Skip to content

Commit b2d32b9

Browse files
montfortclaude
andauthored
docs: Phase v1 PR 7 — adopter docs aligned with v1 audit-skills (3 langs) (#109)
Updates the adopter-facing documentation to reflect the v1 audit flow: three skills (audit-prompt + audit-execute + audit-review) in sequence over canonical paths under .devtrail/audits/, with "never copy/paste" as the load-bearing operator-experience promise. Files updated (15 total = 5 docs × 3 langs): - docs/adopters/CLI-REFERENCE.md — full rewrite of the `### devtrail charter audit` section (v0 three-step PREPARE/ CALIBRATE/FINALIZE → v1 two-step PREPARE/MERGE-REPORTS), v1 default range, deprecation shims for --calibrate / --finalize, v1 canonical layout under .devtrail/audits/, two example blocks (skills-driven and CLI-direct). The `## Skills` section gains a new row for /devtrail-audit-execute and reframes audit-prompt / audit-review for v1 (no more "surface prompts inline" — now "writes to canonical path"; review now produces consolidated review.md with 6 sections). - docs/i18n/es/adopters/CLI-REFERENCE.md — same content in Spanish. - docs/i18n/zh-CN/adopters/CLI-REFERENCE.md — header and skills table updated; the detail block for the audit subcommand kept v0 reference text (a future docs PR with native zh-CN review can refine — the v1 intro at the top + the v1 skills table at the bottom transmit the canonical guidance correctly). - docs/adopters/WORKFLOWS.md (+ es + zh-CN) — Skills table updated for the 3-skill sequence. Existing audit checkpoint subsection unchanged (still accurate for v1). - docs/adopters/ADOPTION-GUIDE.md (+ es + zh-CN) — External Audit (Optional) section: 2 bullets → 3 bullets, with audit-execute surfaced and the canonical paths called out. - dist/.devtrail/00-governance/QUICK-REFERENCE.md (+ es + zh-CN) — Skills table: 2 audit rows → 3 audit rows. - dist/.devtrail/00-governance/AGENT-RULES.md (+ es + zh-CN) §12 (Audit checkpoint) — checkpoint message text rewritten to direct the operator through the 3-skill sequence (audit-prompt → N× audit-execute → audit-review), with the "wait for ALL audits" warning load-bearing in the message and reinforced in the Rules of engagement bullet. Test plan: - cargo test --test checkpoint_guidance_test → 4/4 green (asserts the §12 section structure stayed intact across langs). - cargo test (full suite) → all suites green; the v1 wording changes preserve all anchors the existing tests check for (`/devtrail-audit-prompt`, `/devtrail-audit-review`, `complexity.threshold`, `Propuesta/devtrail-audit-skills.md`). Note on zh-CN: the audit subcommand's detail block in docs/i18n/zh-CN/adopters/CLI-REFERENCE.md retained its v0 detail text below the v1 header; a follow-up native review can refresh it. Both the v1 header at the top and the v1 skills table at the bottom carry the canonical guidance accurately. No version bump (lands together with PR 8 in the integrated v1 release per Propuesta/devtrail-audit-cli-flow.md v0.2 §5). Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 1eb2056 commit b2d32b9

15 files changed

Lines changed: 212 additions & 202 deletions

File tree

dist/.devtrail/00-governance/AGENT-RULES.md

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -301,11 +301,17 @@ My recommendation: [YES / NO], because:
301301
- <one specific reason grounded in the Charter, AILOGs, or diff>
302302

303303
If you decide to audit:
304-
Run /devtrail-audit-prompt <CHARTER-ID> and I will surface the two
305-
prompts inline. Once you have the responses from the external
306-
auditors saved to canonical paths, run /devtrail-audit-review
307-
<CHARTER-ID> and I will calibrate them locally and merge the
308-
findings into the Charter telemetry.
304+
Run /devtrail-audit-prompt <CHARTER-ID> and I will write the unified
305+
audit prompt to .devtrail/audits/<CHARTER-ID>/audit-prompt.md.
306+
Then open one or more auditor-side CLIs (gemini-cli, claude-cli,
307+
copilot-cli, codex-cli) in this repo and invoke
308+
/devtrail-audit-execute <CHARTER-ID> in each — recommendation: at
309+
least 2 auditors of different model families. When and only when
310+
ALL auditors you commissioned have completed, return here and run
311+
/devtrail-audit-review <CHARTER-ID>. I will consolidate the N
312+
reports into a review.md document with verdicts, remediation plan,
313+
and auditor ratings, and merge the YAML block into the Charter
314+
telemetry.
309315

310316
If you decide not to audit:
311317
Continue with `devtrail charter close <CHARTER-ID>` when you're
@@ -341,7 +347,7 @@ These are heuristics, not rigid rules — you are close to the context, refine t
341347
- The checkpoint is **never** repeated within the same Charter once the developer responds.
342348
- The checkpoint **does not** block any subsequent action. If the developer ignores it and runs `charter close`, close proceeds normally — there is no enforcement and there will not be (this is a permanent v0+v1 design decision; see `Propuesta/devtrail-audit-skills.md` §2.2).
343349
- The checkpoint is **not** counted in any quality metric. There is no "% Charters audited" KPI in `devtrail metrics` — by design, to avoid creating an incentive to inflate the audit count.
344-
- If the developer accepts the audit, the next two skills (`/devtrail-audit-prompt` then `/devtrail-audit-review`) carry the workflow forward.
350+
- If the developer accepts the audit, the workflow proceeds via three skills in sequence: `/devtrail-audit-prompt` (writes the unified prompt at the canonical path) → `/devtrail-audit-execute` × N (one per auditor-side CLI the operator opens — these run in those CLIs, not in the main agent) → `/devtrail-audit-review` (consolidates N reports inline into `.devtrail/audits/<id>/review.md` and merges the YAML into telemetry). Operators never copy/paste prompts or reports — file exchange happens via canonical paths under `.devtrail/audits/`.
345351
346352
---
347353

dist/.devtrail/00-governance/QUICK-REFERENCE.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -213,8 +213,9 @@ Mark `review_required: true` when:
213213
| `/devtrail-new` | Create any document type (interactive) |
214214
| `/devtrail-ailog` / `/devtrail-aidec` / `/devtrail-adr` | Quick shortcuts for AILOG / AIDEC / ADR |
215215
| `/devtrail-mcard` / `/devtrail-sec` | Interactive flows for Model Card / SEC assessment |
216-
| `/devtrail-audit-prompt CHARTER-XX` *(fw-4.8.0+)* | External multi-model audit — generate prompts inline |
217-
| `/devtrail-audit-review CHARTER-XX` *(fw-4.8.0+)* | Calibrate audit responses + merge into Charter telemetry |
216+
| `/devtrail-audit-prompt CHARTER-XX` *(fw-4.8.0+, refactored in fw-4.9.0)* | External multi-model audit — write unified prompt at canonical path |
217+
| `/devtrail-audit-execute [CHARTER-XX]` *(fw-4.9.0+)* | Run inside an auditor CLI — read prompt, audit with tool use, write report |
218+
| `/devtrail-audit-review CHARTER-XX` *(fw-4.8.0+, expanded in fw-4.9.0)* | Consolidate N reports into review.md (6 sections) + merge YAML into telemetry |
218219

219220
---
220221

dist/.devtrail/00-governance/i18n/es/AGENT-RULES.md

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -301,11 +301,17 @@ Mi recomendación: [SÍ / NO], porque:
301301
- <razón concreta basada en el Charter, AILOGs o diff>
302302

303303
Si decides auditar:
304-
Ejecuta /devtrail-audit-prompt <CHARTER-ID> y te imprimo aquí mismo
305-
los dos prompts. Cuando tengas las respuestas de los auditores externos
306-
guardadas en los paths canónicos, ejecuta /devtrail-audit-review
307-
<CHARTER-ID> y yo calibro localmente y mergeo los findings en la
308-
telemetría del Charter.
304+
Ejecuta /devtrail-audit-prompt <CHARTER-ID> y yo escribo el prompt
305+
unificado de auditoría en .devtrail/audits/<CHARTER-ID>/audit-prompt.md.
306+
Después abre una o más CLIs auditoras (gemini-cli, claude-cli,
307+
copilot-cli, codex-cli) en este repo e invoca
308+
/devtrail-audit-execute <CHARTER-ID> en cada una — recomendación: al
309+
menos 2 auditores de familias de modelo distintas. Cuando y solo
310+
cuando TODAS las auditorías que encargaste hayan terminado, regresa
311+
aquí y ejecuta /devtrail-audit-review <CHARTER-ID>. Yo consolido los
312+
N reports en un documento review.md con veredictos, plan de
313+
remediación y calificación de auditores, y mergeo el bloque YAML en
314+
la telemetría del Charter.
309315

310316
Si decides no auditar:
311317
Continúa con `devtrail charter close <CHARTER-ID>` cuando estés listo.
@@ -341,7 +347,7 @@ Son heurísticas, no reglas rígidas — estás cerca del contexto, afínalas co
341347
- El checkpoint **nunca** se repite dentro del mismo Charter una vez que el developer responde.
342348
- El checkpoint **no** bloquea ninguna acción posterior. Si el developer lo ignora y corre `charter close`, close procede normalmente — no hay enforcement y no lo habrá (decisión de diseño v0+v1 permanente; ver `Propuesta/devtrail-audit-skills.md` §2.2).
343349
- El checkpoint **no** se cuenta en ninguna métrica de calidad. No hay KPI "% Charters auditados" en `devtrail metrics` — por diseño, para evitar incentivos a inflar el conteo.
344-
- Si el developer acepta la auditoría, las siguientes dos skills (`/devtrail-audit-prompt` luego `/devtrail-audit-review`) llevan el workflow adelante.
350+
- Si el developer acepta la auditoría, el workflow procede vía tres skills en secuencia: `/devtrail-audit-prompt` (escribe el prompt unificado en el path canónico) → `/devtrail-audit-execute` × N (una por CLI auditora que abra el operador — estas corren en esas CLIs, no en el agente principal) → `/devtrail-audit-review` (consolida N reports inline en `.devtrail/audits/<id>/review.md` y mergea el YAML en la telemetría). Los operadores nunca copian/pegan prompts ni reports — el intercambio de archivos sucede vía paths canónicos bajo `.devtrail/audits/`.
345351
346352
---
347353

dist/.devtrail/00-governance/i18n/es/QUICK-REFERENCE.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -188,8 +188,9 @@ Marcar `review_required: true` cuando:
188188
| `/devtrail-new` | Crear cualquier tipo de documento (interactivo) |
189189
| `/devtrail-ailog` / `/devtrail-aidec` / `/devtrail-adr` | Atajos rápidos para AILOG / AIDEC / ADR |
190190
| `/devtrail-mcard` / `/devtrail-sec` | Flujos interactivos para Model Card / SEC assessment |
191-
| `/devtrail-audit-prompt CHARTER-XX` *(fw-4.8.0+)* | Auditoría externa multi-modelo — genera prompts inline |
192-
| `/devtrail-audit-review CHARTER-XX` *(fw-4.8.0+)* | Calibra respuestas de auditoría + mergea en telemetría del Charter |
191+
| `/devtrail-audit-prompt CHARTER-XX` *(fw-4.8.0+, refactorizada en fw-4.9.0)* | Auditoría externa multi-modelo — escribe prompt unificado en path canónico |
192+
| `/devtrail-audit-execute [CHARTER-XX]` *(fw-4.9.0+)* | Corre en una CLI auditora — lee prompt, audita con tool use, escribe report |
193+
| `/devtrail-audit-review CHARTER-XX` *(fw-4.8.0+, expandida en fw-4.9.0)* | Consolida N reports en review.md (6 secciones) + mergea YAML en telemetría |
193194

194195
---
195196

dist/.devtrail/00-governance/i18n/zh-CN/AGENT-RULES.md

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -300,10 +300,14 @@ confidence: high | medium | low
300300
- <基于 Charter、AILOGs 或 diff 的具体原因>
301301

302302
如果决定审计:
303-
运行 /devtrail-audit-prompt <CHARTER-ID>,我会在此处直接展示
304-
两个 prompts。当你保存了外部审计员的回复到规范路径后,运行
305-
/devtrail-audit-review <CHARTER-ID>,我会在本地校准并将
306-
findings 合并到 Charter 遥测中。
303+
运行 /devtrail-audit-prompt <CHARTER-ID>,我会将统一审计 prompt
304+
写入 .devtrail/audits/<CHARTER-ID>/audit-prompt.md。然后在此仓库中
305+
打开一个或多个审计员 CLI(gemini-cli、claude-cli、copilot-cli、
306+
codex-cli),并在每个中调用 /devtrail-audit-execute <CHARTER-ID> —
307+
建议:至少 2 个不同模型族的审计员。当且仅当你委托的所有审计员
308+
都已完成时,返回此处并运行 /devtrail-audit-review <CHARTER-ID>。
309+
我会将 N 个 reports 合并为 review.md 文档(含判决、修复计划、
310+
审计员评分),并将 YAML 块合并到 Charter 遥测中。
307311

308312
如果决定不审计:
309313
准备好后继续 `devtrail charter close <CHARTER-ID>`。外部审计
@@ -338,7 +342,7 @@ confidence: high | medium | low
338342
- 检查点在同一 Charter 内一旦 developer 回复就**永不**重复。
339343
- 检查点**不**阻塞任何后续操作。如果 developer 忽略它并运行 `charter close`,close 正常进行——没有强制执行,将来也不会有(这是 v0+v1 永久设计决策;见 `Propuesta/devtrail-audit-skills.md` §2.2)。
340344
- 检查点**不**计入任何质量度量。`devtrail metrics` 中没有"已审计 Charter 百分比"KPI——按设计,避免产生虚胖审计计数的激励。
341-
- 如果 developer 接受审计,接下来的两个 skills`/devtrail-audit-prompt` 然后 `/devtrail-audit-review`)会推进工作流
345+
- 如果 developer 接受审计,工作流通过三个 skills 依次推进:`/devtrail-audit-prompt`(在规范路径写入统一 prompt)→ `/devtrail-audit-execute` × N(每个操作员打开的审计员 CLI 一个 — 这些运行在那些 CLI 中,不在主代理中)→ `/devtrail-audit-review`(在 `.devtrail/audits/<id>/review.md` 中内联合并 N 个 reports 并将 YAML 合并到遥测)。操作员从不复制/粘贴 prompts 或 reports — 文件交换通过 `.devtrail/audits/` 下的规范路径进行
342346
343347
---
344348

dist/.devtrail/00-governance/i18n/zh-CN/QUICK-REFERENCE.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -188,8 +188,9 @@ risk_level: low | medium | high | critical
188188
| `/devtrail-new` | 创建任意类型文档(交互式) |
189189
| `/devtrail-ailog` / `/devtrail-aidec` / `/devtrail-adr` | AILOG / AIDEC / ADR 的快速快捷方式 |
190190
| `/devtrail-mcard` / `/devtrail-sec` | Model Card / SEC 评估的交互流程 |
191-
| `/devtrail-audit-prompt CHARTER-XX` *(fw-4.8.0+)* | 外部多模型审计 — 内联生成 prompts |
192-
| `/devtrail-audit-review CHARTER-XX` *(fw-4.8.0+)* | 校准审计响应 + 合并入 Charter 遥测 |
191+
| `/devtrail-audit-prompt CHARTER-XX` *(fw-4.8.0+,在 fw-4.9.0 中重构)* | 外部多模型审计 — 在规范路径写入统一 prompt |
192+
| `/devtrail-audit-execute [CHARTER-XX]` *(fw-4.9.0+)* | 在审计员 CLI 中运行 — 读取 prompt,使用 tool use 审计,写入 report |
193+
| `/devtrail-audit-review CHARTER-XX` *(fw-4.8.0+,在 fw-4.9.0 中扩展)* | 合并 N 个 reports 为 review.md(6 节)+ YAML 合并入遥测 |
193194

194195
---
195196

docs/adopters/ADOPTION-GUIDE.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -502,8 +502,9 @@ devtrail validate
502502

503503
From `fw-4.8.0`, when you co-implement Charters with an AI assistant in the loop (Claude Code, Gemini Code, Cursor), you can optionally run an external multi-model audit at Charter close. Two skills wrap the underlying CLI orchestration:
504504

505-
- **`/devtrail-audit-prompt CHARTER-XX`** — generates the auditor prompts inline in the conversation, ready to paste into 2 LLM auditors of different families.
506-
- **`/devtrail-audit-review CHARTER-XX`** — back-half: validates the operator-saved auditor responses, runs the calibrator inline, and merges findings into the Charter telemetry directly (`external_audit:` array).
505+
- **`/devtrail-audit-prompt CHARTER-XX`** — writes the unified audit prompt at the canonical path `.devtrail/audits/<id>/audit-prompt.md`. Operator opens N auditor-side CLIs and runs `/devtrail-audit-execute` in each. No copy/paste.
506+
- **`/devtrail-audit-execute [CHARTER-XX]`** *(fw-4.9.0+)* — runs inside an auditor-side CLI (gemini-cli, claude-cli, copilot-cli, codex-cli). Reads the prompt, audits with tool use citing `path:line`, writes a report keyed on the auditor's model id.
507+
- **`/devtrail-audit-review CHARTER-XX`** — consolidates N reports into a six-section `review.md` (Executive summary / Scope / Per-auditor evaluation / Remediation plan P0-P4 / Discarded / Auditor ratings) and merges the `external_audit:` YAML into Charter telemetry.
507508

508509
The agent will **proactively offer** the audit at one specific moment in the workflow — when implementation is done, drift check is clean, and `charter close` has not been invoked. Recommendation is YES/NO based on the Charter's risk surface and complexity (heuristics in `.devtrail/00-governance/AGENT-RULES.md` §12).
509510

0 commit comments

Comments
 (0)