feat(framework): Phase v1 PR 5 — devtrail-audit-execute skill (3 platforms)#107
Merged
feat(framework): Phase v1 PR 5 — devtrail-audit-execute skill (3 platforms)#107
Conversation
…forms)
Introduces the new auditor-side skill that closes the cero-copy/paste
loop in the v1 audit flow. The operator now invokes 3 skills total
(audit-prompt → audit-execute × N → audit-review) instead of pasting
prompts and responses between IDE and external chats.
devtrail-audit-execute runs INSIDE an auditor-side CLI (gemini-cli,
claude-cli, copilot-cli, codex-cli, or any agent runtime configured
with read access to the adopter's repo). It:
1. Resolves the Charter via the optional argument or auto-discovery
(D14): scans .devtrail/audits/*/audit-prompt.md for prompts that
do not yet have a report-<self-model-slug>.md from this auditor.
2. Detects this auditor's model identifier from the runtime and
produces a filesystem-safe slug.
3. Reads the unified audit prompt at the canonical path.
4. Audits with tool use, citing path:line of files actually opened
(carrying the discipline from the prompt's REGLA ABSOLUTA section).
5. Writes the report to .devtrail/audits/<id>/report-<slug>.md with
the v1 frontmatter (audit_role: auditor, evidence_citations).
6. Emits the wait warning at completion: "do NOT return to the main
agent for /devtrail-audit-review yet unless ALL audits you
commissioned have completed." This is load-bearing for parallel-
CLI workflows where the operator might otherwise invoke review
after the first audit finishes.
Files added (3 platforms per devtrail skill convention):
- dist/.claude/skills/devtrail-audit-execute/SKILL.md — frontmatter
has allowed-tools (Read, Write, Glob, Grep, Bash with allowlists
for go/cargo/npm/pytest verification commands across the common
stacks).
- dist/.gemini/skills/devtrail-audit-execute/SKILL.md — same body,
no allowed-tools (Gemini schema).
- dist/.agent/workflows/devtrail-audit-execute.md — same body,
description-only frontmatter (generic agent runtime).
Tests added (4 fixture tests in cli/tests/audit_skill_test.rs):
- devtrail_audit_execute_claude_skill_exists_and_has_allowed_tools
(asserts the build/test allowlist covers Go, Rust, Node, Python).
- devtrail_audit_execute_gemini_skill_exists_without_allowed_tools.
- devtrail_audit_execute_agent_workflow_exists_with_description_only.
- devtrail_audit_execute_three_platforms_share_core_guidance —
asserts on every platform: canonical paths (.devtrail/audits/,
audit-prompt.md, report-<self-model-slug>.md), D14 elements
(auto-discovery, model-slug detection), the wait warning ("ALL
audits ... complete"), and the discipline carriers (path:line
citation, read-only).
Test plan:
- cargo test --test audit_skill_test → 12/12 green (8 existing for
audit-prompt + audit-review, 4 new for audit-execute).
- cargo test (full suite) → all suites green, no regressions.
- No version bump (lands together with PRs 6-8 in the integrated
v1 release per Propuesta/devtrail-audit-cli-flow.md v0.2 §5).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fifth of 8 PRs implementing the integrated v1 audit-skills iteration. Introduces the new auditor-side skill that closes the zero-copy/paste loop: the operator now invokes 3 skills total (`/devtrail-audit-prompt` → `/devtrail-audit-execute` × N → `/devtrail-audit-review`) instead of pasting prompts and responses between the IDE and external chats.
What the skill does
`devtrail-audit-execute` runs inside an auditor-side CLI (gemini-cli, claude-cli, copilot-cli, codex-cli, or any agent runtime with read access to the repo). It:
Files added
Tests
4 new fixture tests in `cli/tests/audit_skill_test.rs`:
Test plan
Phase v1 progress
🤖 Generated with Claude Code