forked from fa/breadcrumb-the-shire
docs: fix guard count drift in CLAUDE.md, README, and workflow
Update security guard references from 9 to 10 (GR-SEC-010 was missing), code reviewer guards from 13 to 17 (new GR-CORE-LAYERS, GR-CORE-MODULE, GR-CORE-META, GR-UI-TAXONOMY), and total guard count from 22 to 27. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -9,7 +9,7 @@ workflow.md ← Roles, state machine, handover rules (start here)
|
||||
contracts/ ← JSON schemas for role outputs (7 roles)
|
||||
templates/ ← Starter JSON payloads per role (7 templates)
|
||||
prompts/ ← Role-specific prompt baselines (7 prompts)
|
||||
checks/ ← Guard catalog (22 guards), quality gates (9), checklists
|
||||
checks/ ← Guard catalog (27 guards), quality gates (9), checklists
|
||||
← Enforcement policy + guard enforcement map
|
||||
skills/ ← Reusable skill packages (guardrails, planner, grid, PHP CI)
|
||||
runs/ ← Runtime artifacts per workflow run (gitignored)
|
||||
@@ -22,8 +22,8 @@ runs/ ← Runtime artifacts per workflow run (gitignored)
|
||||
| 1 | Analyst | `analysis.json` | — |
|
||||
| 2 | Planner | `plan.json` | selects guards |
|
||||
| 3 | Executor | `execution-report.json` | provides evidence |
|
||||
| 4 | Code Reviewer | `review-code.json` | 13 guards (GR-CORE/TEST/UI) |
|
||||
| 5 | Security Reviewer | `review-security.json` | 9 guards (GR-SEC) |
|
||||
| 4 | Code Reviewer | `review-code.json` | 17 guards (GR-CORE/TEST/UI) |
|
||||
| 5 | Security Reviewer | `review-security.json` | 10 guards (GR-SEC) |
|
||||
| 6 | Acceptance Tester | `review-acceptance.json` | SC-* criteria |
|
||||
| 7 | Finalizer | `finalize.json` | all reviews + CI |
|
||||
|
||||
@@ -32,7 +32,7 @@ runs/ ← Runtime artifacts per workflow run (gitignored)
|
||||
| What | Where |
|
||||
|---|---|
|
||||
| Workflow & roles | `workflow.md` |
|
||||
| Guard catalog (22 guards) | `checks/guard-catalog.json` |
|
||||
| Guard catalog (27 guards) | `checks/guard-catalog.json` |
|
||||
| Quality gates (9 gates) | `checks/quality-gates.json` |
|
||||
| Enforcement policy | `checks/enforcement-policy.json` |
|
||||
| Guard enforcement map | `checks/guard-enforcement-map.json` |
|
||||
|
||||
@@ -20,7 +20,7 @@ Primary goals:
|
||||
- Fast retry loop from reviewers back to executor
|
||||
|
||||
Source of truth:
|
||||
- Guard catalog (22 guards): `.agents/checks/guard-catalog.json`
|
||||
- Guard catalog (27 guards): `.agents/checks/guard-catalog.json`
|
||||
- Quality gates (9 gates): `.agents/checks/quality-gates.json`
|
||||
- Enforcement policy (workflow trigger + gate enforcement): `.agents/checks/enforcement-policy.json`
|
||||
- Guard enforcement map (guard -> automated/hybrid/reviewer evidence): `.agents/checks/guard-enforcement-map.json`
|
||||
@@ -50,7 +50,7 @@ Source of truth:
|
||||
### Code Reviewer
|
||||
- **Input:** code diff + `execution-report.json`
|
||||
- **Output:** `review-code.json` (see `.agents/contracts/reviewer-code.schema.json`)
|
||||
- Scope: architecture, conventions, testing, UI standards (13 guards)
|
||||
- Scope: architecture, conventions, testing, UI standards (17 guards)
|
||||
- Guards: `GR-CORE-*`, `GR-TEST-*`, `GR-UI-*`
|
||||
|
||||
### Security Reviewer
|
||||
@@ -118,9 +118,9 @@ No free-text "please improve". Every fail must include:
|
||||
|
||||
Guards are split by reviewer role (see `reviewer` field in guard-catalog.json):
|
||||
|
||||
**Code Reviewer** (13 guards): GR-CORE-003, GR-CORE-007, GR-CORE-010, GR-CORE-011, GR-CORE-012, GR-TEST-001, GR-TEST-002, GR-UI-014, GR-UI-LIST, GR-UI-DETAIL, GR-UI-A11Y, GR-UI-I18N, GR-UI-REUSE
|
||||
**Code Reviewer** (17 guards): GR-CORE-003, GR-CORE-007, GR-CORE-010, GR-CORE-011, GR-CORE-012, GR-CORE-LAYERS, GR-CORE-MODULE, GR-CORE-META, GR-TEST-001, GR-TEST-002, GR-UI-014, GR-UI-LIST, GR-UI-DETAIL, GR-UI-A11Y, GR-UI-I18N, GR-UI-REUSE, GR-UI-TAXONOMY
|
||||
|
||||
**Security Reviewer** (9 guards): GR-SEC-001 through GR-SEC-009
|
||||
**Security Reviewer** (10 guards): GR-SEC-001 through GR-SEC-010
|
||||
|
||||
## What automated tests already enforce
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ All guard IDs (GR-\*) and gate IDs (QG-\*) from `.agents/checks/` are **binding
|
||||
|
||||
- **Full workflow trigger is risk-based** and defined in `.agents/checks/enforcement-policy.json` (`full_workflow_required_when`). Matching changes MUST follow `.agents/workflow.md` (Analyst → Planner → Executor → Reviewers → Finalizer). Read `.agents/README.md` and the relevant role prompt in `.agents/prompts/` before starting.
|
||||
- **Quick fixes** may skip full workflow only if they match `.agents/checks/enforcement-policy.json` (`quick_fix_allowlist`) and still pass required gates.
|
||||
- **New modules** MUST conform to `.agents/contracts/module-manifest.schema.json` and pass all 9 security guards (GR-SEC-001 through GR-SEC-009).
|
||||
- **New modules** MUST conform to `.agents/contracts/module-manifest.schema.json` and pass all 10 security guards (GR-SEC-001 through GR-SEC-010).
|
||||
|
||||
Full workflow definition: `.agents/workflow.md` | Guard catalog: `.agents/checks/guard-catalog.json` | Enforcement policy: `.agents/checks/enforcement-policy.json` | Guard enforcement map: `.agents/checks/guard-enforcement-map.json` | Skills: `.agents/skills/`
|
||||
|
||||
@@ -192,7 +192,7 @@ docker/ # Dockerfiles, Nginx configs, PHP configs
|
||||
|
||||
## Security (non-negotiable)
|
||||
|
||||
These rules are enforced by guards GR-SEC-001 through GR-SEC-009 in `.agents/checks/guard-catalog.json`. Any violation is a blocking finding.
|
||||
These rules are enforced by guards GR-SEC-001 through GR-SEC-010 in `.agents/checks/guard-catalog.json`. Any violation is a blocking finding.
|
||||
|
||||
- CSRF token verified on every POST (GR-SEC-001)
|
||||
- No PII or secrets in logs or audit metadata (GR-SEC-002)
|
||||
|
||||
Reference in New Issue
Block a user