You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
audit-impl: Add hash-bound closure authority and independently verified requirements reports
Problem
audit-impl cannot activate a caller-selected frozen requirement inventory, bind it to an
independently supplied expected hash, or persist a requirement-level report whose verdict can be
independently reconstructed. Its sole runtime inventory is mutable and append-only across plan
provenance changes, and all six consuming recipes route directly on the raw LLM verdict.
The concrete #4233 closure authority has four plans and exactly REQ-001..REQ-072, but production
uses a five-plan mutable inventory containing REQ-001..REQ-083. The first 72 rows match and the
additional 11 are unauthorized. A four-plan invocation does not reset or subtract them. Therefore,
a reported GO cannot prove that #4233's exact frozen authority was audited, blocking REQ-043.
Reproduction
At #4233 feature commit ec3b9894e39e55673f3897b5309c1caf1ff724b6:
Compare the frozen inventory (72 rows, four plans, SHA-256 1a2981773ab01706d15a0cf753521e64e203fa301de0c3c13a63ff8eac29df5f) with the shared mutable
inventory (83 rows, five plans, SHA-256 a0e113849eeef1edae27e8a3232608f1fed44ba491c19db44656494e08d888ae).
The first 72 canonical rows are equal; the mutable file adds REQ-073..REQ-083.
Inspect src/autoskillit/skills_extended/audit-impl/SKILL.md: it accepts no frozen-authority
input, always reads requirements_inventory.json, and extends it on provenance mismatch.
Inspect implementation, implementation-groups, remediation, merge-prs, research, and research-implement: each routes on the raw audit skill verdict without independent report
verification.
Acceptance Criteria
Optional closure mode requires both an absolute authority path and independently supplied
lowercase SHA-256; XOR, malformed, absent, or mismatched input fails closed.
Authority, inventory, plans, diff inputs, report root, reports, and remediation artifacts are
securely opened with containment, owner/mode, symlink/hardlink, size, and pre/post metadata
checks.
Strict schemas bind the authority hash, ordered plan hashes, inventory/row hashes,
base/diff/target SHAs, canonical diff hash, and exact requirement IDs.
Closure mode consumes only the authorized inventory and never creates, extends, or consults the
shared mutable requirements_inventory.json.
Audit produces a canonical persisted report with exactly one assessment per authorized row,
hash-bound evidence, blocking extra findings, request hash, verdict, and remediation metadata.
An independent Python verifier reconstructs the request and verdict. No recipe routes on the raw
skill verdict.
Valid NO GO retains a verified remediation artifact and existing remediation behavior;
malformed or unverifiable output fails as execution error.
All six audit-consuming recipes support optional closure activation and verified routing;
ordinary non-closure behavior is unchanged.
Tests cover the 72-versus-83 occurrence, hash/schema/path attacks, ref/diff drift,
missing/duplicate/reordered rows, forged GO, report-root escape, and valid GO/NO GO routes.
pre-commit run --all-files, task test-check, and task test-all pass.
No provider routing/admission, GitHub lifecycle, merge behavior, or issue-specific hardcoding.
Dependencies
#4177 / PR #4178 is already on develop. This issue must merge into develop before #4233 can
publish and implement its final writer authority. #4185 remains parallel and matters only if a
verified closing result is NO GO and autonomous remediation must continue.
Execution Reset - 2026-07-13
The previous Driver-owned attempt is invalid and must not be resumed. It incorrectly inserted
out-of-recipe plan validators after successful dry_walkthrough steps, removed valid stamps based
on those external opinions, and repeatedly reran the same step instead of following the remediation
route to implementation. No implementation worktree, source edit, commit, or PR was produced.
The attempt's branch, clone, reports, plans, and local driver artifacts have been retired. Start one
fresh whole remediation recipe at investigate; do not reuse or reconstruct any investigation,
rectification plan, dry-walkthrough output, validator finding, or session result from that attempt.
audit-impl: Add hash-bound closure authority and independently verified requirements reports
Problem
audit-implcannot activate a caller-selected frozen requirement inventory, bind it to anindependently supplied expected hash, or persist a requirement-level report whose verdict can be
independently reconstructed. Its sole runtime inventory is mutable and append-only across plan
provenance changes, and all six consuming recipes route directly on the raw LLM verdict.
The concrete #4233 closure authority has four plans and exactly
REQ-001..REQ-072, but productionuses a five-plan mutable inventory containing
REQ-001..REQ-083. The first 72 rows match and theadditional 11 are unauthorized. A four-plan invocation does not reset or subtract them. Therefore,
a reported GO cannot prove that #4233's exact frozen authority was audited, blocking
REQ-043.Reproduction
At #4233 feature commit
ec3b9894e39e55673f3897b5309c1caf1ff724b6:1a2981773ab01706d15a0cf753521e64e203fa301de0c3c13a63ff8eac29df5f) with the shared mutableinventory (83 rows, five plans, SHA-256
a0e113849eeef1edae27e8a3232608f1fed44ba491c19db44656494e08d888ae).REQ-073..REQ-083.src/autoskillit/skills_extended/audit-impl/SKILL.md: it accepts no frozen-authorityinput, always reads
requirements_inventory.json, and extends it on provenance mismatch.implementation,implementation-groups,remediation,merge-prs,research, andresearch-implement: each routes on the raw audit skill verdict without independent reportverification.
Acceptance Criteria
lowercase SHA-256; XOR, malformed, absent, or mismatched input fails closed.
securely opened with containment, owner/mode, symlink/hardlink, size, and pre/post metadata
checks.
base/diff/target SHAs, canonical diff hash, and exact requirement IDs.
shared mutable
requirements_inventory.json.hash-bound evidence, blocking extra findings, request hash, verdict, and remediation metadata.
skill verdict.
malformed or unverifiable output fails as execution error.
ordinary non-closure behavior is unchanged.
missing/duplicate/reordered rows, forged GO, report-root escape, and valid GO/NO GO routes.
pre-commit run --all-files,task test-check, andtask test-allpass.Scope Exclusions
Dependencies
#4177 / PR #4178 is already on
develop. This issue must merge intodevelopbefore #4233 canpublish and implement its final writer authority. #4185 remains parallel and matters only if a
verified closing result is NO GO and autonomous remediation must continue.
Execution Reset - 2026-07-13
The previous Driver-owned attempt is invalid and must not be resumed. It incorrectly inserted
out-of-recipe plan validators after successful
dry_walkthroughsteps, removed valid stamps basedon those external opinions, and repeatedly reran the same step instead of following the remediation
route to implementation. No implementation worktree, source edit, commit, or PR was produced.
The attempt's branch, clone, reports, plans, and local driver artifacts have been retired. Start one
fresh whole remediation recipe at
investigate; do not reuse or reconstruct any investigation,rectification plan, dry-walkthrough output, validator finding, or session result from that attempt.