audit-skills v0: substantive-depth limitations in primary-adopter cycle (Sentinel CHARTER-07) + prompt resolver HTML-comment bug

[montfort]

Context

This issue consolidates feedback from the first primary-adopter run of the audit-skills flow shipped in fw-4.8.0 / cli-3.9.0 (3 May). Sentinel is executing CommsHub Etapa 2 as 9 Charters per the meta-plan; CHARTER-07 (foundation: setup + ports + 7 migrations + SQLC + scaffolding + Wire stub) just completed its checkpoint-driven audit cycle — the first such cycle in any adopter project.

This is exactly the data point Etapa 2 telemetry was set up to surface. We chose to file this before the consolidated snapshot at the end of Etapa 2 because the issues identified are blockers for substantive audit value and merit upstream iteration sooner, not later. Sentinel has paused CHARTER-07 close (Charter status: in-progress) so the audit can be re-run after upstream fixes, instead of polluting the telemetry with a structurally-limited cycle.

There are two distinct findings (R10 mechanical bug, R11 substantive-depth limitations) plus a forward-looking proposal that builds on the methodology Sentinel had pre-DevTrail. All evidence lives in the Sentinel repo paths cited at the bottom of this issue and is reproducible.

---

R10 — Prompt resolver duplicates content by ignoring HTML comment boundaries

Symptom

After devtrail charter audit CHARTER-07 (Step 1/3 PREPARE), audit/charters/CHARTER-07/prompts/auditor-primary.prompt.md was 1300 lines with the Charter content + AILOG + diff appearing twice — once inside the template's leading HTML comment block (lines 1-605), and again in the prompt body proper (lines 607+). The operator detected the duplication visually before pasting into the auditor LLM.

Root cause

.devtrail/audit-prompts/auditor-primary.md (the template) has an HTML comment header (lines 1-32) that documents available placeholders. Lines 21-31 list each placeholder with a description using literal {{placeholder}} — description syntax:

Placeholders supported by `devtrail charter audit`:
  {{charter_id}}        — e.g., CHARTER-05
  {{charter_content}}   — full body of the Charter doc
  {{git_diff}}          — output of `git diff <git_range>`
  ...

The CLI resolver does string-replace globally of each {{placeholder}} → resolved content, without distinguishing whether the placeholder is inside or outside an <!-- ... --> block. Result: the documentation-only lines (e.g., {{charter_content}} — full body of the Charter doc) expand to (entire Charter body) — full body of the Charter doc, inflating the comment block from 32 to 605 lines and duplicating every payload (Charter + AILOG + diff) that already appears in its proper place outside the comment.

Scope

Only affects auditor-primary.md template. The auditor-secondary.md template has a short comment (16 lines) without {{placeholders}} — no duplication there.

Operational impact

• ~30k tokens of duplicated payload sent to the auditor LLM (cost overhead in gpt-4o / gemini chat).
• Risk that the auditor interprets the duplication as a delta between two versions of the Charter, degrading finding quality.
• Documentation block becomes noise (no longer useful as placeholder reference).

Workaround applied locally

cd audit/charters/CHARTER-07/prompts/
tail -n +607 auditor-primary.prompt.md > tmp && mv tmp auditor-primary.prompt.md

Reduces primary from 1300 → 694 lines (comparable with secondary at 704). Workaround is non-destructive (touches only the resolved prompt, not the template) and reversible (re-running devtrail charter audit regenerates the buggy version).

Sentinel commit applying the workaround + AILOG R10 documentation: see references at bottom.

Proposed fix

Two complementary options for the resolver:

1. Respect HTML comment boundaries: skip placeholder replacement inside <!-- ... --> ranges. Conservative; preserves comment block as documentation.
2. Detect documentation-only lines: if a placeholder appears as {{placeholder}} — description (indented, followed by —), skip the replacement on that specific line. Less conservative but doesn't require markdown comment parsing.

Either fix unblocks the template's documentation header from being weaponized as a content duplicator.

---

R11 — Audit cycle v0 produces audits of structurally limited substantive reach

The CHARTER-07 audit cycle completed with findings_total: 1 (one self-categorized false_positive from auditor-primary; auditor-secondary reported zero). On surface that looks clean. It is not — it is mechanically true for the audit window the auditors received, but vacuously so relative to the Charter's actual scope. Two structural causes.

Root cause A — git_range defaults to HEAD~1..HEAD

CHARTER-07 has 8 commits in the feature branch charter-07-commshub-foundation:

Commit	Scope
2ee3352	Setup: module skeleton + Preference Center embed assets
cee74f3	Migrations (T004-T010): 7 migrations 012-018 with RLS + partitioning
a6efa9c	SQLC (T011): 12 query files + generated code + 2 migration fixes
824ad76	Scaffolding: 4 ports + 28 errors + 21 models + 16 events + PII guard test + 8 OTel metrics
6d68392	Wire (T018) + compile gate (T019) + middleware verify (T019a)
7486b64	AILOG-035 + atomic Charter §Closing notes
c68702d	Charter originating_ailogs + canonical R drift suppression format
aa5e948	R10 workaround (the only commit the auditors saw)

The CLI defaults git_range to HEAD~1..HEAD, so the auditors processed only the final atomic-update commit — a metadata-only delta that updates Charter frontmatter and reorganizes AILOG R7-R9 into canonical drift-suppression format. They did not see migrations, SQLC, scaffolding, Wire, or the PII guard test — i.e., they did not audit the ~4150 lines that constitute CHARTER-07's actual implementation.

Both auditors performed correctly given what they were handed. But the convergence on "no substantive findings" carries no weight as evidence that the foundation is correct — they were not given the foundation to audit.

Root cause B — Paste-based mode without filesystem tool access

Even if git_range had been main..HEAD (the full branch), the auditors operated in paste-based mode. They could not:

• Open files outside the diff to verify cross-references (e.g., does function X invoked here actually exist in file Y).
• Consult data-model.md to validate migrations against documented schema intent.
• Confirm the eventTypeToPayload map covers the full set declared in EmittedEventTypes.
• Inspect spec-001 RLS patterns to validate the new templates_tenant_or_system policy doesn't leak system rows into spec-001 tests.

Without tool use, auditors extend to training data and assumptions. Sentinel's pre-DevTrail audit methodology had an iteratively-refined prompt that explicitly enforced "do not opine on files you have not opened" — a discipline that catches a known failure mode where Gemini, in particular, has a tendency to assume class/interface correctness from naming alone without reading the file. That discipline isn't representable in a paste-based prompt.

Calibrator compensation (this cycle only)

The calibrator (claude-opus-4-7[1m] running in the operator's IDE) has filesystem access and read both the diff and the 5 implementation commits not in the audit window. The calibrator output (audit/charters/CHARTER-07/calibrator-reconciler.md §Reconciliation summary) documents the structural limitations explicitly — as critical observations, NOT as fresh C<N> findings (the calibrator role explicitly forbids introducing fresh findings: "that's what the next audit cycle is for").

This compensation works for one Charter audited by an operator using a calibrator-class tool with filesystem access. It does not generalize: most adopters won't have a calibrator with full repo read.

---

Forward-looking proposal (not a regression)

The audit-skills v0 architecture has real strengths worth preserving:

• Cross-family heterogeneity as the discovery mechanism (different model family per auditor → different blind spots → convergence is high signal).
• Calibrator pattern (definitional, not discovery).
• Opt-in checkpoint per AGENT-RULES §12 heuristic.
• Telemetry capture as a side effect of the workflow (zero extra operator burden).

The proposal below preserves all four and addresses the substantive depth gap:

Audits, when run, should run via CLI with read-only filesystem access

The auditor-primary and auditor-secondary roles should be invoked via auditor-side CLI tooling (gemini-cli, claude-cli, copilot-cli, codex-cli — whatever the operator has) configured with read-only access to the repo. The DevTrail prompts then enforce the principle that gives the audit its substance:

"You may only opine on files you have read via tool call. Any finding you produce must cite the specific files (paths and lines) you opened. If you have not opened a file, you may not infer behavior, structure, or correctness about it."

This shifts the audit from "extend training data + diff" to "verify diff + read context + cite evidence." It is the discipline that distinguishes substantive code review from pattern matching.

The Sentinel pre-DevTrail audit methodology used exactly this approach across the spec-001 implementation cycle. The prompt was iteratively refined as specific resbalones (slip-ups) were observed per model — Gemini's class-by-name assumption being the canonical example we polished out. That mature prompt is shareable; we can contribute it as a starting point if useful.

git_range default should match the Charter's commit set, not the last commit

For Charters implemented as multiple commits on a feature branch (the common case for L Charters), the default HEAD~1..HEAD is the wrong unit. Sensible alternatives:

• git merge-base origin/main HEAD..HEAD — captures all commits unique to the branch since divergence from main.
• origin/main..HEAD — same effect, simpler to express.
• A --range flag the operator overrides per invocation, but with the default biased toward "the full branch since main" rather than "the last commit."

This applies regardless of whether audits move to CLI mode or stay paste-based.

Optional: tighten the resolver (R10 fix)

Independent of the larger architectural shift — the R10 fix above is small, mechanical, and worth shipping as a patch independent of any larger v1 redesign.

---

Evidence in Sentinel repo

All evidence is reproducible from the Sentinel branch charter-07-commshub-foundation (commits 2ee3352..f0f0cee). Branch is currently local; will push if the upstream maintainers want to inspect concretely — say the word.

Substantive references inside the Sentinel branch:

• .devtrail/07-ai-audit/agent-logs/AILOG-2026-05-04-035-charter-07-commshub-foundation.md §Risk:
  • R10 (~lines 286-352): full root-cause analysis, scope, workaround applied, fix proposal.
  • R11 (~lines 354-440): structural-depth limitations, both root causes elaborated, calibrator compensation applied, forward-looking proposal.
• audit/charters/CHARTER-07/auditor-primary.md: copilot-v1.0.40 (gpt-5.3-codex) actual response (1 finding, self-categorized false_positive).
• audit/charters/CHARTER-07/auditor-secondary.md: gemini-2.5-pro-cli actual response (0 findings, "execution and accompanying documentation are pristine").
• audit/charters/CHARTER-07/calibrator-reconciler.md §Reconciliation summary: detailed analysis of why the convergent zero-substantive-findings does not constitute evidence of foundation correctness.
• audit/charters/CHARTER-07/external-audit-pending.yaml: the external_audit: block ready to merge into .devtrail/charters/CHARTER-07.telemetry.yaml once the Charter closes (currently held back; see operational decision below).

Six commits granular for the implementation + 3 for AILOG/atomic update/audit cycle. The branch is paused at the audit-cycle close commit (f0f0cee) — no devtrail charter close invoked, no PR opened.

Operational decision in Sentinel

Per the operator's call: pause CHARTER-07 close until upstream iterates on R10 + R11 fixes. Once a new cli version ships with the resolver fix (R10) + a sensible git_range default (R11 part A) — and ideally with the CLI-based audit pattern surfaced (R11 part B) — Sentinel will:

1. devtrail update-cli + devtrail update-framework.
2. Re-run the audit cycle on CHARTER-07 with the new flow.
3. devtrail charter close CHARTER-07 with the substantive audit findings merged into telemetry.
4. Continue with CHARTER-08 onward under the improved methodology.

The current audit cycle outputs (auditor responses + calibrator) stay in audit/charters/CHARTER-07/ as historical evidence of what the v0 produced; the re-run will overwrite or coexist as a separate cycle (decision pending upstream iteration).

This issue is the formal feedback channel from the first primary adopter. Sentinel will continue Etapa 2 telemetry per the agreed devtrail-telemetria-etapa-2.md v0.1 conventions and report a consolidated snapshot at the end (CHARTER-13 close), but R10 + R11 + the forward-looking proposal merit upstream attention now rather than at the end of a multi-week cycle.

Happy to provide more concrete material (the Sentinel pre-DevTrail audit prompt, full auditor responses, additional Charter execution data) if useful.

---

🤖 Filed by Sentinel operator at the close of CHARTER-07 audit cycle, with calibrator analysis from claude-opus-4-7[1m]. All assertions verifiable against the cited commits and file paths.

[montfort]

Upstream acknowledgement

Receiving this report as substantive empirical signal — exactly the data point Phase 2 telemetry was structured to surface. The decision to pause CHARTER-07 close before polluting the aggregate telemetry with a structurally-limited cycle is the right one and we'll honor it: CHARTER-07 awaits a re-run on the next release rather than counting as a v0 record.

We're treating R10, R11(A), and R11(B) plus a fourth axis the operator surfaced separately (eliminating copy/paste entirely via canonical filesystem locations + a new auditor-side skill) as one integrated iteration, not three patches. Rationale: piecemeal patches over multiple releases would force Sentinel to re-run CHARTER-07 multiple times against partial fixes, costing audit cycles for no marginal evidence. One integrated upgrade lets Sentinel re-audit CHARTER-07 once with the full new flow and continue Etapa 2 cleanly from CHARTER-08 onward.

Categorization of the 4 axes

• R10 (resolver duplicates content via HTML-comment placeholder expansion) — bug, mechanical fix, included in the integrated release.
• R11(A) (git_range defaults to HEAD~1..HEAD for multi-commit feature branches) — design decision that failed at first multi-commit Charter encounter; switching default to origin/main..HEAD with intelligent fallback. User-visible behavior change → minor bump.
• R11(B) (paste-based mode produces structurally limited audits) — architectural extension, not regression. The proposal is not to implement HTTP API clients (which decision A1 rejected for legitimate reasons); it's to enable a second mode where the operator runs their own auditor-side CLI (gemini-cli, claude-cli, copilot-cli, codex-cli — whatever they have) configured with read-only filesystem access, and DevTrail's prompts enforce the discipline "cite path:line of files you've actually opened — findings without citations are rejected". DevTrail still doesn't manage API keys, doesn't invoke APIs, doesn't maintain HTTP clients. The operator's CLI handles all of that.
• Fourth axis — eliminating copy/paste entirely via canonical paths + new skill devtrail-audit-execute: the operator surfaced that the paste-then-run-then-paste-back loop is itself friction independent of (B). With (B) addressing what the auditor can see, this fourth axis addresses how the prompts and reports flow between the operator's main IDE and the auditor CLIs. The proposed flow uses canonical filesystem locations under .devtrail/audits/<CHARTER-ID>/ (replacing the current audit/ which is too generic), a new skill devtrail-audit-execute that runs in any auditor-side CLI, and an extension of devtrail-audit-review to iterate over N reports (no longer fixed to 2 — operators may want a third or fourth audit with specialized models depending on Charter risk surface).

Operational consequence of integrating

• Single release: cli-3.10.0 / fw-4.9.0 (minor bumps; experimental v0.x schemas evolve in place per their $comment discipline; CHANGELOG documents the path-convention change explicitly).
• Sentinel re-runs CHARTER-07 audit cycle once after the release lands. The v0 outputs (audit/charters/CHARTER-07/auditor-{primary,secondary,reconciler}.md) stay as historical evidence of the v0 cycle; the v1 re-run produces fresh outputs at the new canonical location.
• Sentinel continues Etapa 2 from CHARTER-08 onward under the v1 flow. The Etapa 2 telemetry snapshot at the close of CHARTER-13 will include both the CHARTER-07 v1 record and the cycles from CHARTER-08 onward — a coherent dataset.

Take on Sentinel's contribution

The pre-DevTrail audit prompt mature against observed slip-ups (Gemini's class-by-name assumption being the canonical example) is exactly the kind of empirical refinement v1 needs as starting point — yes please, share it. Will incorporate as foundation for the unified prompt template and credit explicitly.

Next steps

A formal proposal will land in Propuesta/ shortly with the full design (path conventions, skill shapes, prompt structure, migration plan, PR sequence). After internal review and any iteration the proposal needs, implementation kicks off. We're not committing to a date here per principles #6/#12 — the proposal first, then implementation paced to land cleanly, and the release ships when verification is done. Estimated rough order: days, not weeks.

Sentinel: keep CHARTER-07 paused. The branch state is fine where it is. We'll signal here when v1 ships.

Thank you for the depth and rigor of the report — this is what the principle "the community cares for the tool" looks like operationalized.

[montfort]

Concrete reference: Sentinel's pre-DevTrail audit skill, now mirrored in Propuesta/

Two files copied to this repo's Propuesta/ folder for inspection (not committed yet on the operator's local — will land alongside or shortly after this comment):

• Propuesta/sentinel-skill-prompt-audit.md — the audit prompt generator skill from Sentinel (.claude/skills/audit/SKILL.md in the source repo). 391 lines. Generates a complete, ready-to-paste audit prompt for external AI agents based on the current implementation stage, with the discipline enforcement the original issue body proposes.
• Propuesta/sentinel-skill-prompt-audit-review.md — the companion skill that consolidates external auditor reports into a single claude-analisis.md with verdicts, a remediation plan, and per-auditor ratings (.claude/skills/audit-review/SKILL.md in the source).

The cycle is conceptually parallel to DevTrail's prepare → external → calibrate, but the discipline enforcement happens at prompt level rather than at calibrator level. Specific elements worth lifting:

• §REGLA ABSOLUTA — SOLO LECTURA (lines 55-77 of audit.md) — explicit prohibitions on the auditor (no edits, no commits, no go generate, no wire, no "fixes"), with the operationalizing line: "Si encuentras un bug, DOCUMENTALO en tu reporte. NO lo corrijas. Si encuentras un archivo faltante, REPORTALO. NO lo crees. Violación de esta regla invalida toda la auditoria." This is the textual form of the principle proposed in the issue body — it isn't theoretical, the prompt enforces it.

• §Tu rol — "NO eres un cheerleader — reportar 'sin problemas' cuando existen bugs es peor que reportar un falso positivo." Counters the failure mode where auditors over-praise to be agreeable.

• §Paso 2 — Verificar cada tarea (OBLIGATORIO) — the full chain: locate file → read completo (not just confirm existence) → trace flow handler→service→repo→SQL → read at least 2 test cases → compare against the task. This is the structural surface where filesystem tool use becomes operationally necessary; without it, the audit collapses to assumption.

• §Paso 5 — Calibrar severidad contra config REAL (lines 167-228) — anti-inflation and anti-deflation rules with a concrete example from Sentinel's Etapa 12 (an auditor declared "regresión crítica por ACK silencioso" without verifying the Pub/Sub driver was a stub returning `"Cloud Pub/Sub not yet implemented"` and the active driver was `gochannel` in-memory where Ack/Nack are no-ops). The mandatory checklist (active driver, feature flags, build tags, DB role, deployment scope) before declaring Critical/High severity catches the class of finding inflation that paste-based audits with limited context produce.

• §Lo que NO debes hacer — closing reinforcement of the read-only rule plus the severity discipline.

Project-specific coupling worth noting if porting to DevTrail

The current Sentinel skill assumes the project's MVP layout: it reads `specs/001-sentinel-mvp/tasks.md` and matches the `## Etapa N:` heading format (skill lines 24, 101, 125). For DevTrail to adopt the pattern as a transferable template, those hardcodes would need to parameterize against:

• The Charter doc + originating AILOGs (instead of `tasks.md`).
• The git range bounding the audit (instead of "an etapa's task list").
• Output dir keyed on Charter id (instead of `audit/etapas-implementacion/{N}/`).

Everything else in the skill (the discipline, security checklist, severity calibration) is project-agnostic and reusable as-is.

Suggested integration into a v1 audit-skills shape

A minimal sketch of what an evolved DevTrail v1 audit cycle could look like with this pattern lifted:

1. `devtrail charter audit ` — generates the prompt template (with discipline enforcement embedded), writes to `audit/charters//prompts/`.
2. Operator invokes the auditor through the auditor's own CLI (gemini-cli, claude-cli, copilot-cli, codex-cli) with read-only repo access, paste the prompt, the auditor uses tool calls to read files cited by name.
3. Auditor writes report to `audit/charters//auditor-{primary,secondary}.md`.
4. `devtrail charter audit --calibrate` proceeds as today (calibrator reconciles), but now the inputs are substantive.

The CLI wrapping doesn't need to launch the auditor's CLI itself — that's the operator's choice of tooling. DevTrail's contract stays at "generate prompt, validate response shape, calibrate" — the substantive depth comes from the prompt + the operator's auditor-CLI choice, not from DevTrail orchestrating LLM calls.

Happy to discuss further or provide more concrete material.

[montfort]

Resolved by the v1 audit-skills release (fw-4.9.0 / cli-3.10.0)

All four axes raised in this issue are addressed in the integrated v1 iteration. Closing as resolved.

How each axis was closed

R10 — resolver duplicates content via HTML-comment placeholder expansion → fixed in PR #103. The resolver now scans for <!-- ... --> ranges before substituting and skips placeholder replacement inside them. Unclosed comments terminate the scan early (conservative). 5 new unit tests cover the regression including the exact multi-placeholder documentation header pattern that triggered the original bug. Net effect: the prompt size drops back to what it should be (~700 lines instead of 1300 for CHARTER-07-shape Charters), no token duplication.

R11(A) — git_range defaults to HEAD~1..HEAD → fixed in PR #104. The default is now origin/main..HEAD with intelligent fallback (tries origin/master..HEAD for legacy repos, then HEAD~1..HEAD with explicit stderr warning when no upstream is reachable). Multi-commit feature branches like Sentinel CHARTER-07 (8 commits, ~4150 lines) now go to the auditors as the full implementation set, not the last commit.

R11(B) — paste-based mode produces structurally limited audits → addressed by the unified prompt + auditor-side CLI mode in PRs #105, #107, #108. The new template audit-prompt.md lifts the seven universal sections from Sentinel's pre-DevTrail audit/SKILL.md (REGLA ABSOLUTA, Tu rol, Reglas de alcance, Paso 2 verificación obligatoria with the path:line citation discipline, Paso 5 calibración severidad with the Etapa 12 example preserved as labeled real adopter case, Lo que NO debes hacer, Formato de salida). The new skill /devtrail-audit-execute runs inside an auditor-side CLI (gemini-cli, claude-cli, copilot-cli, codex-cli) configured with read-only filesystem access — the prompt's discipline becomes operationally enforceable via tool use, not aspirational guidance.

Fourth axis — eliminate copy/paste entirely via canonical filesystem locations + new auditor-side skill → addressed by PRs #106, #107, #108. The CLI subcommand was refactored: paths migrated from audit/charters/<id>/ to .devtrail/audits/<id>/ (namespaced under .devtrail/ to avoid adopter folder collisions; structure leaves room for future audit-unit categories). Subcommand simplified to --prepare / --merge-reports (the v0 --calibrate and --finalize are kept as deprecation shims with stderr warnings). The three skills (/devtrail-audit-prompt → /devtrail-audit-execute × N → /devtrail-audit-review) exchange artifacts via filesystem; operators never copy/paste prompts or reports. Reports are keyed on report-<sluggified-model-id>.md so N auditors don't collide. The review skill consumes whatever reports are present.

Forward-looking proposal — adopted in evolved form

Sentinel's forward-looking proposal in this issue (auditors via CLI with read-only filesystem access + prompt-level discipline + git_range matching the Charter's commit set) was adopted in spirit. The shape evolved during design (Propuesta/devtrail-audit-cli-flow.md v0.2):

• No HTTP API clients in DevTrail — preserved decision A1. The auditor CLIs are the operator's choice; they handle API keys and rate limits themselves. DevTrail orchestrates prompt resolution, report shape, and the consolidated review.
• Calibrator role moves in-conversation — the v0 paste-based calibrator-reconciler template is retired. The main agent (Claude Code, Gemini Code, Cursor, etc.) handles calibration inline via the /devtrail-audit-review skill, which reads N reports, verifies each finding against actual code via Explore agents in parallel, classifies verdicts (VALID / PARTIALLY VALID / MISATTRIBUTED / FALSE POSITIVE / DUPLICATE), and produces a six-section consolidated review.md (Executive summary / Scope definition / Per-auditor evaluation / Remediation plan P0-P4 / Discarded findings / Auditor ratings 1-10 across four weighted criteria).
• Six-section review structure + 5-verdict vocabulary + 4-criterion weighted rating lifted directly from Sentinel's audit-review/SKILL.md mature pre-DevTrail. Credit explicit in CHANGELOG and in the skill body.

Sentinel re-run path

CHARTER-07 stays paused on the charter-07-commshub-foundation branch. To re-run under v1:

1. devtrail update-cli → cli-3.10.0
2. devtrail update-framework → fw-4.9.0
3. devtrail charter audit CHARTER-07 --prepare (uses the new default range origin/main..HEAD, captures the full 8-commit feature branch).
4. Open auditor CLIs and run /devtrail-audit-execute CHARTER-07 in each (recommended: ≥2 of different model families; can be the same models you used in v0 — copilot-v1.0.37, gemini-2.5-pro, etc.).
5. After ALL auditors complete, return to the main agent and run /devtrail-audit-review CHARTER-07. The skill consolidates reports into .devtrail/audits/CHARTER-07/review.md (six sections) and merges the YAML into telemetry.
6. devtrail charter close CHARTER-07 once the review is satisfactory.

The v0 outputs (audit/charters/CHARTER-07/auditor-{primary,secondary,reconciler}.md) stay as historical evidence of the v0 cycle; the v1 outputs land at the new canonical path.

Credit

The seven universal sections of the unified audit-prompt.md, the six-section consolidated review structure, the five-verdict vocabulary, and the four-criterion weighted auditor rating all lift integrally from the audit/SKILL.md and audit-review/SKILL.md skills mature pre-DevTrail in Sentinel — contributed via this issue. Project-specific hardcodes were parameterized; didactic examples (Etapa 12 Pub/Sub stub vs gochannel active) preserved as labeled real adopter cases. Recorded in CHANGELOG.

Thank you for the depth and rigor of the original report — this is what the principle "the community takes care of the tool" looks like operationalized in practice.

— Closing.