feat(caprock): add audit CLI and slash-command skills

Adds an `audit` CLI that reports which permission rules and provisions
were exercised in a given Claude session, plus SKILL.md manifests so
`audit`, `setup`, and `status` are reachable as slash commands from
Claude Code.

- `bin/audit.ts` + `scripts/audit.sh`: cross-references the transcript's
  tool uses against the session-state allow/deny lists and the in-vat
  provision ledger (via the new `listVatProvisions` RPC), and prints a
  per-tool breakdown of which standing provisions were activated.
- `skills/{audit,setup,status}/SKILL.md`: thin wrappers that invoke the
  corresponding `dist/bin/*.mjs` entry points. `setup` and `status`
  existed as scripts; this is the slash-command surface.
- `src/rpc.ts:listVatProvisions`: queries the permission-tracker vat for
  its current provisions list, decoded back to JS values.
- `package.json`: includes `skills/` in published files so the plugin
  install ships the manifests.
- `bin/hook.ts:registerSkillPermissions`: adds the `audit.sh` entry to
  the auto-registered Bash permissions.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: grypez

packages/caprock/bin/audit.ts

@@ -142,6 +142,7 @@ async function registerSkillPermissions(): Promise<void> {
   const newEntries = [
     `Bash(${versionGlob}/scripts/status.sh *)`,
     `Bash(${versionGlob}/scripts/setup.sh)`,
+    `Bash(${versionGlob}/scripts/audit.sh)`,
   ].filter((entry) => !current.includes(entry));
 
   if (newEntries.length === 0) {

packages/caprock/bin/hook.ts

@@ -29,6 +29,7 @@
     "dist/",
     "vat/",
     "hooks/",
+    "skills/",
     ".claude-plugin/"
   ],
   "scripts": {

packages/caprock/package.json

@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+PLUGIN_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+node "${PLUGIN_ROOT}/dist/bin/audit.mjs" "$@"

packages/caprock/scripts/audit.sh

@@ -0,0 +1,10 @@
+---
+description: Show which permission rules and provisions were activated by tool uses this session
+allowed-tools: Bash
+---
+
+Run the caprock audit and show the output:
+
+```bash
+node "${CLAUDE_PLUGIN_ROOT}/dist/bin/audit.mjs" "${CLAUDE_SESSION_ID}"
+```

packages/caprock/skills/audit/SKILL.md

@@ -0,0 +1,10 @@
+---
+description: Run caprock setup diagnostics — checks tree-sitter bindings, daemon connectivity, and permissions
+allowed-tools: Bash
+---
+
+Run the caprock setup diagnostic and show the output:
+
+```bash
+node "${CLAUDE_PLUGIN_ROOT}/dist/bin/setup.mjs"
+```

packages/caprock/skills/setup/SKILL.md

@@ -0,0 +1,10 @@
+---
+description: Show caprock authority tracking status and tool usage summary for this session
+allowed-tools: Bash
+---
+
+Run the caprock status report and show the output:
+
+```bash
+node "${CLAUDE_PLUGIN_ROOT}/dist/bin/status.mjs" "${CLAUDE_SESSION_ID}"
+```

packages/caprock/skills/status/SKILL.md

@@ -307,6 +307,34 @@ export async function recordProvisioned(
   await sendCommand({ socketPath, method: 'session.record', params });
 }
 
+/**
+ * Return all provisions currently stored in a permission-tracker vat.
+ *
+ * @param socketPath - The UNIX socket path.
+ * @param rootKref - The vat's root kref.
+ * @returns The list of provisions, oldest first, or an empty array on error.
+ */
+export async function listVatProvisions(
+  socketPath: string,
+  rootKref: string,
+): Promise<Provision[]> {
+  try {
+    const response = await sendCommand({
+      socketPath,
+      method: 'queueMessage',
+      params: [rootKref, 'listProvisions', []],
+      timeoutMs: 5_000,
+    });
+    if (isJsonRpcFailure(response)) {
+      return [];
+    }
+    const raw = decodeCapData(response.result as CapData);
+    return decodeSmallcapsStrings(raw) as Provision[];
+  } catch {
+    return [];
+  }
+}
+
 /**
  * Decode a CapData body to a JavaScript value.
  *