claude-dev-env 1.50.1 → 1.50.3

package/hooks/blocking/test_tdd_enforcer.py

@@ -574,3 +574,119 @@ def test_is_inside_dotclaude_segment_helper_matches_only_exact_segments() -> Non
     assert _PRODUCTION_MODULE._is_inside_dotclaude_segment("C:\\Users\\dev\\.claude\\agent.py") is True
     assert _PRODUCTION_MODULE._is_inside_dotclaude_segment("/src/my.claude.helpers.py") is False
     assert _PRODUCTION_MODULE._is_inside_dotclaude_segment("/src/app/service.py") is False
+
+
+def test_should_offer_split_family_test_files_as_candidates_for_code_rules_module(
+    tmp_path: Path,
+) -> None:
+    sandbox = _sandbox(tmp_path)
+    production_module = sandbox / "code_rules_magic_values.py"
+    string_magic_family_test = sandbox / "test_code_rules_enforcer_split_string_magic.py"
+    string_magic_family_test.write_text("def test_string_magic(): pass\n")
+    banned_family_test = sandbox / "test_code_rules_enforcer_split_banned.py"
+    banned_family_test.write_text("def test_banned(): pass\n")
+
+    all_candidates = _PRODUCTION_MODULE.candidate_test_paths_for(production_module)
+
+    assert string_magic_family_test in all_candidates
+    assert banned_family_test in all_candidates
+
+
+def test_should_keep_plain_stem_candidates_first_for_code_rules_module(
+    tmp_path: Path,
+) -> None:
+    sandbox = _sandbox(tmp_path)
+    production_module = sandbox / "code_rules_magic_values.py"
+    family_test = sandbox / "test_code_rules_enforcer_split_string_magic.py"
+    family_test.write_text("def test_string_magic(): pass\n")
+
+    all_candidates = _PRODUCTION_MODULE.candidate_test_paths_for(production_module)
+
+    assert all_candidates[0] == sandbox / "test_code_rules_magic_values.py"
+    assert all_candidates[1] == sandbox / "code_rules_magic_values_test.py"
+
+
+def test_should_not_offer_split_family_candidates_for_non_code_rules_module(
+    tmp_path: Path,
+) -> None:
+    sandbox = _sandbox(tmp_path)
+    production_module = sandbox / "orders.py"
+    family_test = sandbox / "test_code_rules_enforcer_split_string_magic.py"
+    family_test.write_text("def test_string_magic(): pass\n")
+
+    all_candidates = _PRODUCTION_MODULE.candidate_test_paths_for(production_module)
+
+    assert family_test not in all_candidates
+
+
+def test_should_add_no_split_family_candidates_when_directory_has_none(
+    tmp_path: Path,
+) -> None:
+    sandbox = _sandbox(tmp_path)
+    production_module = sandbox / "code_rules_magic_values.py"
+
+    all_candidates = _PRODUCTION_MODULE.candidate_test_paths_for(production_module)
+
+    expected_stem_candidates = [
+        sandbox / "test_code_rules_magic_values.py",
+        sandbox / "code_rules_magic_values_test.py",
+    ]
+    assert all_candidates == expected_stem_candidates
+
+
+def test_should_not_offer_family_candidates_for_code_ruleset_stem(
+    tmp_path: Path,
+) -> None:
+    sandbox = _sandbox(tmp_path)
+    production_module = sandbox / "code_ruleset.py"
+    family_test = sandbox / "test_code_rules_enforcer_split_example.py"
+    family_test.write_text("def test_detects_example(): pass\n")
+
+    all_candidates = _PRODUCTION_MODULE.candidate_test_paths_for(production_module)
+
+    expected_stem_candidates = [
+        sandbox / "test_code_ruleset.py",
+        sandbox / "code_ruleset_test.py",
+    ]
+    assert all_candidates == expected_stem_candidates
+    assert family_test not in all_candidates
+
+
+def test_should_allow_code_rules_edit_when_fresh_split_family_sibling_exists(
+    tmp_path: Path,
+) -> None:
+    sandbox = _sandbox(tmp_path)
+    production_module = sandbox / "code_rules_example.py"
+    production_module.write_text("def detect() -> None:\n    return None\n")
+    family_test = sandbox / "test_code_rules_enforcer_split_example_concern.py"
+    family_test.write_text("def test_detects_example(): pass\n")
+
+    payload = _make_edit_payload(
+        production_module,
+        old_string="return None",
+        new_string="return None  # adjusted",
+    )
+    completed = _run_hook_with_payload(payload)
+
+    assert _decision_from(completed) == "allow"
+
+
+def test_should_deny_code_rules_edit_when_split_family_sibling_is_stale(
+    tmp_path: Path,
+) -> None:
+    sandbox = _sandbox(tmp_path)
+    production_module = sandbox / "code_rules_example.py"
+    production_module.write_text("def detect() -> None:\n    return None\n")
+    family_test = sandbox / "test_code_rules_enforcer_split_example_concern.py"
+    family_test.write_text("def test_detects_example(): pass\n")
+    stale_timestamp = time.time() - STALE_MTIME_OFFSET_SECONDS
+    os.utime(family_test, (stale_timestamp, stale_timestamp))
+
+    payload = _make_edit_payload(
+        production_module,
+        old_string="return None",
+        new_string="return None  # adjusted",
+    )
+    completed = _run_hook_with_payload(payload)
+
+    assert _decision_from(completed) == "deny"

package/hooks/hooks_constants/blocking_check_limits.py

@@ -20,6 +20,9 @@ MAX_DOCSTRING_ARGS_SIGNATURE_ISSUES: int = 5
 MAX_IGNORED_MUST_CHECK_RETURN_ISSUES: int = 5
 MAX_TYPE_ESCAPE_HATCH_ISSUES: int = 5
 MAX_THIN_WRAPPER_ISSUES: int = 1
+MAX_LOGGING_FSTRING_ISSUES: int = 3
+MAX_WINDOWS_API_NONE_ISSUES: int = 3
+MAX_E2E_TEST_NAMING_ISSUES: int = 3
 DOCSTRING_TRIVIAL_FUNCTION_BODY_LINE_LIMIT: int = 3
 
 ALL_BARE_EXCEPT_BANNED_HANDLER_NAMES: frozenset[str] = frozenset({"Exception", "BaseException"})

package/hooks/hooks_constants/code_rules_enforcer_constants.py

@@ -79,6 +79,14 @@ NOT_INSIDE_TYPE_CHECKING_BLOCK = -1
 TRIPLE_QUOTE_PARITY_DIVISOR = 2
 TRIPLE_DOUBLE_QUOTE_DELIMITER = '"""'
 TRIPLE_SINGLE_QUOTE_DELIMITER = "'''"
+MAX_MAGIC_VALUE_ISSUES = 3
+STRING_LITERAL_QUOTE_PAIR_LENGTH = 2
+MINIMUM_FSTRING_LITERAL_LENGTH = 2
+MAX_FSTRING_STRUCTURAL_LITERAL_ISSUES = 100
+ALL_ALLOWED_MAGIC_NUMBER_LITERALS: frozenset[str] = frozenset({"0", "1", "-1", "0.0", "1.0"})
+ALL_NON_MAGIC_FSTRING_STRIPPED_VALUES: frozenset[str] = frozenset({"", "True", "False"})
+DUPLICATED_FORMAT_MINIMUM_REPETITION_COUNT = 3
+DUPLICATED_FORMAT_MINIMUM_LITERAL_CHARACTER_COUNT = 5
 FILE_GLOBAL_UPPER_SNAKE_PATTERN = re.compile(r"^_?[A-Z][A-Z0-9_]*$")
 
 ALL_COLLECTION_TYPE_NAMES: frozenset[str] = frozenset({

package/hooks/hooks_constants/sys_path_insert_constants.py

@@ -2,3 +2,4 @@
 
 MAX_SYS_PATH_INSERT_ISSUES: int = 25
 SYS_PATH_INSERT_GUIDANCE: str = "guard with `if <path> not in sys.path:` to avoid pushing the same entry on every reload"
+SYS_PATH_INSERT_MINIMUM_ARGUMENT_COUNT: int = 2

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "claude-dev-env",
-    "version": "1.50.1",
+    "version": "1.50.3",
     "description": "Claude Code development standards — rules, hooks, agents, commands, and skills",
     "type": "module",
     "bin": {

package/skills/_shared/pr-loop/scripts/build_audit_prompt.py

@@ -1,7 +1,9 @@
 """Emit the complete AUDIT spawn prompt XML to stdout.
 
-Substitutes <context>, <scope>, <bug_categories>, <constraints>,
-<comment_posting>, and <output_format> blocks from CLI args.
+Builds <context> and <scope> from CLI args; <bug_categories>,
+<rubric_reference>, and <constraints> come from the shared constants in
+skills_pr_loop_constants; <comment_posting> and <output_format> are built
+inline.
 
 Usage:
   python scripts/build_audit_prompt.py --owner jl-cmd --repo claude-code-config --pr-number 422 --loop 1 --head-ref feat/branch --base-ref main --worktree-path <PATH> --run-temp-dir <PATH>
@@ -22,6 +24,7 @@ from _xml_utils import emit_pretty_xml
 from skills_pr_loop_constants.path_resolver_constants import (
     ALL_AUDIT_CATEGORY_ENTRIES,
     ALL_AUDIT_CONSTRAINT_TEXTS,
+    AUDIT_RUBRIC_REFERENCE_TEXT,
 )
 
 
@@ -74,6 +77,9 @@ def build_audit_prompt_xml(
         cat_elem = SubElement(bug_categories, "category", {"id": each_category_id})
         cat_elem.text = each_category_label
 
+    rubric_reference = SubElement(root, "rubric_reference")
+    rubric_reference.text = AUDIT_RUBRIC_REFERENCE_TEXT
+
     constraints = SubElement(root, "constraints")
     for each_constraint in ALL_AUDIT_CONSTRAINT_TEXTS:
         SubElement(constraints, "constraint").text = each_constraint
@@ -167,12 +173,12 @@ def main(all_arguments: list[str]) -> int:
     xml_output = emit_audit_prompt(
         owner=arguments.owner,
         repo=arguments.repo,
-        pr_number=getattr(arguments, "pr_number"),
+        pr_number=arguments.pr_number,
         loop=arguments.loop,
-        head_ref=getattr(arguments, "head_ref"),
-        base_ref=getattr(arguments, "base_ref"),
-        worktree_path=getattr(arguments, "worktree_path"),
-        run_temp_dir=getattr(arguments, "run_temp_dir"),
+        head_ref=arguments.head_ref,
+        base_ref=arguments.base_ref,
+        worktree_path=arguments.worktree_path,
+        run_temp_dir=arguments.run_temp_dir,
     )
     sys.stdout.write(xml_output)
     return 0

package/skills/_shared/pr-loop/scripts/skills_pr_loop_constants/path_resolver_constants.py

@@ -29,19 +29,29 @@ ALL_AUDIT_CONSTRAINT_TEXTS = [
 ]
 
 ALL_AUDIT_CATEGORY_ENTRIES = [
-    ("A", "Documentation / API call accuracy"),
-    ("B", "Type safety / boundary types"),
-    ("C", "Magic values / hardcoded constants"),
-    ("D", "Naming / banned identifiers"),
-    ("E", "Orphans / dead code"),
-    ("F", "Error handling / bare except"),
-    ("G", "Bounds / silent cap exits"),
-    ("H", "Testing / test quality"),
-    ("I", "Control flow / logic errors"),
-    ("J", "Architecture / SOLID violations"),
-    ("K", "Codebase conflicts / DRY"),
+    ("A", "API contract verification"),
+    ("B", "Selector / query / engine compatibility"),
+    ("C", "Resource cleanup and lifecycle"),
+    ("D", "Variable scoping, ordering, and unbound references"),
+    ("E", "Dead code and unused imports"),
+    ("F", "Silent failures"),
+    ("G", "Off-by-one, bounds, integer overflow"),
+    ("H", "Security boundaries"),
+    ("I", "Concurrency hazards"),
+    ("J", "CODE_RULES.md compliance"),
+    ("K", "Codebase conflicts (incomplete propagation)"),
+    ("L", "Behavior-equivalence for refactors"),
+    ("M", "Producer/consumer cardinality vs collection-type contract"),
+    ("N", "Test-name scenario verifier"),
 ]
 
+AUDIT_RUBRIC_REFERENCE_TEXT = (
+    "The category list above is a summary. The binding definition of each "
+    "category is its rubric file under $HOME/.claude/audit-rubrics/category_rubrics/ "
+    "(ready-to-send prompt variants under $HOME/.claude/audit-rubrics/prompts/). "
+    "Read the rubric files before auditing."
+)
+
 ALL_FIX_EXECUTION_STEPS = [
     "Read the finding and verify it against the current file at file:line.",
     "Write a failing test that reproduces the bug.",

package/skills/_shared/pr-loop/scripts/test_build_audit_prompt.py

@@ -0,0 +1,92 @@
+"""Tests pinning build_audit_prompt's emitted A-N category taxonomy."""
+
+from __future__ import annotations
+
+import importlib.util
+import re
+import sys
+from pathlib import Path
+from types import ModuleType
+from xml.etree.ElementTree import Element
+
+_SCRIPTS_DIR = Path(__file__).resolve().parent
+if str(_SCRIPTS_DIR) not in sys.path:
+    sys.path.insert(0, str(_SCRIPTS_DIR))
+
+from skills_pr_loop_constants.path_resolver_constants import (
+    ALL_AUDIT_CATEGORY_ENTRIES,
+)
+
+_CATEGORY_RUBRICS_DIR = _SCRIPTS_DIR.parents[3] / "audit-rubrics" / "category_rubrics"
+_HEADING_PATTERN = re.compile(r"^# Category ([A-N]) — (.+)$")
+
+
+def _load_build_audit_prompt() -> ModuleType:
+    module_path = _SCRIPTS_DIR / "build_audit_prompt.py"
+    spec = importlib.util.spec_from_file_location("build_audit_prompt", module_path)
+    assert spec is not None
+    assert spec.loader is not None
+    module = importlib.util.module_from_spec(spec)
+    sys.modules["build_audit_prompt"] = module
+    spec.loader.exec_module(module)
+    return module
+
+
+build_audit_prompt = _load_build_audit_prompt()
+
+
+def _rubric_label_by_letter() -> dict[str, str]:
+    assert _CATEGORY_RUBRICS_DIR.is_dir(), f"Missing rubric directory: {_CATEGORY_RUBRICS_DIR}"
+    all_labels: dict[str, str] = {}
+    for each_rubric_file in sorted(_CATEGORY_RUBRICS_DIR.glob("category-*.md")):
+        all_rubric_lines = each_rubric_file.read_text(encoding="utf-8").splitlines()
+        assert all_rubric_lines, f"Empty rubric file: {each_rubric_file}"
+        each_match = _HEADING_PATTERN.match(all_rubric_lines[0])
+        assert each_match is not None, f"Heading pattern not matched in {each_rubric_file}"
+        all_labels[each_match.group(1)] = each_match.group(2)
+    return all_labels
+
+
+def _build_audit_root() -> Element:
+    return build_audit_prompt.build_audit_prompt_xml(
+        owner="jl-cmd",
+        repo="claude-code-config",
+        pr_number=422,
+        loop=1,
+        head_ref="feat/branch",
+        base_ref="main",
+        worktree_path=Path("/tmp/bugteam-pr-422/worktree"),
+        run_temp_dir=Path("/tmp/bugteam-pr-422"),
+    )
+
+
+def test_bug_categories_carry_ids_a_through_n_in_order() -> None:
+    root = _build_audit_root()
+    bug_categories = root.find("bug_categories")
+    assert bug_categories is not None
+    all_emitted_ids = [each_category.get("id") for each_category in bug_categories]
+    all_expected_ids = list("ABCDEFGHIJKLMN")
+    assert all_emitted_ids == all_expected_ids
+
+
+def test_emitted_category_labels_match_constant_entries() -> None:
+    root = _build_audit_root()
+    bug_categories = root.find("bug_categories")
+    assert bug_categories is not None
+    label_by_id = {
+        each_category.get("id"): each_category.text for each_category in bug_categories
+    }
+    for each_category_id, each_category_label in ALL_AUDIT_CATEGORY_ENTRIES:
+        assert label_by_id[each_category_id] == each_category_label
+
+
+def test_category_labels_match_rubric_file_headings() -> None:
+    assert dict(ALL_AUDIT_CATEGORY_ENTRIES) == _rubric_label_by_letter()
+
+
+def test_rubric_reference_element_names_category_rubrics_directory() -> None:
+    root = _build_audit_root()
+    rubric_reference = root.find("rubric_reference")
+    assert rubric_reference is not None
+    assert rubric_reference.text is not None
+    assert "audit-rubrics/category_rubrics" in rubric_reference.text

package/skills/bugteam/CONSTRAINTS.md

@@ -2,7 +2,7 @@
 
 ## Constraints
 
-- **Full A–K audit every loop, no exceptions.** PR size, "focused audit," "team overhead," "CODE_RULES already passed" — not valid reasons. Empty `<findings/>` for any category is a valid result. The audit agent walks all A–K rubrics each loop.
+- **Full A–N audit every loop, no exceptions.** PR size, "focused audit," "team overhead," "CODE_RULES already passed" — not valid reasons. Empty `<findings/>` for any category is a valid result. The audit agent walks all A–N rubrics each loop.
 - **One run per invocation, multi-PR supported.** All PRs in a single /bugteam invocation share one `run_temp_dir`. Per-PR identity lives in the subagent name prefix (`bugfind-pr<N>-loop<L>` / `bugfix-pr<N>-loop<L>`) and the `<run_temp_dir>/pr-<N>/` subfolder containing that PR's git worktree, diff patches, and outcome XML files.
 - **Grant before any spawn, revoke before any return.** Step 0 grants project `.claude/**` permissions; Step 5 revokes. Both are mandatory. Revoke runs on every exit path including error, cap-reached, and stuck.
 - **Fresh subagent per loop.** Both bugfind and bugfix are spawned new each loop. Reusing a subagent across loops accumulates context inside that subagent's window — defeats clean-room.

package/skills/bugteam/PROMPTS.md

@@ -44,58 +44,30 @@ cd into `<worktree_path>` before any git or file operation.
   a `---` separator and a worked example against an authentic PR below —
   are in `$HOME/.claude/audit-rubrics/prompts/`):
 
-  A. API contract verification (signatures, return types, async/await correctness)
+  A. API contract verification
   B. Selector / query / engine compatibility
-  C. Resource cleanup and lifecycle (file handles, connections, processes, locks)
+  C. Resource cleanup and lifecycle
   D. Variable scoping, ordering, and unbound references
-  E. Dead code: dead parameters, dead locals, dead imports, dead branches, dead returns, and unused imports
-  F. Silent failures (catch-all excepts, unconditional success returns, missing error propagation)
-  G. Off-by-one, bounds, and integer overflow
-  H. Security boundaries (injection, path traversal, auth bypass, secret leakage)
-  I. Concurrency hazards (race conditions, missing awaits, shared mutable state)
-  J. Magic values and configuration drift
-  K. Codebase conflicts — a change updates one site of a pattern but a parallel
-     site in unchanged code stays stale, producing contradictory behavior;
-     the diff is internally consistent, the bug emerges only against unchanged
-     code (canonical example: jl-cmd/claude-code-config PR #397 r3210166636)
-  L. Behavior-equivalence for refactors. When the PR rewrites an existing
-     function (especially an enforcement check, parser, or path classifier),
-     compare the rewrite's edge-case handling against the sibling implementation
-     at the same git commit base. Pin the historically-valid inputs in a
-     `KNOWN_GOOD_INPUTS` table and assert each still passes. Cited in audits:
-     ccc#479 F1 (`#noqa` no-space variant dropped after a tokenize-based
-     refactor); ccc#479 F4 (bare `#` lookalike misclassified after refactor);
-     ccc#479 F5 (inline `#!` lookalike misclassified); ccc#479 F6 (early-exit
-     invariant dropped); ccc#472 F44 (`startswith('## Problem')` too loose vs
-     the sibling regex shape).
-  M. Producer/consumer cardinality vs collection-type contract. For each new
-     function returning `list[X]`, `Sequence[X]`, or `Iterable[X]`, ask
-     whether the return can contain duplicates and whether any downstream
-     consumer treats the value as a set. Subprocess-stdout parsers must return
-     `frozenset[Path]` or `dict.fromkeys`-deduplicated `list[Path]`.
-     Functions whose consumer is itself an `extend(...)` into a list pass;
-     functions with explicit "duplicates preserved" docstring text pass.
-     Cited in audits: pa#143 F10 (`_extract_paths_from_everything_cli_stdout`
-     duplicates → `RuntimeError` — the only High-severity crash bug in the
-     audit set); pa#136 F30 / F32 (duplicate content_id rows submit twice;
-     writeback ignores content_id key).
-  N. Test-name claims a scenario the body does not enter. Tests named
-     `test_*_at_*`, `test_*_under_*`, `test_*_when_*`, and `test_*_with_*`
-     must, via monkeypatch / fixture inspection, demonstrate the named
-     condition is in effect when the system under test runs. Path-decision
-     functions (registered in `*_path_exemptions.py` / `is_*_path` /
-     `_resolve_*_path` modules) must ship with a parametric matrix of
-     canonical edge cases (empty string, single filename, tilde, UNC,
-     drive-letter, symlinked, `..`-containing, trailing-slash). Tests with
-     neutral names (`test_returns_empty_list_on_x`) are unaffected. Cited
-     in audits: ccc#476 F5 / F21 / F23 / F26 / F27 (cross-platform
-     scenarios never exercised under the claimed conditions); pa#135 F11 /
-     F15 (string-shape and integration tests that exercise only the no-op
-     branch); pa#136 F50 (`<substring> not in executed_sql` assertion that
-     cannot fail because the substring shape never matches the real
-     fragment).
+  E. Dead code and unused imports
+  F. Silent failures
+  G. Off-by-one, bounds, integer overflow
+  H. Security boundaries
+  I. Concurrency hazards
+  J. CODE_RULES.md compliance
+  K. Codebase conflicts (incomplete propagation)
+  L. Behavior-equivalence for refactors
+  M. Producer/consumer cardinality vs collection-type contract
+  N. Test-name scenario verifier
 </bug_categories>
 
+<rubric_reference>
+  The category list above is a summary. The binding definition of each
+  category is its rubric file under
+  `$HOME/.claude/audit-rubrics/category_rubrics/` (ready-to-send prompt
+  variants under `$HOME/.claude/audit-rubrics/prompts/`). Read the rubric
+  files before auditing.
+</rubric_reference>
+
 <constraints>
   - Read-only on source code: the audit does not modify any source file.
   - Cite file:line for every finding.

package/skills/bugteam/SKILL.md

@@ -11,10 +11,10 @@ description: >-
 # Bugteam
 
 Audit–fix until convergence. Bugfind: `code-quality-agent`, fresh context each
-loop, auditing all A–K categories. Bugfix: `clean-coder`. Hard cap: 20 audit
+loop, auditing all A–N categories. Bugfix: `clean-coder`. Hard cap: 20 audit
 loops. Grant `.claude/**` at start, revoke always at end.
 
-The audit agent loads the A–K category rubrics from
+The audit agent loads the A–N category rubrics from
 `$HOME/.claude/audit-rubrics/{category_rubrics,prompts}/` alongside
 [`PROMPTS.md`](PROMPTS.md) and produces a single outcome XML per loop.
 
@@ -146,7 +146,7 @@ end-to-end mental model before starting Step 0.
 | Posting the end-of-pass audit review via `post_audit_thread.py` (APPROVE on CLEAN — the request event; GitHub stores it as `state=APPROVED` — REQUEST_CHANGES with inline anchored comments on DIRTY) | [§ Audit posting](#audit-posting) |
 | Posting per-finding fix replies via GitHub MCP `add_reply_to_pull_request_comment` (rendered with the unified template at [`_shared/pr-loop/audit-reply-template.md`](../../_shared/pr-loop/audit-reply-template.md)) | [reference/github-pr-reviews.md](reference/github-pr-reviews.md) |
 | Teardown, PR description rewrite via `pr-description-writer`, permission revoke, final report | [reference/teardown-publish-permissions.md](reference/teardown-publish-permissions.md) |
-| Spawn-prompt XML, A–K category bindings, outcome XML schemas | [PROMPTS.md](PROMPTS.md) |
+| Spawn-prompt XML, A–N category bindings, outcome XML schemas | [PROMPTS.md](PROMPTS.md) |
 | Per-category audit content (sub-buckets, decision criteria, ready-to-send Variant C templates) | `$HOME/.claude/audit-rubrics/{category_rubrics,prompts}/` |
 | Invariants and design rationale | [CONSTRAINTS.md](CONSTRAINTS.md), [reference/design-rationale.md](reference/design-rationale.md) |
 | Audit-contract finding shape (Shape A / B), Haiku secondary, post-fix self-audit | [reference/audit-contract.md](reference/audit-contract.md) |
@@ -159,11 +159,11 @@ end-to-end mental model before starting Step 0.
 - `SKILL.md` — this hub.
 - `reference/` — workflow detail per situation.
 - `scripts/` — utility scripts executed, not loaded as primary context.
-- `PROMPTS.md` — spawn XML, A–K category bindings, outcome schemas.
+- `PROMPTS.md` — spawn XML, A–N category bindings, outcome schemas.
 - `CONSTRAINTS.md` — invariants.
 - `EXAMPLES.md` — exit scenarios.
 - `sources.md` — doc URLs and verbatim quotes.
 - `~/.claude/audit-rubrics/` — installed by `npx claude-dev-env` from
-  `packages/claude-dev-env/audit-rubrics/`; the audit agent reads all A–K
+  `packages/claude-dev-env/audit-rubrics/`; the audit agent reads all A–N
   rubrics under `category_rubrics/` and prompts under `prompts/`. Required
   at audit time alongside `PROMPTS.md`.

package/skills/bugteam/reference/audit-and-teammates.md

@@ -116,7 +116,7 @@ Repeat until an exit condition fires.
 
 ## AUDIT action
 
-Spawn one audit agent that walks all A–K categories:
+Spawn one audit agent that walks all A–N categories:
 
 ```
 Agent(

package/skills/bugteam/reference/audit-contract.md

@@ -21,7 +21,7 @@ Each finding an audit produces MUST be one of exactly two shapes.
   "id": "loop<L>-<K>",
   "file": "path/relative/to/repo/root.py",
   "line": 123,
-  "category": "A | B | C | D | E | F | G | H | I | J | K",
+  "category": "A | B | C | D | E | F | G | H | I | J | K | L | M | N",
   "severity": "P0 | P1 | P2",
   "excerpt": "verbatim code snippet from the offending line(s)",
   "failure_mode": "one sentence describing what goes wrong and when",
@@ -37,7 +37,7 @@ Used when an audit investigates a category and does NOT find a bug. Bare "verifi
 
 ```json
 {
-  "category": "A | B | C | D | E | F | G | H | I | J | K",
+  "category": "A | B | C | D | E | F | G | H | I | J | K | L | M | N",
   "files_opened": ["file1.py", "file2.py"],
   "lines_quoted": [
     {"file": "file1.py", "line": 88, "text": "verbatim line content"}
@@ -89,7 +89,7 @@ After the primary finding list is complete, every audit runs a second pass again
 
 The audit must either produce new Shape A findings citing new file:line references not present in the first pass, or cite explicit Shape B adversarial-probe entries for each category it re-examined. An adversarial pass that returns "nothing new, confident first pass was complete" is REJECTED — produce evidence or findings, not confidence.
 
-For `/bugteam`, the single audit agent provides per-category coverage by walking all A–K rubrics in one invocation.
+For `/bugteam`, the single audit agent provides per-category coverage by walking all A–N rubrics in one invocation.
 
 ## Merge rules
 
@@ -113,7 +113,7 @@ Sequence:
 3. Run `py_compile` (or language-equivalent) on each modified file.
 4. Compute `fix_diff` against pre-fix contents for the modified set.
 5. Run `bugteam_code_rules_gate.py` with explicit paths for every modified file.
-6. Spawn a scoped audit of `fix_diff` with full A–K rigor, Shape A/B contract, adversarial pass, AND Haiku secondary in parallel (paranoid mode on post-fix).
+6. Spawn a scoped audit of `fix_diff` with full A–N rigor, Shape A/B contract, adversarial pass, AND Haiku secondary in parallel (paranoid mode on post-fix).
 7. Any new findings become same-loop fix-targets. Internal iteration count increments by one.
 8. After 3 internal iterations with fresh findings each time, exit `stuck: post-fix audit not converging`.
 9. Only when `gate_findings` empty AND `post_fix_findings` empty: `git add`, commit, push.

package/skills/bugteam/reference/design-rationale.md

@@ -2,7 +2,7 @@
 
 ## Core principle (expanded)
 
-One audit agent (`code-quality-agent`, opus) walks all A–K categories per loop. One fix agent (`clean-coder`, opus) addresses the audit's findings.
+One audit agent (`code-quality-agent`, opus) walks all A–N categories per loop. One fix agent (`clean-coder`, opus) addresses the audit's findings.
 
 Fresh-spawn clean-room isolation: each `Agent` call creates a new subagent with its own context window and no access to prior conversation. After the subagent writes its outcome XML and self-terminates, the lead reads the file. Results never accumulate in the lead’s context beyond the XML artifact. Verbatim Anthropic quotes and URLs: [`../sources.md`](../sources.md).
 

package/skills/findbugs/SKILL.md

@@ -88,16 +88,25 @@ The XML prompt skeleton:
 
 <bug_categories>
   Investigate each explicitly:
-  A. API contract verification (signatures, return types, async/await correctness)
+  A. API contract verification
   B. Selector / query / engine compatibility
-  C. Resource cleanup and lifecycle (file handles, connections, processes, locks)
+  C. Resource cleanup and lifecycle
   D. Variable scoping, ordering, and unbound references
   E. Dead code and unused imports
-  F. Silent failures (catch-all excepts, unconditional success returns, missing error propagation)
-  G. Off-by-one, bounds, and integer overflow
-  H. Security boundaries (injection, path traversal, auth bypass, secret leakage)
-  I. Concurrency hazards (race conditions, missing awaits, shared mutable state)
-  J. Magic values and configuration drift
+  F. Silent failures
+  G. Off-by-one, bounds, integer overflow
+  H. Security boundaries
+  I. Concurrency hazards
+  J. CODE_RULES.md compliance
+  K. Codebase conflicts (incomplete propagation)
+  L. Behavior-equivalence for refactors
+  M. Producer/consumer cardinality vs collection-type contract
+  N. Test-name scenario verifier
+
+  The category list above is a summary. The binding definition of each
+  category is its rubric file under $HOME/.claude/audit-rubrics/category_rubrics/
+  (ready-to-send prompt variants under $HOME/.claude/audit-rubrics/prompts/).
+  Read the rubric files before auditing.
 </bug_categories>
 
 <constraints>
@@ -256,18 +265,18 @@ Want me to run /fixbugs for the P0/P1 findings?
 User: `/findbugs`
 Claude: [resolves PR #42 from current branch, fetches full diff, spawns code-quality-agent foreground with self-contained prompt, returns]
 
-`1 P0 / 2 P1 / 0 P2 — 7 categories cleared`
+`1 P0 / 2 P1 / 0 P2 — 11 categories cleared`
 
 `P0 — race condition on shared cache write`
-`  src/cache.py:88 — concurrent writers can both pass the existence check before either writes (category: concurrency)`
+`  src/cache.py:88 — concurrent writers can both pass the existence check before either writes (category: I — Concurrency hazards)`
 
 `P1 — silent paste failure`
-`  utils/clipboard.py:33 — validated_paste returns success without verifying the post-paste state (category: silent failure)`
+`  utils/clipboard.py:33 — validated_paste returns success without verifying the post-paste state (category: F — Silent failures)`
 
 `P1 — unbound variable on early-exception path`
-`  src/processor.py:283 — scheduling_log referenced after try/finally where it may be unbound (category: scoping)`
+`  src/processor.py:283 — scheduling_log referenced after try/finally where it may be unbound (category: D — Variable scoping, ordering, and unbound references)`
 
-`Verified clean: API contract, selector compatibility, resource cleanup, dead code, off-by-one, security boundaries, magic values`
+`Verified clean: API contract, selector compatibility, resource cleanup, dead code, off-by-one, security boundaries, CODE_RULES.md compliance, codebase conflicts, behavior-equivalence, producer/consumer cardinality, Test-name scenario verifier`
 
 `Open questions: none`
 

package/skills/fixbugs/SKILL.md

@@ -33,7 +33,7 @@ Locate the most recent `/findbugs` output in the current conversation. For each
 
 - Severity (`P0` / `P1` / `P2`)
 - `file:line`
-- Category (the A–J letter or category name `/findbugs` reported)
+- Category (the A–N letter or category name `/findbugs` reported)
 - One-sentence description as `/findbugs` wrote it
 
 Apply the severity filter from `$ARGUMENTS` if present:

package/skills/qbug/SKILL.md

@@ -3,7 +3,7 @@ name: qbug
 description: >-
   Required baseline review for every new PR. Runs the /bugteam audit → fix →
   commit → push cycle via one clean-coder subagent (not a full team), looping
-  until convergence or stuck. Uses the same CODE_RULES gate, A–J category
+  until convergence or stuck. Uses the same CODE_RULES gate, A–N category
   rubric, and per-loop PR review shape as /bugteam — without TeamCreate,
   teammates, per-loop clean-room, or a loop cap. Invoke /bugteam instead for
   larger PRs that need per-loop bias isolation or a hard loop cap. Triggers:
@@ -21,7 +21,7 @@ Shared artifacts with /bugteam are referenced below by path, using the `${CLAUDE
 
 - Pre-flight script: `${CLAUDE_SKILL_DIR}/../../_shared/pr-loop/scripts/preflight.py`
 - Code-rules gate script: `${CLAUDE_SKILL_DIR}/../../_shared/pr-loop/scripts/code_rules_gate.py`
-- Bug category rubric A–J: [`bugteam/PROMPTS.md`](../bugteam/PROMPTS.md#audit-spawn-prompt-xml-bugfind-teammate)
+- Bug category rubric A–N: [`bugteam/PROMPTS.md`](../bugteam/PROMPTS.md#audit-spawn-prompt-xml-bugfind-teammate)
 - **Audit contract** (finding schema, proof-of-absence, adversarial pass, Haiku secondary, post-fix self-audit, diagnostics JSON): [`bugteam/reference/audit-contract.md`](../bugteam/reference/audit-contract.md)
 - PR comment lifecycle shape: [`bugteam/SKILL.md`](../bugteam/SKILL.md#audit-posting)
 
@@ -117,7 +117,7 @@ Agent(
   subagent_type="code-quality-agent",
   model="haiku",
   description="qbug Haiku secondary audit for PR <number>",
-  prompt="<audit-only prompt: read the PR diff, apply A-J categories from <categories_file>, return structured findings. No FIX, no git add, no git commit, no git push.>",
+  prompt="<audit-only prompt: read the PR diff, apply A-N categories from <categories_file>, return structured findings. No FIX, no git add, no git commit, no git push.>",
   run_in_background=False
 )
 ```
@@ -188,7 +188,7 @@ The subagent receives this prompt and loops internally — the lead does not re-
 
        - Read the patch file.
        - Audit only added/modified lines. Read <categories_file> for the
-         A–J category definitions; investigate each category explicitly.
+         A–N category definitions; investigate each category explicitly.
        - Follow the shared audit contract at
          bugteam/reference/audit-contract.md. Per category: produce
          either a Shape A structured finding or a Shape B structured
@@ -444,7 +444,7 @@ Delete the resolved `<qbug_temp_dir>` tree and any `.qbug-*.md` temp files in th
 - **No loop cap.** Cycle runs until `converged`, `stuck`, or `error`. User can interrupt.
 - **Code rules gate before every AUDIT.** Same `validate_content` logic as /bugteam.
 - **One commit per FIX action.** Linear branch, fast-forward push only.
-- **Categories A–J.** Same rubric as [`bugteam/PROMPTS.md`](../bugteam/PROMPTS.md).
+- **Categories A–N.** Same rubric as [`bugteam/PROMPTS.md`](../bugteam/PROMPTS.md).
 - **One review per loop.** Anchored findings as `comments[]`; unanchored findings surface in the calling skill's user-facing output (chat reply to the user) rather than in the PR review body.
 - **PR description rewrite on every exit**, same as /bugteam Step 4.5.
 - **Temp file cleanup on every exit path.**