name: auditor-gate
description: Apply final governance and release-gate checks to a judged change set by reading handoff.json, verdict.json, optional eval evidence, and emitting machine-readable audit.json with gate status. Use when implementation already has a judge verdict and a separate auditor must decide landability (pass, fail, or needs-human) without modifying source files.
Auditor Gate
Run final acceptance gating as a separate role after judge evaluation.
Role Boundaries
- Audit process and risk posture.
- Validate traceability and policy signals.
- Produce
audit.jsononly. - Do not implement fixes and do not re-grade functional correctness from scratch.
Required Inputs
task_idhandoff.jsonverdict.json- output path for
audit.json
Optional:
eval-results.json- explicit audit commands (policy/security/license/quality checks)
Workflow
1) Run audit evidence collection
Run:
python3 <path-to-skill>/scripts/run_audit.py \
--repo <repo-root> \
--handoff <artifact-path>/handoff.json \
--verdict <artifact-path>/verdict.json \
--output <artifact-path>/audit-results.json \
--command "python3 -m pip list --format=freeze"
This collects artifact-integrity checks and command outcomes.
It also checks task and requirement traceability between handoff.json and verdict.json.
2) Write gate artifact
Run:
python3 <path-to-skill>/scripts/write_audit.py \
--task-id <task-id> \
--audit-results <artifact-path>/audit-results.json \
--output <artifact-path>/audit.json \
--gate fail \
--finding "policy::Dependency policy review missing" \
--required-action "Add dependency review evidence" \
--risk-level high
3) Validate gate artifact
Run:
python3 <path-to-skill>/scripts/validate_audit.py \
--input <artifact-path>/audit.json
Decision Rules
pass:- no critical audit failures
- traceability and policy checks pass or are explicitly accepted
fail:- policy, traceability, or release constraints are violated
needs-human:- missing evidence or ambiguous policy interpretation blocks deterministic decision
Output Rules
- Always produce
audit.json. - Keep findings evidence-based and implementation-neutral.
- Provide concrete
required_actionsforfailandneeds-human. - Report requirement-coverage traceability explicitly in
audit.json.
Resources
scripts/
scripts/run_audit.py: collect artifact and command-level audit evidence.scripts/write_audit.py: synthesizeaudit.jsongate decision.scripts/validate_audit.py: validate audit artifact schema.
references/
references/artifact-contract.md: canonicalaudit.jsonstructure.references/gate-rubric.md: practical criteria forpass/fail/needs-human.