@qball-inc/the-bulwark 1.0.0

package/skills/anthropic-validator/references/skills-checklist.md

@@ -0,0 +1,85 @@
+# Skills Validation Checklist (Fallback)
+
+This checklist is used when dynamic documentation fetch fails. May be outdated - prefer fetched standards.
+
+**Last Updated**: 2026-01-17
+
+---
+
+## Frontmatter Requirements
+
+### Required Fields
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `name` | string | Skill name, must match directory name |
+| `description` | string | Concise explanation of skill purpose |
+
+### Optional Fields
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `user-invocable` | boolean | `true` to show in `/` menu, `false` to hide |
+| `agent` | string | Model selection: `haiku`, `sonnet`, `opus` |
+| `context` | string | `fork` for isolated execution |
+| `skills` | array | Skills to load when this skill runs |
+| `tools` | array | Tools allowed for this skill |
+| `hooks` | object | Skill-scoped hooks |
+
+---
+
+## File Structure
+
+### Required
+
+- `SKILL.md` in `skills/{skill-name}/` directory
+- Name in frontmatter matches directory name
+
+### Optional
+
+- `references/` subdirectory for supporting files
+- Additional markdown files for sections
+
+---
+
+## Content Guidelines
+
+### Critical Rules
+
+- [ ] Frontmatter is valid YAML between `---` markers
+- [ ] `name` field matches directory name exactly
+- [ ] `description` field is present and non-empty
+- [ ] SKILL.md is under 500 lines (recommended)
+
+### High Priority
+
+- [ ] `user-invocable` is boolean if present
+- [ ] `agent` is one of: `haiku`, `sonnet`, `opus` if present
+- [ ] `context` is `fork` if present (no other values)
+- [ ] `skills` is array of strings if present
+- [ ] `tools` is array of valid tool names if present
+
+### Medium Priority
+
+- [ ] Description explains when to use the skill
+- [ ] Clear section structure with headers
+- [ ] Examples provided where appropriate
+
+### Low Priority
+
+- [ ] Consistent formatting
+- [ ] No dead links in references
+- [ ] Related skills section included
+
+---
+
+## Common Violations
+
+| Violation | Severity | Remediation |
+|-----------|----------|-------------|
+| Missing `name` | Critical | Add `name: skill-name` to frontmatter |
+| Missing `description` | Critical | Add `description: ...` to frontmatter |
+| Name mismatch | Critical | Ensure name matches directory |
+| Invalid `agent` value | High | Use `haiku`, `sonnet`, or `opus` |
+| Non-boolean `user-invocable` | High | Use `true` or `false` |
+| Missing frontmatter | Critical | Add `---` markers with YAML |

package/skills/assertion-patterns/SKILL.md

@@ -0,0 +1,296 @@
+---
+name: assertion-patterns
+description: Real output verification vs mock calls. Use when transforming T1-T4 violating tests to verify observable behavior.
+user-invocable: false
+---
+
+# Assertion Patterns
+
+## Purpose
+
+Transform T1-T4 violating assertions into real behavior verification. This skill provides
+pattern libraries for converting mock-based tests to tests that verify observable output.
+
+## When to Use
+
+Load this skill when:
+- Rewriting tests flagged by test-audit
+- Generating verification scripts via bulwark-verify skill
+- Implementing test-audit Step 7 rewrites
+
+---
+
+## Prerequisite Checks (T0) - CRITICAL
+
+**Before checking T1-T4 violations, verify these prerequisites. Tests failing these checks
+are "testing nothing real" - they pass but provide zero confidence.**
+
+### T0.1: Production Module Imports
+
+Test files MUST import functions from actual production modules.
+
+| Valid | Invalid |
+|-------|---------|
+| `import { calculate } from '../src/calculator'` | Function defined within test file |
+| `from calculator import add` | `def add(a, b): return a + b` in test |
+
+**Detection:**
+- Scan test file for function definitions
+- Check if tested functions are imported vs defined inline
+- Flag if test calls functions not imported from production code
+
+**Violation Response:**
+> "Test defines production logic inline. Move `{function_name}` to production module
+> and import it. Tests should verify production code, not self-defined code."
+
+### T0.2: Separation of Concerns
+
+Test files MUST NOT contain functions representing production logic.
+
+**Allowed in test files:**
+- Test functions (`test_*`, `it()`, `describe()`)
+- Test helpers/fixtures (`make_*`, `create_*`, `setup_*`)
+- Mock factories (`mock_*`, `fake_*`, `stub_*`)
+- Pytest fixtures (`@pytest.fixture`)
+
+**Not allowed:**
+- Business logic functions
+- Utility functions that should be in production
+- Any function that would make sense in `src/`
+
+**Detection:**
+- Identify all function definitions in test file
+- Check naming patterns against allowed prefixes
+- Flag functions that don't match test/helper patterns
+
+### T0.3: Function Naming Conventions
+
+Functions in test files should follow specific naming patterns.
+
+| Legitimate Prefixes | Purpose |
+|---------------------|---------|
+| `test_*` | Test functions (pytest) |
+| `_*` (underscore) | Private helpers |
+| `pytest_*` | Pytest hooks |
+| `make_*`, `create_*` | Factory helpers |
+| `mock_*`, `fake_*`, `stub_*` | Mock factories |
+| `setup_*`, `teardown_*` | Lifecycle helpers |
+
+**Any other function definition raises suspicion** - likely production code incorrectly
+placed in test files.
+
+---
+
+## Pattern Categories
+
+### 1. Function Call Verification
+
+| Anti-Pattern (Mock) | Real Pattern |
+|---------------------|--------------|
+| `expect(fn).toHaveBeenCalled()` | `const result = fn(); expect(result).toBe(expected)` |
+| `expect(fn).toHaveBeenCalledWith(arg)` | `const result = fn(arg); expect(result.field).toBeDefined()` |
+| `jest.spyOn(module, 'fn').mockReturnValue(x)` | `const result = module.fn(); expect(result).toBe(expected)` |
+
+**Transformation example:**
+```javascript
+// BEFORE (T1 violation - mocking system under test)
+jest.spyOn(calculator, 'add').mockReturnValue(5);
+expect(calculator.add(2, 3)).toBe(5);
+
+// AFTER (real verification)
+expect(calculator.add(2, 3)).toBe(5);  // Actually runs add()
+```
+
+### 2. Process Spawn Verification
+
+| Anti-Pattern (Mock) | Real Pattern |
+|---------------------|--------------|
+| `jest.spyOn(cp, 'spawn').mockReturnValue(mockProc)` | `const proc = spawn(...); await waitForReady(proc)` |
+| `expect(spawn).toHaveBeenCalled()` | `expect(await isPortOpen(PORT)).toBe(true)` |
+| `expect(spawn).toHaveBeenCalledWith(cmd, args)` | `const output = execSync(cmd); expect(output).toContain(expected)` |
+
+**Transformation example:**
+```javascript
+// BEFORE (T1 violation - mocking spawn)
+const mockProcess = { on: jest.fn(), stdout: mockStream };
+jest.spyOn(child_process, 'spawn').mockReturnValue(mockProcess);
+await startProxy();
+expect(child_process.spawn).toHaveBeenCalledWith('proxy', ['--port', '8080']);
+
+// AFTER (real verification)
+await startProxy();
+expect(await checkPort(8080)).toBe(true);  // Port actually open
+const response = await fetch('http://localhost:8080/health');
+expect(response.status).toBe(200);  // Proxy actually responds
+```
+
+### 3. File Operation Verification
+
+| Anti-Pattern (Mock) | Real Pattern |
+|---------------------|--------------|
+| `jest.mock('fs')` | Use real fs with temp directory |
+| `expect(fs.writeFile).toHaveBeenCalled()` | `expect(fs.existsSync(path)).toBe(true)` |
+| `expect(fs.readFile).toHaveBeenCalledWith(path)` | `const content = fs.readFileSync(path); expect(content).toContain('expected')` |
+
+**Transformation example:**
+```javascript
+// BEFORE (T2 violation - call-only assertion)
+await saveConfig(config);
+expect(fs.writeFile).toHaveBeenCalled();
+
+// AFTER (result verification)
+await saveConfig(config);
+expect(fs.existsSync(configPath)).toBe(true);
+const saved = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+expect(saved.setting).toBe(config.setting);
+```
+
+### 4. HTTP Request Verification
+
+| Anti-Pattern (Mock) | Real Pattern |
+|---------------------|--------------|
+| `jest.mock('node-fetch')` | Use MSW or test server |
+| `expect(fetch).toHaveBeenCalledWith(url)` | `const resp = await fetch(url); expect(resp.status).toBe(200)` |
+| Mock response data | Actual response from test server |
+
+**Transformation example:**
+```javascript
+// BEFORE (T3 violation - mocking integration boundary)
+jest.mock('node-fetch');
+fetch.mockResolvedValue({ json: () => ({ id: 1 }) });
+const user = await fetchUser(1);
+expect(fetch).toHaveBeenCalledWith('/api/users/1');
+
+// AFTER (real integration with MSW)
+import { setupServer } from 'msw/node';
+import { rest } from 'msw';
+
+const server = setupServer(
+  rest.get('/api/users/:id', (req, res, ctx) => {
+    return res(ctx.json({ id: req.params.id, name: 'Test User' }));
+  })
+);
+
+beforeAll(() => server.listen());
+afterAll(() => server.close());
+
+const user = await fetchUser(1);  // Real fetch, intercepted at network level
+expect(user.name).toBe('Test User');
+```
+
+### 5. Database Verification
+
+| Anti-Pattern (Mock) | Real Pattern |
+|---------------------|--------------|
+| `expect(db.save).toHaveBeenCalled()` | `await db.save(data); const found = await db.find(id); expect(found).toBeDefined()` |
+| `expect(db.delete).toHaveBeenCalledWith(id)` | `await db.delete(id); expect(await db.find(id)).toBeNull()` |
+| `jest.mock('./database')` | Use test database instance |
+
+**Transformation example:**
+```javascript
+// BEFORE (T2 violation - call-only)
+await saveUser(user);
+expect(db.insert).toHaveBeenCalledWith('users', user);
+
+// AFTER (result verification)
+await saveUser(user);
+const saved = await db.findOne('users', { id: user.id });
+expect(saved).toBeDefined();
+expect(saved.email).toBe(user.email);
+```
+
+---
+
+## T1-T4 Transformation Rules
+
+### T1: Mock System Under Test -> Remove mock, verify real output
+
+The system under test should NEVER be mocked. Remove the mock and verify actual behavior.
+
+```javascript
+// T1 violation: Mocking the function being tested
+jest.spyOn(calculator, 'add').mockReturnValue(5);
+expect(calculator.add(2, 3)).toBe(5);  // Always passes regardless of implementation
+
+// Fixed: Test real implementation
+expect(calculator.add(2, 3)).toBe(5);  // Fails if add() is broken
+```
+
+### T2: Call-Only Assertion -> Add result assertion
+
+Verifying a function was called is insufficient. Verify the RESULT of that call.
+
+```javascript
+// T2 violation: Only checks call happened
+await saveConfig(config);
+expect(db.save).toHaveBeenCalled();  // Passes even if wrong data saved
+
+// Fixed: Verify the actual saved data
+await saveConfig(config);
+const saved = await db.find(config.id);
+expect(saved.value).toBe(config.value);  // Fails if wrong data saved
+```
+
+### T3: Mock Integration Boundary -> Use test infrastructure
+
+Integration tests should test real integration. Use MSW, test servers, or in-memory DBs.
+
+```javascript
+// T3 violation: Mocking HTTP in integration test
+jest.mock('node-fetch');
+const data = await fetchUserData(id);  // Not testing real HTTP
+
+// Fixed: Use MSW to intercept at network level
+const server = setupServer(rest.get('/api/user/:id', handler));
+const data = await fetchUserData(id);  // Real fetch, real HTTP, controlled response
+```
+
+### T3+: Broken Integration Chain -> Chain real function outputs
+
+Integration tests should chain real outputs through the pipeline.
+
+```javascript
+// T3+ violation: Using mock data instead of real output
+const mockOrder = { id: 1, items: [{ sku: 'ABC', qty: 2 }] };
+await processOrder(mockOrder);  // Not testing real order creation
+
+// Fixed: Chain real function outputs
+const order = await createOrder({ sku: 'ABC', qty: 2 });  // Real order
+await processOrder(order);  // Processes real order data
+const result = await getOrderStatus(order.id);
+expect(result.status).toBe('processed');
+```
+
+---
+
+## Quick Reference: Violation to Pattern
+
+| Violation | Pattern Category | Fix Strategy |
+|-----------|------------------|--------------|
+| T0.1 | Prerequisites | Move function to production, import it |
+| T0.2 | Prerequisites | Extract non-test functions to src/ |
+| T0.3 | Prerequisites | Rename or move functions |
+| T1 | Function Call | Remove mock, call real function |
+| T2 | Any category | Add result assertion after call |
+| T3 | HTTP/DB/Process | Use MSW, test DB, or spawn real process |
+| T3+ | Integration Chain | Chain real outputs, don't pass mocks |
+
+---
+
+## Diagnostic Output
+
+Write diagnostic output to `logs/diagnostics/assertion-patterns-{YYYYMMDD-HHMMSS}.yaml`:
+
+```yaml
+skill: assertion-patterns
+timestamp: {ISO-8601}
+diagnostics:
+  t0_checks:
+    t0_1_imports: pass|fail
+    t0_2_separation: pass|fail
+    t0_3_naming: pass|fail
+  patterns_applied: [T1, T2, T3]
+  transformations_suggested: 3
+  files_analyzed: 1
+  completion_status: success
+```

package/skills/bug-magnet-data/SKILL.md

@@ -0,0 +1,284 @@
+---
+name: bug-magnet-data
+description: Curated edge case test data for boundary testing, verification scripts, and test generation. Provides pre-curated reference data organized by data type with context-specific loading guidance.
+user-invocable: false
+---
+
+# Bug Magnet Data
+
+Curated edge case test data for boundary testing, verification scripts, and test generation. 50+ years of testing wisdom distilled into small, high-signal collections organized by data type.
+
+**Core Principle**: Curation beats generation. 50 well-chosen edge cases find more bugs than 10,000 random inputs.
+
+---
+
+## When to Use This Skill
+
+**Load this skill when the consumer request matches ANY of these patterns:**
+
+| Consumer | Trigger | Usage |
+|----------|---------|-------|
+| test-audit | Step 7 (edge case gap detection) | Identify missing boundary test coverage |
+| bulwark-verify | Generating verification scripts | Inject edge cases into test scenarios |
+| bulwark-fix-validator | Validating a fix | Test fix against boundary conditions |
+
+**DO NOT use for:**
+- Encrypted/compressed data (edge cases won't penetrate wrapping)
+- Pure unit tests with fully mocked dependencies (edge cases need real execution)
+- Performance/load testing (use dedicated load testing tools)
+
+---
+
+## Pre-Flight Gate (BLOCKING)
+
+**STOP. Before providing ANY edge case data, you MUST follow the three-phase workflow.**
+
+This skill provides **curated data** through a **deterministic workflow**. You must execute all phases.
+
+### What You MUST Do
+
+1. **Phase 1: Component Detection** - Identify component type and load context file
+2. **Phase 2: Data Loading** - Load T0 + T1 data files (REQUIRED), T2 if specified by context
+3. **Phase 3: Edge Case Application** - Apply edge cases and report what was loaded
+
+### What You MUST NOT Do
+
+- **Do NOT generate edge cases from your own knowledge** - use the curated data files
+- **Do NOT skip loading context files** - they determine which categories apply
+- **Do NOT skip the safety filter** - patterns marked `safe_for_automation: false` must be excluded
+- **Do NOT return partial data** - all applicable tiers must be loaded
+
+### Why This Matters
+
+The curated data exists because:
+- **Curation beats generation** - 50 well-chosen edge cases find more bugs than 10,000 random inputs
+- **Reproducibility** - Same component type = same edge cases every time
+- **Safety** - Destructive patterns are explicitly marked and filtered
+
+**If you find yourself thinking "I know some good edge cases" - STOP. Use the data files.**
+
+### Completion Checklist
+
+Before returning to consumer, verify ALL items:
+
+- [ ] Phase 1: Component type detected
+- [ ] Phase 1: Context file loaded for component type
+- [ ] Phase 2: T0 data files loaded (boundaries, booleans, collections)
+- [ ] Phase 2: T1 data files loaded (unicode, special-chars, injection, special numbers)
+- [ ] Phase 2: T2 data files loaded (if specified by context file)
+- [ ] Phase 2: Safety filter applied (excluded manual_only and safe_for_automation: false)
+- [ ] Phase 3: Edge cases applied to test/verification scenario
+- [ ] Phase 3: Report includes categories loaded and patterns excluded
+
+**Do NOT return to consumer until all checkboxes can be marked complete.**
+
+---
+
+## Dependencies
+
+This skill provides data files and context guidance. Understanding what to load ensures deterministic execution.
+
+| Category | Files | Requirement | When to Load |
+|----------|-------|-------------|--------------|
+| **Context files** | `context/{component-type}.md` | REQUIRED | Always load for detected component type |
+| **T0 data (boundaries)** | `data/strings/boundaries.yaml`, `data/numbers/boundaries.yaml`, `data/booleans/boundaries.yaml`, `data/collections/arrays.yaml` | REQUIRED | Every edge case injection |
+| **T1 data (common)** | `data/strings/unicode.yaml`, `data/strings/special-chars.yaml`, `data/strings/injection.yaml`, `data/numbers/special.yaml` | REQUIRED | Most edge case injections |
+| **T2 data (context-specific)** | `data/dates/*.yaml`, `data/encoding/*.yaml`, `data/formats/*.yaml`, `data/concurrency/*.yaml` | CONDITIONALLY REQUIRED | If context file specifies → MUST load |
+| **Language-specific** | `data/language-specific/{language}.yaml` | CONDITIONALLY REQUIRED | If testing language-specific behavior → MUST load |
+| **External references** | `references/external-lists.md` | REQUIRED | For source attribution and update checking |
+
+**Fallback behavior:**
+- If component type detected → Loading `context/{type}.md` is REQUIRED
+- If context file specifies a category → Loading that category is REQUIRED
+- If a referenced file is missing → Note in output, continue with available data
+
+---
+
+## Data Tiers
+
+| Tier | Categories | When to Load |
+|------|------------|--------------|
+| **T0 (Always)** | Boundaries (empty/single/max), Null handling | Every edge case injection |
+| **T1 (Common)** | Basic injection, Unicode basics, Numeric edges | Every edge case injection |
+| **T2 (Context)** | Date/time, Encoding, Formats, Concurrency | When context file specifies |
+| **T3 (Manual)** | Patterns marked `manual_only: true` | NEVER for automated runs |
+
+**Safety Filtering**: Patterns with `safe_for_automation: false` or `manual_only: true` MUST be excluded from automated test runs.
+
+---
+
+## Three-Phase Workflow
+
+**CRITICAL**: All three phases are REQUIRED. Do not skip any phase.
+
+```
+Phase 1: Component Detection (Deterministic)
+├── Identify component type from code under test
+├── Map to context file: context/{cli-args|http-body|file-contents|db-query|process-spawn}.md
+└── Load context file → get applicable categories list
+
+Phase 2: Data Loading (Deterministic)
+├── Load T0 data files (REQUIRED - always)
+├── Load T1 data files (REQUIRED - always)
+├── Load T2 data files specified by context file (CONDITIONALLY REQUIRED)
+├── Load language-specific file if applicable (CONDITIONALLY REQUIRED)
+└── Apply safety filter: exclude patterns with safe_for_automation: false
+
+Phase 3: Edge Case Application
+├── Inject loaded edge cases into test scenarios
+├── Report which categories were loaded
+└── Report any patterns excluded due to safety filtering
+```
+
+---
+
+## Component Type Detection
+
+Map code under test to component type. **Detection determines which context file to load.**
+
+| Code Pattern | Component Type | Context File |
+|--------------|----------------|--------------|
+| CLI argument parsing, process.argv, argparse | CLI | `context/cli-args.md` |
+| HTTP request/response, req.body, fetch, axios | HTTP | `context/http-body.md` |
+| File I/O, fs.read, open(), file parsing | File | `context/file-contents.md` |
+| Database queries, SQL, ORM operations | Database | `context/db-query.md` |
+| Child process, spawn, exec, subprocess | Process | `context/process-spawn.md` |
+
+**If multiple types apply**: Load context files for each applicable type.
+
+---
+
+## Category Reference
+
+### Strings (T0/T1)
+
+| File | Contents | Bugs Caught |
+|------|----------|-------------|
+| `strings/boundaries.yaml` | Empty, single char, long strings, whitespace | NullPointerException, buffer overflow, off-by-one |
+| `strings/unicode.yaml` | Multi-byte, normalization, emoji, RTL | Encoding errors, length calculation bugs |
+| `strings/special-chars.yaml` | Quotes, escapes, control characters | Escape sequence handling, delimiter confusion |
+| `strings/injection.yaml` | SQL, XSS, command injection, path traversal | Security vulnerabilities |
+
+### Numbers (T0/T1)
+
+| File | Contents | Bugs Caught |
+|------|----------|-------------|
+| `numbers/boundaries.yaml` | 0, -1, 1, MAX_INT, MIN_INT | Integer overflow/underflow, off-by-one |
+| `numbers/special.yaml` | NaN, Infinity, -0 | Special value handling, NaN propagation |
+| `numbers/precision.yaml` | 0.1+0.2, large/small floats | Floating point comparison failures |
+
+### Booleans (T0)
+
+| File | Contents | Bugs Caught |
+|------|----------|-------------|
+| `booleans/boundaries.yaml` | true, false, null, truthy/falsy | Null reference, truthy/falsy confusion |
+
+### Collections (T0)
+
+| File | Contents | Bugs Caught |
+|------|----------|-------------|
+| `collections/arrays.yaml` | Empty, single, large, nested, sparse | Index out of bounds, empty collection crashes |
+| `collections/objects.yaml` | Empty, nested, circular, prototype pollution | Null reference, prototype pollution |
+
+### Dates (T2)
+
+| File | Contents | Bugs Caught |
+|------|----------|-------------|
+| `dates/boundaries.yaml` | Epoch, Y2K38, leap year | Y2K38 overflow, leap year bugs |
+| `dates/timezone.yaml` | DST transitions, UTC offsets | DST errors, timezone conversion |
+| `dates/invalid.yaml` | Feb 30, invalid formats | Date parsing failures |
+
+### Encoding (T2)
+
+| File | Contents | Bugs Caught |
+|------|----------|-------------|
+| `encoding/charset.yaml` | ASCII, UTF-8, BOM | Encoding detection, mojibake |
+| `encoding/normalization.yaml` | NFC, NFD, overlong | Normalization mismatches |
+
+### Formats (T2)
+
+| File | Contents | Bugs Caught |
+|------|----------|-------------|
+| `formats/email.yaml` | Valid/invalid patterns | Overly strict/lenient validation |
+| `formats/url.yaml` | Valid/invalid patterns | URL parsing errors |
+| `formats/json.yaml` | Valid/invalid patterns | JSON parsing errors |
+
+### Concurrency (T2)
+
+| File | Contents | Bugs Caught |
+|------|----------|-------------|
+| `concurrency/race-conditions.yaml` | Double submit, concurrent edit | Race conditions, lost updates |
+| `concurrency/state-machines.yaml` | Invalid transitions | State corruption |
+
+### Language-Specific (Conditional)
+
+| File | Contents | Bugs Caught |
+|------|----------|-------------|
+| `language-specific/javascript.yaml` | == vs ===, truthy/falsy | Type coercion bugs |
+| `language-specific/python.yaml` | None vs False, mutable defaults | Python-specific gotchas |
+| `language-specific/rust.yaml` | Ownership, borrowing | Memory safety issues |
+
+---
+
+## Data File Format
+
+All data files use this YAML structure:
+
+```yaml
+metadata:
+  version: "1.0.0"
+  last_updated: "2026-02-01"
+  source_urls: []
+
+category: strings
+subcategory: boundaries
+tier: T0
+
+values:
+  identifier:
+    value: "actual value"
+    bugs_caught: ["Bug type 1", "Bug type 2"]
+    safe_for_automation: true
+    manual_only: false
+```
+
+**Safety flags to check:**
+- `safe_for_automation: false` → Exclude from automated runs
+- `manual_only: true` → NEVER include in automated runs
+
+---
+
+## Integration Examples
+
+### test-audit (Step 7)
+
+```
+1. Detect component type from test file
+2. Load context file for component type
+3. Load T0 + T1 data files
+4. Load T2 files specified by context
+5. Compare test coverage against loaded edge cases
+6. Report missing edge case coverage
+```
+
+### bulwark-verify
+
+```
+1. Detect component type from code under verification
+2. Load context file for component type
+3. Load T0 + T1 data files
+4. Load T2 files specified by context
+5. Filter out patterns with safe_for_automation: false
+6. Inject applicable edge cases into verification script
+```
+
+### bulwark-fix-validator
+
+```
+1. Detect component type from fix
+2. Load context file for component type
+3. Load T0 + T1 data files
+4. Test fix against loaded edge cases
+5. Report any edge cases that break the fix
+```
+