// Audit a generated candidate EOU set for boundary quality, minimality, overlap, authority, operational value, and governance risk.
Audit value_invocations in run traces for EOUs with classification.judgment_authorized:true. Verifies invocations against the captured_workflow's declared priority (no F15), checks for drift over multiple runs (no F16), detects hallucinated value ids (no F17), catches silent decisions on contested cases (F14), and runs counterfactual-swap audit as the V1 anti-theater defense.
Audit EOU specs for Foundry V2 faceted classification, authority limits, schemas, validation, failure modes, trace, blast radius, and responsibility ownership.
Synthesize a Stage 0 captured_workflow (D2.4 step 1–5 outputs + per-app constitutional domain_values layer) from a user goal, structured 5-role reference set, and constraints. For users entering an unfamiliar craft domain who cannot articulate a workflow unaided, and for any user who needs the constitutional layer made explicit before downstream EOU generation begins.
Generate a minimal, ranked candidate EOU set from a messy workflow using Foundry V2 constraints. Candidates are proposal-only and cannot be activated.
Audit a generated candidate EOU set for boundary quality, minimality, overlap, authority, operational value, and governance risk before any candidate advances to specification. <example> Context: A generation run has just produced a candidate set; the owner wants to know which candidates survive audit before promotion. user: "$audit-candidate-eou-set foundry/self-evolution/candidate-sets/cs-generate-eou-candidates-20260520-1430.yml" assistant: "I'll run the eight tests (boundary, non-overlap, minimality, authority, operational value, counter-generation, set composition, high-stakes) and write the audit report under foundry/audits/candidate-set-audits/." </example> <example> Context: User wants to audit a candidate set that contains a generating EOU without a corresponding audit path. user: "$audit-candidate-eou-set ./my-candidates.yml" assistant: "I'll audit. Heads-up that if any candidate has authority_level approve/publish or proposes weakening validators, I'll escalate to FAIL regardless of other test outc
Audit value_invocations in run traces for EOUs with classification.judgment_authorized:true. Verifies invocations against the captured_workflow's declared priority (no F15), checks for drift over multiple runs (no F16), detects hallucinated value ids (no F17), catches silent decisions on contested cases (F14), and runs counterfactual-swap audit as the V1 anti-theater defense. <example> Context: An EOU with judgment_authorized:true has accumulated several run traces with value_invocations. The owner wants to verify the invocations are load-bearing, not citation theater. user: "$audit-judgment compose-dish" assistant: "I'll load compose-dish.yml, its app's captured_workflow, and the run traces under foundry/runs/compose-dish/. I'll check each value_invocation entry against F14-F17, then run counterfactual-swap audit on up to 5 sampled invocations. Verdict report goes to foundry/audits/judgment-audits/compose-dish.judgment-audit.yml." </example> <example> Context: An EOU with judgment_authorized:false is passed
| name | audit-candidate-eou-set |
| description | Audit a generated candidate EOU set for boundary quality, minimality, overlap, authority, operational value, and governance risk. |
Audit $path (a candidate-set artifact under foundry/self-evolution/candidate-sets/, schema schemas/candidate-set.schema.yml — ECP-0013).
If foundry/captured-workflows/cw-{app_id}.yml exists with all four human_approval gates populated, load it. The Set Value Coverage Test runs against its domain_values block.
foundry/constitution.ymlfoundry/registry.ymlfoundry/governance.ymlfoundry/meta-eous/audit-candidate-eou-set.ymlHalt and report before running tests if:
$path does not resolve to a readable YAML file.candidates array, or candidates is empty.foundry/constitution.yml or foundry/registry.yml does not exist — required for Authority and Non-Overlap tests.Run each test against every candidate in the set.
Each candidate must have one distinct success criterion. A candidate whose success criterion subsumes another candidate's fails this test. Flag candidates with compound or overlapping success criteria.
No candidate may duplicate an existing EOU in foundry/registry.yml or another candidate in this set. Check by purpose, target_object, and success criterion. Flag overlapping pairs and recommend merge or rejection.
Each candidate must fail the following substitution checks — if it passes any, it should be converted instead of created as an EOU:
Generating EOUs in the candidate set must not have authority_level set to approve, publish, or mutate_active. Flag candidates claiming more authority than write_candidate or write_inactive without constitutional justification.
Each candidate must satisfy at least one of:
prevents_failure: names a concrete failure mode it blocksimproves_decision: names a judgment it makes explicitexposes_hidden_judgment: surfaces an implicit step that is currently untrackedimproves_traceability: adds observable accountability to a previously opaque stepReject candidates that exist only for completeness or that duplicate the purpose of an existing artifact.
Each kept candidate must include arguments_against — the strongest case for not creating it. Candidates missing this field are not ready for specification.
If the candidate set includes EOUs that generate outputs, it must also include EOUs (or identify existing ones) for auditing and approving those outputs. A generation-only set without a corresponding audit path is incomplete.
Candidates touching finance, health, legal, safety, content about minors, public claims, publication, or active governance must have responsibility.approver set to a named human role and escalation.require_human_when non-empty. Flag candidates in these domains missing human ownership.
Skip if no captured_workflow is loaded with complete human_approval.
For each domain_value of priority ≤ 3 in the loaded captured_workflow, verify that at least one candidate in minimal_recommended_subset operationalizes the value via its distinct_success_criterion (the value's id must appear in the criterion text). Emit findings in audit_outcome.notes naming each unserved value and its priority. Unserved priority-1 values escalate the verdict to FAIL; unserved priority-2 or priority-3 values escalate to REVISE.
| Verdict | Criteria |
|---|---|
| PASS | All candidates pass Boundary, Authority, and Operational Value tests. At most 1 Minimality finding per 5 candidates. High-Stakes test passes for every candidate whose target_object falls in finance, health, legal, safety, content about minors, public claims, publication, or active governance domains. |
| REVISE | 1–2 Minimality or Non-Overlap failures, no Authority or High-Stakes failures. Candidates can be revised without rejection. |
| FAIL | Any Authority or High-Stakes failure. More than 2 Minimality failures. Any candidate with an Authority level above write_inactive lacking constitutional justification. |
Write the audit report to foundry/audits/candidate-set-audits/{set_id}.audit.yml:
set_id:
audit_date:
verdict: # PASS | REVISE | FAIL
candidate_recommendations:
keep: # list of candidate IDs — pass all tests
merge: # list of (id_a, id_b, reason) pairs
defer: # list of (id, reason) — valid but out of scope
reject: # list of (id, reason) — fails tests
convert: # list of (id, convert_to: rule|validator|regression_case|stop_condition|checklist)
findings:
- candidate_id:
test:
severity: # critical | high | medium | low
description:
required_action:
required_revisions_before_specification:
- # list of changes needed before any candidate can proceed to eou-specify
verdict: PASS if any Authority or High-Stakes test fails, regardless of other results.lifecycle_stage: active — that is the role of $eou-promote after human approval.arguments_against as required, not optional — candidates missing this field fail the Counter-Generation Test.$eou-specify.