docs: fix guard count drift in CLAUDE.md, README, and workflow

Update security guard references from 9 to 10 (GR-SEC-010 was missing),
code reviewer guards from 13 to 17 (new GR-CORE-LAYERS, GR-CORE-MODULE,
GR-CORE-META, GR-UI-TAXONOMY), and total guard count from 22 to 27.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-04-13 20:50:24 +02:00
parent 98afac24b1
commit 5f156661fd
3 changed files with 10 additions and 10 deletions

View File

@@ -9,7 +9,7 @@ workflow.md ← Roles, state machine, handover rules (start here)
contracts/ ← JSON schemas for role outputs (7 roles) contracts/ ← JSON schemas for role outputs (7 roles)
templates/ ← Starter JSON payloads per role (7 templates) templates/ ← Starter JSON payloads per role (7 templates)
prompts/ ← Role-specific prompt baselines (7 prompts) prompts/ ← Role-specific prompt baselines (7 prompts)
checks/ ← Guard catalog (22 guards), quality gates (9), checklists checks/ ← Guard catalog (27 guards), quality gates (9), checklists
← Enforcement policy + guard enforcement map ← Enforcement policy + guard enforcement map
skills/ ← Reusable skill packages (guardrails, planner, grid, PHP CI) skills/ ← Reusable skill packages (guardrails, planner, grid, PHP CI)
runs/ ← Runtime artifacts per workflow run (gitignored) runs/ ← Runtime artifacts per workflow run (gitignored)
@@ -22,8 +22,8 @@ runs/ ← Runtime artifacts per workflow run (gitignored)
| 1 | Analyst | `analysis.json` | — | | 1 | Analyst | `analysis.json` | — |
| 2 | Planner | `plan.json` | selects guards | | 2 | Planner | `plan.json` | selects guards |
| 3 | Executor | `execution-report.json` | provides evidence | | 3 | Executor | `execution-report.json` | provides evidence |
| 4 | Code Reviewer | `review-code.json` | 13 guards (GR-CORE/TEST/UI) | | 4 | Code Reviewer | `review-code.json` | 17 guards (GR-CORE/TEST/UI) |
| 5 | Security Reviewer | `review-security.json` | 9 guards (GR-SEC) | | 5 | Security Reviewer | `review-security.json` | 10 guards (GR-SEC) |
| 6 | Acceptance Tester | `review-acceptance.json` | SC-* criteria | | 6 | Acceptance Tester | `review-acceptance.json` | SC-* criteria |
| 7 | Finalizer | `finalize.json` | all reviews + CI | | 7 | Finalizer | `finalize.json` | all reviews + CI |
@@ -32,7 +32,7 @@ runs/ ← Runtime artifacts per workflow run (gitignored)
| What | Where | | What | Where |
|---|---| |---|---|
| Workflow & roles | `workflow.md` | | Workflow & roles | `workflow.md` |
| Guard catalog (22 guards) | `checks/guard-catalog.json` | | Guard catalog (27 guards) | `checks/guard-catalog.json` |
| Quality gates (9 gates) | `checks/quality-gates.json` | | Quality gates (9 gates) | `checks/quality-gates.json` |
| Enforcement policy | `checks/enforcement-policy.json` | | Enforcement policy | `checks/enforcement-policy.json` |
| Guard enforcement map | `checks/guard-enforcement-map.json` | | Guard enforcement map | `checks/guard-enforcement-map.json` |

View File

@@ -20,7 +20,7 @@ Primary goals:
- Fast retry loop from reviewers back to executor - Fast retry loop from reviewers back to executor
Source of truth: Source of truth:
- Guard catalog (22 guards): `.agents/checks/guard-catalog.json` - Guard catalog (27 guards): `.agents/checks/guard-catalog.json`
- Quality gates (9 gates): `.agents/checks/quality-gates.json` - Quality gates (9 gates): `.agents/checks/quality-gates.json`
- Enforcement policy (workflow trigger + gate enforcement): `.agents/checks/enforcement-policy.json` - Enforcement policy (workflow trigger + gate enforcement): `.agents/checks/enforcement-policy.json`
- Guard enforcement map (guard -> automated/hybrid/reviewer evidence): `.agents/checks/guard-enforcement-map.json` - Guard enforcement map (guard -> automated/hybrid/reviewer evidence): `.agents/checks/guard-enforcement-map.json`
@@ -50,7 +50,7 @@ Source of truth:
### Code Reviewer ### Code Reviewer
- **Input:** code diff + `execution-report.json` - **Input:** code diff + `execution-report.json`
- **Output:** `review-code.json` (see `.agents/contracts/reviewer-code.schema.json`) - **Output:** `review-code.json` (see `.agents/contracts/reviewer-code.schema.json`)
- Scope: architecture, conventions, testing, UI standards (13 guards) - Scope: architecture, conventions, testing, UI standards (17 guards)
- Guards: `GR-CORE-*`, `GR-TEST-*`, `GR-UI-*` - Guards: `GR-CORE-*`, `GR-TEST-*`, `GR-UI-*`
### Security Reviewer ### Security Reviewer
@@ -118,9 +118,9 @@ No free-text "please improve". Every fail must include:
Guards are split by reviewer role (see `reviewer` field in guard-catalog.json): Guards are split by reviewer role (see `reviewer` field in guard-catalog.json):
**Code Reviewer** (13 guards): GR-CORE-003, GR-CORE-007, GR-CORE-010, GR-CORE-011, GR-CORE-012, GR-TEST-001, GR-TEST-002, GR-UI-014, GR-UI-LIST, GR-UI-DETAIL, GR-UI-A11Y, GR-UI-I18N, GR-UI-REUSE **Code Reviewer** (17 guards): GR-CORE-003, GR-CORE-007, GR-CORE-010, GR-CORE-011, GR-CORE-012, GR-CORE-LAYERS, GR-CORE-MODULE, GR-CORE-META, GR-TEST-001, GR-TEST-002, GR-UI-014, GR-UI-LIST, GR-UI-DETAIL, GR-UI-A11Y, GR-UI-I18N, GR-UI-REUSE, GR-UI-TAXONOMY
**Security Reviewer** (9 guards): GR-SEC-001 through GR-SEC-009 **Security Reviewer** (10 guards): GR-SEC-001 through GR-SEC-010
## What automated tests already enforce ## What automated tests already enforce

View File

@@ -8,7 +8,7 @@ All guard IDs (GR-\*) and gate IDs (QG-\*) from `.agents/checks/` are **binding
- **Full workflow trigger is risk-based** and defined in `.agents/checks/enforcement-policy.json` (`full_workflow_required_when`). Matching changes MUST follow `.agents/workflow.md` (Analyst → Planner → Executor → Reviewers → Finalizer). Read `.agents/README.md` and the relevant role prompt in `.agents/prompts/` before starting. - **Full workflow trigger is risk-based** and defined in `.agents/checks/enforcement-policy.json` (`full_workflow_required_when`). Matching changes MUST follow `.agents/workflow.md` (Analyst → Planner → Executor → Reviewers → Finalizer). Read `.agents/README.md` and the relevant role prompt in `.agents/prompts/` before starting.
- **Quick fixes** may skip full workflow only if they match `.agents/checks/enforcement-policy.json` (`quick_fix_allowlist`) and still pass required gates. - **Quick fixes** may skip full workflow only if they match `.agents/checks/enforcement-policy.json` (`quick_fix_allowlist`) and still pass required gates.
- **New modules** MUST conform to `.agents/contracts/module-manifest.schema.json` and pass all 9 security guards (GR-SEC-001 through GR-SEC-009). - **New modules** MUST conform to `.agents/contracts/module-manifest.schema.json` and pass all 10 security guards (GR-SEC-001 through GR-SEC-010).
Full workflow definition: `.agents/workflow.md` | Guard catalog: `.agents/checks/guard-catalog.json` | Enforcement policy: `.agents/checks/enforcement-policy.json` | Guard enforcement map: `.agents/checks/guard-enforcement-map.json` | Skills: `.agents/skills/` Full workflow definition: `.agents/workflow.md` | Guard catalog: `.agents/checks/guard-catalog.json` | Enforcement policy: `.agents/checks/enforcement-policy.json` | Guard enforcement map: `.agents/checks/guard-enforcement-map.json` | Skills: `.agents/skills/`
@@ -192,7 +192,7 @@ docker/ # Dockerfiles, Nginx configs, PHP configs
## Security (non-negotiable) ## Security (non-negotiable)
These rules are enforced by guards GR-SEC-001 through GR-SEC-009 in `.agents/checks/guard-catalog.json`. Any violation is a blocking finding. These rules are enforced by guards GR-SEC-001 through GR-SEC-010 in `.agents/checks/guard-catalog.json`. Any violation is a blocking finding.
- CSRF token verified on every POST (GR-SEC-001) - CSRF token verified on every POST (GR-SEC-001)
- No PII or secrets in logs or audit metadata (GR-SEC-002) - No PII or secrets in logs or audit metadata (GR-SEC-002)