core gate-result/v1 (https://evals.intentsolutions.io/gate-result/v1)",
34
+ "checked_at": "2026-06-06",
35
+ "staleness_window_days": 180,
36
+ "notes": "Evidence Bundle predicate every gate emits against. Immutable URI; bump = new version, never overwrite."
37
+ },
38
+ {
39
+ "identity": "anthropic-sdk",
40
+ "pinned_version": "unverified",
41
+ "source": "https://github.com/anthropics/anthropic-sdk-python (+ -typescript)",
42
+ "checked_at": "2026-06-06",
43
+ "staleness_window_days": 90,
44
+ "notes": "Anthropic SDK surface referenced by downstream skills; pinned_version=unverified until first deliberate verification."
45
+ },
46
+ {
47
+ "identity": "agentskills-spec",
48
+ "pinned_version": "1.0.0",
49
+ "source": "https://agentskills.io/specification",
50
+ "checked_at": "2026-06-06",
51
+ "staleness_window_days": 90,
52
+ "notes": "Open SKILL.md standard (compatibility/metadata/license fields)."
53
+ }
54
+ ]
55
+ }