Conversation
… updated
Updates the two existing v0 skills to align with the v1 unified flow.
audit-prompt is simplified to a thin orchestration shell (no more
inline prompt surfacing); audit-review evolves substantially from
"validate + merge YAML" to "consolidated analysis generator" producing
a six-section review.md document.
devtrail-audit-prompt (rewritten body, simplified to ~85 lines per
platform):
- No longer surfaces prompts inline. The v1 flow writes the prompt
to .devtrail/audits/<id>/audit-prompt.md and the auditor-side CLIs
read it from disk via /devtrail-audit-execute (PR 5). Operators
never copy/paste prompts.
- Calls `devtrail charter audit <id> --prepare` (the v1 subcommand
introduced in PR 4).
- Next-steps guidance directs the operator to open N auditor-side
CLIs and invoke /devtrail-audit-execute in each, then return to
the main agent and run /devtrail-audit-review only when ALL
audits commissioned have completed.
devtrail-audit-review (substantial rewrite, ~253 lines per platform):
- Replaces the v0 "validate + merge YAML" behavior with a
consolidated analysis generator. The skill now:
1. Verifies report set under .devtrail/audits/<id>/.
2. Reads N reports, builds master finding list.
3. Verifies each finding against actual code via Explore agents
in parallel (up to 3 at a time) — the calibrator role moves
from a paste-based prompt template to in-conversation work
with filesystem access. This is what makes the consolidated
review substantive rather than mechanical.
4. Classifies findings by verdict (VALID / PARTIALLY VALID /
MISATTRIBUTED / FALSE POSITIVE / DUPLICATE) and recalibrates
severity against the active configuration (anti-inflation,
anti-deflation per the audit prompt's Paso 5 discipline).
5. Identifies findings the auditors missed.
6. Writes review.md with six sections: Executive summary,
Scope definition, Per-auditor evaluation, Remediation plan
P0-P4, Discarded findings, Auditor ratings 1-10 across
four weighted criteria.
7. Runs `devtrail charter audit --merge-reports` to validate
all reports against the schema and emit/merge the
external_audit YAML block.
8. Branch B handling: when telemetry doesn't exist yet, writes
external-audit-pending.yaml for the operator to paste at
charter close time.
Per-platform variants:
- dist/.claude/skills/<name>/SKILL.md (allowed-tools)
- dist/.gemini/skills/<name>/SKILL.md (no allowed-tools)
- dist/.agent/workflows/<name>.md (description-only frontmatter)
Both skills credit the lift from Sentinel's pre-DevTrail
audit/SKILL.md and audit-review/SKILL.md (issue #102).
Tests (cli/tests/audit_skill_test.rs): updated assertions for the
parity test on each skill, removing v0-specific markers and adding
v1 ones:
- audit-prompt parity now asserts: /devtrail-audit-execute,
/devtrail-audit-review, .devtrail/audits/, audit-prompt.md,
--prepare, "ALL audits ... complete" wait warning, "different
model families" recommendation. v0 markers ("Run AUDITOR PRIMARY
PROMPT", "DO NOT use the same family for both") removed.
- audit-review parity now asserts: --merge-reports, review.md,
Executive summary, Remediation plan, Auditor ratings, the five
verdicts (VALID/PARTIALLY VALID/MISATTRIBUTED/FALSE POSITIVE/
DUPLICATE), the four criterion names (Scope precision,
Technical depth, Bug detection, False positive rate), and
external-audit-pending.yaml. v0 markers (--calibrate,
--finalize) removed.
Test plan:
- cargo test --test audit_skill_test → 12/12 green.
- cargo test (full suite) → all suites green, no regressions.
- No version bump (lands together with PRs 7-8 in the integrated
v1 release per Propuesta v0.2 §5).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sixth of 8 PRs implementing the integrated v1 audit-skills iteration. Updates the two existing v0 skills to align with the v1 flow: `devtrail-audit-prompt` simplifies to a thin orchestration shell (no inline prompt surfacing); `devtrail-audit-review` evolves substantially from "validate + merge YAML" to "consolidated analysis generator" producing a six-section `review.md`.
devtrail-audit-prompt (simplified)
devtrail-audit-review (substantial rewrite, ~253 lines)
Replaces v0 "validate + merge YAML" with a consolidated analysis generator. The skill:
Both skills credit the lift from Sentinel's pre-DevTrail `audit/SKILL.md` and `audit-review/SKILL.md` (issue #102).
Tests
`audit_skill_test.rs` parity assertions updated for both skills:
V0 markers (`Run AUDITOR PRIMARY PROMPT`, `--calibrate`, `--finalize`) removed from assertions.
Test plan
Phase v1 progress
🤖 Generated with Claude Code