// Generate a minimal, ranked candidate EOU set from a messy workflow using Foundry V2 constraints. Candidates are proposal-only and cannot be activated.
| name | generate-eou-candidates |
| description | Generate a minimal, ranked candidate EOU set from a messy workflow using Foundry V2 constraints. Candidates are proposal-only and cannot be activated. |
Generate candidate EOUs from $workflow.
$workflow (required) โ the workflow to analyze; may be a file path (YAML or Markdown) or a free-text description. If a file path, read it; if text, treat it as the workflow description.workflow_slug โ derived from the workflow name or file stem, normalized to lowercase alphanumeric + hyphens (e.g., code-review-workflow). Used in the output filename.captured_workflow (optional, ECP-0017 / Rule 96) โ when foundry/captured-workflows/cw-{app_id}.yml exists with all four human_approval gates populated, load it. Its domain_values block is consulted during candidate scoring per Step 6.5.foundry/constitution.ymlfoundry/registry.ymlfoundry/failure-taxonomy.ymlfoundry/meta-eous/generate-eou-candidates.ymlschemas/eou.schema.ymlHalt and report if any of the following hold:
Extract: what actor does what action to produce what artifact, and what the known failure modes are. State any ambiguities as open questions.
Locate where the success criterion changes โ each boundary is a candidate EOU boundary, not each visible action. Separate deterministic steps (scriptable) from judgment steps (LLM or human required).
For each candidate boundary, check foundry/registry.yml and foundry/eous/ + foundry/meta-eous/:
For each remaining candidate, answer:
Keep the candidate only if none of the above applies. Record the minimality result.
For each kept candidate:
| Field | Value |
|---|---|
function | One of: generate | specify | validate | diagnose | promote | refactor | audit | propose | activate | implement | retire |
automation_mode | deterministic | LLM_assisted | hybrid | human_executed |
authority_level | suggest_only | draft_only | write_candidate | write_inactive | mutate_active | approve | publish |
risk_level | low | medium | high | critical |
lifecycle_stage | candidate (always โ do not set active) |
Also fill: purpose, non_goals, distinct_success_criterion, failure_modes, owner_required, activation_requirements, operational_value, arguments_against, minimality_result.
Reject any candidate whose only value is completeness, or that duplicates an existing EOU, or that has no distinct success criterion. Each kept candidate must answer at least one: prevents_failure, improves_decision, exposes_hidden_judgment, improves_traceability.
Skip if captured_workflow is not present or human_approval is incomplete.
For each surviving candidate, score its arguments_against against the top-three priority domain_values from the captured_workflow:
domain_value? โ Reject the candidate; emit arguments_against citing the violated value id.distinct_success_criterion operationalize at least one top-three domain_value? โ If not, revise the criterion to reference the value id explicitly OR demote the candidate.domain_value.id entries in the candidate's distinct_success_criterion text so Rule 96's validator can detect them.Budget: max 7 candidates. Rank by operational value descending. Select the minimal subset that covers the workflow's critical failure modes. Record rejected candidates with reasons.
Write to foundry/self-evolution/candidate-sets/cs-generate-eou-candidates-{YYYYMMDD}-{hhmm}.yml per schemas/candidate-set.schema.yml (ECP-0013):
id: cs-generate-eou-candidates-{YYYYMMDD}-{hhmm}
generated_by: generate-eou-candidates
generated_at: {ISO-8601 UTC timestamp}
target_class: eou_spec
audit_status: pending_audit
source_workflow:
candidates:
- id:
status: candidate
purpose:
non_goals: []
distinct_success_criterion:
classification:
function:
automation_mode:
authority_level:
risk_level:
lifecycle_stage: candidate
failure_modes: []
owner_required:
activation_requirements: []
operational_value:
arguments_against:
minimality_result:
audit_outcome:
accepted: []
merged: []
demoted_to_rule: []
demoted_to_validator: []
demoted_to_stop_condition: []
rejected: []
minimal_recommended_subset: []
rejected_candidates:
- id:
reason:
prefer_instead: # rule | schema_field | validator | regression_case | checklist | existing_eou
open_questions: []
registry_diff_notes: []
The audit_outcome block is populated by $audit-candidate-eou-set (the downstream skill), not by this generator. Emit it with all seven keys present and empty; do not pre-populate. The generator's job ends at audit_status: pending_audit.
Record the run in foundry/runs/{eou_id}/{run_id}.yml. The run_id is generate-eou-candidates-{YYYYMMDD}-{HHmmss} using the current UTC time.
lifecycle_stage: active on any candidate.foundry/registry.yml or any existing EOU spec.recommended_minimal_set must appear in the candidates list with all required fields populated.Audit a generated candidate EOU set for boundary quality, minimality, overlap, authority, operational value, and governance risk.
Audit value_invocations in run traces for EOUs with classification.judgment_authorized:true. Verifies invocations against the captured_workflow's declared priority (no F15), checks for drift over multiple runs (no F16), detects hallucinated value ids (no F17), catches silent decisions on contested cases (F14), and runs counterfactual-swap audit as the V1 anti-theater defense.
Audit EOU specs for Foundry V2 faceted classification, authority limits, schemas, validation, failure modes, trace, blast radius, and responsibility ownership.
Synthesize a Stage 0 captured_workflow (D2.4 step 1โ5 outputs + per-app constitutional domain_values layer) from a user goal, structured 5-role reference set, and constraints. For users entering an unfamiliar craft domain who cannot articulate a workflow unaided, and for any user who needs the constitutional layer made explicit before downstream EOU generation begins.
Audit a generated candidate EOU set for boundary quality, minimality, overlap, authority, operational value, and governance risk before any candidate advances to specification. <example> Context: A generation run has just produced a candidate set; the owner wants to know which candidates survive audit before promotion. user: "$audit-candidate-eou-set foundry/self-evolution/candidate-sets/cs-generate-eou-candidates-20260520-1430.yml" assistant: "I'll run the eight tests (boundary, non-overlap, minimality, authority, operational value, counter-generation, set composition, high-stakes) and write the audit report under foundry/audits/candidate-set-audits/." </example> <example> Context: User wants to audit a candidate set that contains a generating EOU without a corresponding audit path. user: "$audit-candidate-eou-set ./my-candidates.yml" assistant: "I'll audit. Heads-up that if any candidate has authority_level approve/publish or proposes weakening validators, I'll escalate to FAIL regardless of other test outc
Audit value_invocations in run traces for EOUs with classification.judgment_authorized:true. Verifies invocations against the captured_workflow's declared priority (no F15), checks for drift over multiple runs (no F16), detects hallucinated value ids (no F17), catches silent decisions on contested cases (F14), and runs counterfactual-swap audit as the V1 anti-theater defense. <example> Context: An EOU with judgment_authorized:true has accumulated several run traces with value_invocations. The owner wants to verify the invocations are load-bearing, not citation theater. user: "$audit-judgment compose-dish" assistant: "I'll load compose-dish.yml, its app's captured_workflow, and the run traces under foundry/runs/compose-dish/. I'll check each value_invocation entry against F14-F17, then run counterfactual-swap audit on up to 5 sampled invocations. Verdict report goes to foundry/audits/judgment-audits/compose-dish.judgment-audit.yml." </example> <example> Context: An EOU with judgment_authorized:false is passed