Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From eou-foundry
Audits EOU specs against Foundry V2 faceted classification, authority limits, validator schemas, failure modes, blast radius, and responsibility ownership. Use before promoting or after applying an ECP.
npx claudepluginhub xiaolai/eou-foundry --plugin eou-foundryHow this skill is triggered — by the user, by Claude, or both
Slash command
/eou-foundry:eou-audit EOU_ID_OR_PATHEOU_ID_OR_PATHtargetThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit an EOU spec at `$target`, or all specs in `foundry/eous/` and `foundry/meta-eous/` when no target is given.
Mandates invoking relevant skills via tools before any response in coding sessions. Covers access, priorities, and adaptations for Claude Code, Copilot CLI, Gemini CLI.
Share bugs, ideas, or general feedback.
Audit an EOU spec at $target, or all specs in foundry/eous/ and foundry/meta-eous/ when no target is given.
$target (optional) — EOU ID resolved to foundry/eous/{id}.yml or foundry/meta-eous/{id}.yml, or a direct file path. When omitted, audits all specs in both directories.foundry/constitution.ymlfoundry/governance.ymlfoundry/failure-taxonomy.ymlschemas/eou.schema.ymlStop and record a critical finding before proceeding if:
schemas/eou.schema.yml does not exist — cannot validate spec completeness.$target is provided but does not resolve to any spec file in foundry/eous/ or foundry/meta-eous/.python3 scripts/validate_foundry.py
Record any schema errors as critical findings before proceeding.
Verify all six classification facets are present and use schema-allowed values:
| Facet | Allowed values |
|---|---|
function | generate | specify | validate | diagnose | promote | refactor | audit | propose | activate | implement | retire |
automation_mode | deterministic | LLM_assisted | hybrid | human_executed |
authority_level | suggest_only | draft_only | write_candidate | write_inactive | mutate_active | approve | publish |
risk_level | low | medium | high | critical |
lifecycle_stage | candidate | draft | simulated | pilot | active | monitored | stable | deprecated | retired |
Finding: any missing or out-of-vocabulary value → severity high.
mutate_active or higher requires risk_level: high or critical.blast_radius.forbidden_scope must be declared for mutate_active or higher.authority_level must not exceed what the EOU's function requires.Finding: mismatched authority/risk → severity high.
Each EOU must declare: purpose (with non_goals), inputs (with forbidden_assumptions), context_manifest, execution (with stop_conditions), outputs, success_criteria, failure_modes (with repair_actions), escalation, responsibility, versioning, blast_radius.
Finding: any missing field → severity medium. Placeholder text (e.g. "Perform bounded operation", "target artifact") → severity high.
deterministic work (scripts, schema checks) must not be mixed with LLM_assisted judgment steps in a single EOU step.responsibility.executor must not equal responsibility.approver.Finding: violation → severity high.
outputs must include trace: foundry/runs/{eou_id}/{run_id}.yml.execution.steps must be specific enough to reconstruct what ran.Finding: absent trace output → severity medium.
For every EOU with function: generate:
generation_envelope.forbidden_outputs must include active_eou, approved_eou, constitution_change.generation_envelope.default_status must be candidate.generation_budget.max_candidates must be declared.minimality_test and operational_value_test must be declared.counter_generation.required must be true.Finding: any violation → severity high.
escalation.require_human_when.responsibility.cannot_delegate must list at least one item for EOUs with authority_level: mutate_active or higher.Finding: absent escalation on high-stakes EOU → severity high.
Write one file per audited EOU to foundry/audits/eou-audits/{eou_id}.audit.yml:
audit_date:
eou_id:
eou_version:
checks:
- check_name: # faceted_classification | authority_blast_radius | structural_fields | separation_of_concerns | trace | generating_eou | escalation
status: # pass | fail | skip
findings:
- severity: # critical | high | medium | low
field: # YAML field path where the violation occurs
description:
required_fix:
summary:
total_findings:
by_severity: {critical: 0, high: 0, medium: 0, low: 0}
verdict: # PASS | FAIL | CONDITIONAL_PASS
When auditing the whole foundry/ directory, write one file per EOU. Do not merge findings across specs.
validate_foundry.py before manual checks — its output is authoritative for schema errors.Upstream: receives an EOU spec id or path. Typically invoked on EOUs at lifecycle_stage pilot or active, or on ECP packages awaiting approval.
Downstream: findings feed $eou-diagnose (when an audit failure needs root-cause diagnosis), $eou-refactor (when findings suggest structural change), and $eou-promote (audit pass is a gate for active promotion).
Related: $eou-validate (sibling — structural validation, deterministic); $foundry-audit (sibling — system-wide rather than per-EOU); $audit-candidate-eou-set (sibling — audits a set, not a spec).
Pipeline: eou-specify → eou-audit → eou-promote (if pass) | eou-diagnose (if fail)