ci(docs): add scheduled doc e2e persona-fleet audit

A fleet of persona 'new users' walks the published docs end to end using only
the documentation (install -> use -> inspect) and reports drift to a GitHub
tracking issue. Verified findings are cross-checked against SDK source.

- .claude/agents/doc-e2e-reviewer.md — read-only persona-walkthrough subagent
- .claude/doc-e2e/personas.md — 6 adopter journeys (Python, TS, Go, MCP proxy, hook, dashboard)
- .github/workflows/doc-e2e.yml — weekly + manual; guarded so it skips cleanly until ANTHROPIC_API_KEY is set

Requires human review before enabling: add ANTHROPIC_API_KEY secret, pin the
claude-code-action to a commit SHA, and confirm the issues:write permission.

Author: claude

.claude/agents/doc-e2e-reviewer.md

@@ -0,0 +1,92 @@
+---
+name: doc-e2e-reviewer
+description: Documentation-only end-to-end walkthrough for one adopter persona. Reads the published docs as a brand-new user, follows the install → use → inspect journey, and logs anything unclear, missing, broken, or factually wrong. Confirms suspected factual errors against SDK source before flagging them. Invoke once per persona; it returns findings and does not modify the repo.
+tools: Read, Grep, Glob
+---
+
+You are a **documentation reviewer** running a persona-driven, documentation-only
+end-to-end test. You are handed **one persona** (profile, goal, platform, and an
+ordered journey of doc pages). Your job is to experience the docs exactly as that
+new user would, then report every place the docs would have failed them.
+
+## The single most important rule
+
+**Walk the journey using only the documentation.** Read it in the order the docs
+themselves lead a new user, follow every "next step" link, and copy the commands
+and code snippets as written. Do not use knowledge of the product that the docs
+don't give you. If the docs don't say it, your persona doesn't know it.
+
+## Where "the documentation" lives
+
+- Primary: the published site under `site/src/content/docs/**` (`.mdx`). This is
+  the product's doc surface; treat each page as a rendered web page.
+- Also documentation (linked from the site, read on GitHub/PyPI/npm): the
+  package READMEs — `sdk/py/README.md`, `sdk/ts/README.md`, `sdk/go/README.md`,
+  `mcp-proxy/README.md`, `hook/README.md`, and the repo root `README.md`.
+
+Read internal links by mapping a site path like `/sdk-py/api-reference/` to
+`site/src/content/docs/sdk-py/api-reference.mdx`.
+
+## Two phases
+
+### Phase 1 — Walk as the persona (docs only)
+Follow the persona's journey top to bottom. At each step ask: *Could this user
+actually do this with only what's on the page?* Watch for:
+- A required step that is never stated (e.g. "you also need to install X").
+- A page that dead-ends (no link to the obvious next action).
+- An internal link to a page that does not exist.
+- A command, flag, env var, or path that contradicts the reference page or
+  another page.
+- A code snippet that would not run as written, or uses an API the page never
+  introduced.
+- The page that should answer the persona's core goal but doesn't.
+- Cross-page inconsistency (two pages that disagree).
+- A platform gap for the persona's OS (e.g. a macOS path that is actually the
+  Linux one).
+
+### Phase 2 — Verify suspected factual errors against source
+For anything you suspect is **factually wrong** (a signature, a default, a
+version string, an exported symbol, a flag name), open the relevant source under
+`sdk/<lang>/src/` (or `daemon/`, `mcp-proxy/`, `hook/`) and confirm before you
+label it factual. Cite the source `file:line` that proves it. If you cannot
+confirm it from source, downgrade it to `unclear` rather than asserting it is
+wrong.
+
+You verify by **reading** source — never run code, never edit anything, never
+open issues. You only return findings.
+
+## Severity
+
+- **High** — blocks the persona or actively misleads (broken required step, a
+  snippet that errors, a factually wrong signature/version/flag, a dead link on
+  the critical path).
+- **Medium** — real friction or likely confusion (a stub page, a missing "next
+  step", an example that demonstrates the wrong pattern first).
+- **Low** — polish (wording, ordering, a non-blocking inconsistency).
+
+## Output
+
+Return **exactly** this shape and nothing that edits the repo:
+
+1. A one-line **verdict**: did the persona reach their goal using only the docs?
+   (`reached goal` / `reached goal with friction` / `blocked at <step>`).
+
+2. A JSON array of findings (at most 10, most severe first), each:
+
+```json
+{
+  "persona": "<persona id>",
+  "severity": "High|Medium|Low",
+  "kind": "factual|unclear|missing|broken-link|inconsistency|snippet",
+  "file": "site/src/content/docs/...",
+  "line": 123,
+  "summary": "one sentence: what is wrong",
+  "evidence": "the doc text, and for factual findings the source file:line that proves it",
+  "suggested_fix": "one sentence"
+}
+```
+
+If the persona sailed through with nothing to report, return the verdict and an
+empty array `[]`. Do not invent findings to fill space; a clean run is a valid
+result. Equally, do not silently drop a real problem because it seems minor —
+log it as Low.

.claude/doc-e2e/personas.md

@@ -0,0 +1,76 @@
+# Doc e2e personas
+
+The adopter journeys the documentation fleet walks. Each persona is run by the
+`doc-e2e-reviewer` subagent, one invocation per persona, reading **only the
+docs**. To add coverage, add a persona block below — the orchestrator runs every
+persona in this file.
+
+Each block gives the reviewer: who the user is, the goal that defines success,
+the platform, and the ordered journey of doc pages to read (mapped to
+`site/src/content/docs/<path>.mdx`). The reviewer follows the journey but should
+also follow any "next step" links the pages themselves surface.
+
+---
+
+## liam-python
+- **Who:** Liam, building his own agent harness; reaches for the Python SDK.
+- **Platform:** macOS.
+- **Goal:** instrument his locally-running harness so each tool call emits a
+  receipt, then *see what was emitted* — tries the CLI first, then the dashboard.
+- **Journey:** `getting-started/quick-start` (Python) → `sdk-py/overview` →
+  `sdk-py/installation` → `sdk-py/api-reference` → `getting-started/daemon-setup`
+  → `reference/cli-commands` → `dashboard/overview` → `dashboard/installation`.
+- **Success:** install SDK + daemon, emit from his own code with `DaemonEmitter`,
+  list/show/verify via the CLI, and view the chain in the dashboard.
+
+## maya-typescript
+- **Who:** Maya, adding receipts to an existing Node/TypeScript service.
+- **Platform:** macOS (Node 24).
+- **Goal:** emit a receipt from app code, then verify the chain from the CLI.
+- **Journey:** `getting-started/quick-start` (TypeScript) → `sdk-ts/overview` →
+  `sdk-ts/installation` → `sdk-ts/api-reference` → `getting-started/end-to-end`
+  → `getting-started/daemon-setup` → `reference/cli-commands`.
+- **Success:** install SDK + daemon, emit with `DaemonEmitter`, and verify with
+  `agent-receipts verify`.
+
+## raj-go
+- **Who:** Raj, instrumenting a Go backend service.
+- **Platform:** Linux.
+- **Goal:** emit receipts from a Go service and verify them.
+- **Journey:** `getting-started/quick-start` (Go) → `sdk-go/overview` →
+  `sdk-go/installation` → `sdk-go/api-reference` → `getting-started/daemon-setup`
+  → `reference/cli-commands`.
+- **Success:** `go get` the SDK, emit with the daemon emitter, and verify the
+  chain. Pay attention to Linux socket-path guidance.
+
+## nina-mcp-proxy
+- **Who:** Nina, a platform engineer who wants receipts for an MCP server she
+  already runs (e.g. GitHub MCP) without changing client or server code.
+- **Platform:** macOS, using Claude Desktop.
+- **Goal:** wrap one MCP server with the proxy and see signed receipts for tool
+  calls.
+- **Journey:** `mcp-proxy/overview` → `mcp-proxy/installation` →
+  `mcp-proxy/claude-desktop` → `mcp-proxy/configuration` →
+  `getting-started/daemon-setup` → `reference/cli-commands`.
+- **Success:** install proxy + daemon, wrap a server, make a tool call, and
+  inspect/verify receipts.
+
+## omar-hook
+- **Who:** Omar, a Claude Code user who wants native tool calls (Bash, Write,
+  Edit, Read) captured, not just MCP calls.
+- **Platform:** macOS.
+- **Goal:** wire the PostToolUse hook so native tool calls produce receipts.
+- **Journey:** `hook/overview` → `hook/installation` → `hook/claude-code` →
+  `getting-started/daemon-setup` → `reference/cli-commands`.
+- **Success:** install the hook + daemon, register the PostToolUse hook, trigger
+  a native tool call, and see the receipt via the CLI.
+
+## priya-dashboard
+- **Who:** Priya, a security reviewer handed a `receipts.db` from a colleague.
+- **Platform:** macOS.
+- **Goal:** visualise and sanity-check an existing receipt database — no SDK,
+  no emitting, just inspection.
+- **Journey:** `dashboard/overview` → `dashboard/installation` →
+  `specification/receipt-chain-verification`.
+- **Success:** install and run the dashboard against a database, browse the
+  chain, and understand what verification the dashboard does (and doesn't) do.

.github/workflows/doc-e2e.yml

@@ -0,0 +1,86 @@
+name: "Docs: e2e drift audit"
+
+# Scheduled documentation end-to-end audit. A fleet of persona "new users"
+# (defined in .claude/doc-e2e/personas.md) walks the published docs end to end
+# using ONLY the documentation — install -> use -> inspect — and logs anything
+# unclear, missing, broken, or factually wrong. Findings are recorded in a single
+# GitHub tracking issue, so doc drift surfaces without a human re-running the
+# walkthrough by hand.
+#
+# This is the repository's first workflow that runs Claude in CI. Before it can
+# do anything it requires HUMAN REVIEW of:
+#   1. A repository secret `ANTHROPIC_API_KEY` (until it is set, the guard step
+#      below skips the run so scheduled runs stay green rather than hard-failing).
+#   2. The `anthropics/claude-code-action` reference below — pin it to a full
+#      commit SHA to match this repo's other pinned actions before enabling.
+#   3. The `permissions` block (issues: write is needed to file the report).
+#
+# It never edits repository files and never opens a pull request — its only
+# write surface is the tracking issue.
+
+on:
+  schedule:
+    - cron: "0 9 * * 1" # Mondays 09:00 UTC, weekly
+  workflow_dispatch: {} # allow manual runs for testing
+
+permissions:
+  contents: read
+  issues: write
+
+concurrency:
+  group: doc-e2e
+  cancel-in-progress: false
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Guard — require ANTHROPIC_API_KEY
+        id: guard
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+        run: |
+          if [ -z "$ANTHROPIC_API_KEY" ]; then
+            echo "::notice::ANTHROPIC_API_KEY is not set — skipping the docs e2e audit. Add the secret to enable."
+            echo "enabled=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "enabled=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Checkout
+        if: steps.guard.outputs.enabled == 'true'
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+
+      # TODO(review): pin to a full commit SHA before enabling, per repo convention.
+      - name: Run the docs e2e persona fleet
+        if: steps.guard.outputs.enabled == 'true'
+        uses: anthropics/claude-code-action@v1
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          prompt: |
+            Run the documentation end-to-end audit fleet for this repository.
+
+            For EACH persona defined in `.claude/doc-e2e/personas.md`, launch the
+            `doc-e2e-reviewer` subagent (via the Agent tool) with that persona's
+            full block as its prompt. Run the personas concurrently where possible.
+            Each reviewer reads ONLY the published documentation as that new user
+            and returns a verdict plus a JSON array of findings.
+
+            Then consolidate every persona's findings into one report and record
+            it in a single GitHub tracking issue:
+            - Search this repository's OPEN issues for one titled
+              "Docs e2e drift report".
+            - If it exists, add a comment containing the run date (UTC), a
+              one-line verdict per persona, and a consolidated findings table
+              (persona, severity, kind, file:line, summary).
+            - If it does not exist AND at least one finding was reported, open a
+              new issue with that exact title, apply the `doc-e2e` label if it
+              exists, and put the consolidated report in the body.
+            - If every persona reached its goal with zero findings, and an issue
+              exists, add a short "clean run, no findings (<date>)" comment; if no
+              issue exists, do nothing.
+
+            Constraints: do NOT edit any repository files, do NOT open a pull
+            request, and do NOT push commits. The tracking issue is your only
+            output.