From 5f156661fd18b0d4525c622a795eb0c4d046743c Mon Sep 17 00:00:00 2001 From: fs Date: Mon, 13 Apr 2026 20:50:24 +0200 Subject: [PATCH] docs: fix guard count drift in CLAUDE.md, README, and workflow Update security guard references from 9 to 10 (GR-SEC-010 was missing), code reviewer guards from 13 to 17 (new GR-CORE-LAYERS, GR-CORE-MODULE, GR-CORE-META, GR-UI-TAXONOMY), and total guard count from 22 to 27. Co-Authored-By: Claude Opus 4.6 --- .agents/README.md | 8 ++++---- .agents/workflow.md | 8 ++++---- CLAUDE.md | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.agents/README.md b/.agents/README.md index 68b12d0..add92dc 100644 --- a/.agents/README.md +++ b/.agents/README.md @@ -9,7 +9,7 @@ workflow.md ← Roles, state machine, handover rules (start here) contracts/ ← JSON schemas for role outputs (7 roles) templates/ ← Starter JSON payloads per role (7 templates) prompts/ ← Role-specific prompt baselines (7 prompts) -checks/ ← Guard catalog (22 guards), quality gates (9), checklists +checks/ ← Guard catalog (27 guards), quality gates (9), checklists ← Enforcement policy + guard enforcement map skills/ ← Reusable skill packages (guardrails, planner, grid, PHP CI) runs/ ← Runtime artifacts per workflow run (gitignored) @@ -22,8 +22,8 @@ runs/ ← Runtime artifacts per workflow run (gitignored) | 1 | Analyst | `analysis.json` | — | | 2 | Planner | `plan.json` | selects guards | | 3 | Executor | `execution-report.json` | provides evidence | -| 4 | Code Reviewer | `review-code.json` | 13 guards (GR-CORE/TEST/UI) | -| 5 | Security Reviewer | `review-security.json` | 9 guards (GR-SEC) | +| 4 | Code Reviewer | `review-code.json` | 17 guards (GR-CORE/TEST/UI) | +| 5 | Security Reviewer | `review-security.json` | 10 guards (GR-SEC) | | 6 | Acceptance Tester | `review-acceptance.json` | SC-* criteria | | 7 | Finalizer | `finalize.json` | all reviews + CI | @@ -32,7 +32,7 @@ runs/ ← Runtime artifacts per workflow run (gitignored) | What | Where | |---|---| | Workflow & roles | `workflow.md` | -| Guard catalog (22 guards) | `checks/guard-catalog.json` | +| Guard catalog (27 guards) | `checks/guard-catalog.json` | | Quality gates (9 gates) | `checks/quality-gates.json` | | Enforcement policy | `checks/enforcement-policy.json` | | Guard enforcement map | `checks/guard-enforcement-map.json` | diff --git a/.agents/workflow.md b/.agents/workflow.md index 0b3f943..0240b47 100644 --- a/.agents/workflow.md +++ b/.agents/workflow.md @@ -20,7 +20,7 @@ Primary goals: - Fast retry loop from reviewers back to executor Source of truth: -- Guard catalog (22 guards): `.agents/checks/guard-catalog.json` +- Guard catalog (27 guards): `.agents/checks/guard-catalog.json` - Quality gates (9 gates): `.agents/checks/quality-gates.json` - Enforcement policy (workflow trigger + gate enforcement): `.agents/checks/enforcement-policy.json` - Guard enforcement map (guard -> automated/hybrid/reviewer evidence): `.agents/checks/guard-enforcement-map.json` @@ -50,7 +50,7 @@ Source of truth: ### Code Reviewer - **Input:** code diff + `execution-report.json` - **Output:** `review-code.json` (see `.agents/contracts/reviewer-code.schema.json`) -- Scope: architecture, conventions, testing, UI standards (13 guards) +- Scope: architecture, conventions, testing, UI standards (17 guards) - Guards: `GR-CORE-*`, `GR-TEST-*`, `GR-UI-*` ### Security Reviewer @@ -118,9 +118,9 @@ No free-text "please improve". Every fail must include: Guards are split by reviewer role (see `reviewer` field in guard-catalog.json): -**Code Reviewer** (13 guards): GR-CORE-003, GR-CORE-007, GR-CORE-010, GR-CORE-011, GR-CORE-012, GR-TEST-001, GR-TEST-002, GR-UI-014, GR-UI-LIST, GR-UI-DETAIL, GR-UI-A11Y, GR-UI-I18N, GR-UI-REUSE +**Code Reviewer** (17 guards): GR-CORE-003, GR-CORE-007, GR-CORE-010, GR-CORE-011, GR-CORE-012, GR-CORE-LAYERS, GR-CORE-MODULE, GR-CORE-META, GR-TEST-001, GR-TEST-002, GR-UI-014, GR-UI-LIST, GR-UI-DETAIL, GR-UI-A11Y, GR-UI-I18N, GR-UI-REUSE, GR-UI-TAXONOMY -**Security Reviewer** (9 guards): GR-SEC-001 through GR-SEC-009 +**Security Reviewer** (10 guards): GR-SEC-001 through GR-SEC-010 ## What automated tests already enforce diff --git a/CLAUDE.md b/CLAUDE.md index 6e014ab..e7d13a3 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -8,7 +8,7 @@ All guard IDs (GR-\*) and gate IDs (QG-\*) from `.agents/checks/` are **binding - **Full workflow trigger is risk-based** and defined in `.agents/checks/enforcement-policy.json` (`full_workflow_required_when`). Matching changes MUST follow `.agents/workflow.md` (Analyst → Planner → Executor → Reviewers → Finalizer). Read `.agents/README.md` and the relevant role prompt in `.agents/prompts/` before starting. - **Quick fixes** may skip full workflow only if they match `.agents/checks/enforcement-policy.json` (`quick_fix_allowlist`) and still pass required gates. -- **New modules** MUST conform to `.agents/contracts/module-manifest.schema.json` and pass all 9 security guards (GR-SEC-001 through GR-SEC-009). +- **New modules** MUST conform to `.agents/contracts/module-manifest.schema.json` and pass all 10 security guards (GR-SEC-001 through GR-SEC-010). Full workflow definition: `.agents/workflow.md` | Guard catalog: `.agents/checks/guard-catalog.json` | Enforcement policy: `.agents/checks/enforcement-policy.json` | Guard enforcement map: `.agents/checks/guard-enforcement-map.json` | Skills: `.agents/skills/` @@ -192,7 +192,7 @@ docker/ # Dockerfiles, Nginx configs, PHP configs ## Security (non-negotiable) -These rules are enforced by guards GR-SEC-001 through GR-SEC-009 in `.agents/checks/guard-catalog.json`. Any violation is a blocking finding. +These rules are enforced by guards GR-SEC-001 through GR-SEC-010 in `.agents/checks/guard-catalog.json`. Any violation is a blocking finding. - CSRF token verified on every POST (GR-SEC-001) - No PII or secrets in logs or audit metadata (GR-SEC-002)