// Audit EOU specs for Foundry V2 faceted classification, authority limits, schemas, validation, failure modes, trace, blast radius, and responsibility ownership.
Audit a generated candidate EOU set for boundary quality, minimality, overlap, authority, operational value, and governance risk.
Audit value_invocations in run traces for EOUs with classification.judgment_authorized:true. Verifies invocations against the captured_workflow's declared priority (no F15), checks for drift over multiple runs (no F16), detects hallucinated value ids (no F17), catches silent decisions on contested cases (F14), and runs counterfactual-swap audit as the V1 anti-theater defense.
Synthesize a Stage 0 captured_workflow (D2.4 step 1–5 outputs + per-app constitutional domain_values layer) from a user goal, structured 5-role reference set, and constraints. For users entering an unfamiliar craft domain who cannot articulate a workflow unaided, and for any user who needs the constitutional layer made explicit before downstream EOU generation begins.
Generate a minimal, ranked candidate EOU set from a messy workflow using Foundry V2 constraints. Candidates are proposal-only and cannot be activated.
Audit a generated candidate EOU set for boundary quality, minimality, overlap, authority, operational value, and governance risk before any candidate advances to specification. <example> Context: A generation run has just produced a candidate set; the owner wants to know which candidates survive audit before promotion. user: "$audit-candidate-eou-set foundry/self-evolution/candidate-sets/cs-generate-eou-candidates-20260520-1430.yml" assistant: "I'll run the eight tests (boundary, non-overlap, minimality, authority, operational value, counter-generation, set composition, high-stakes) and write the audit report under foundry/audits/candidate-set-audits/." </example> <example> Context: User wants to audit a candidate set that contains a generating EOU without a corresponding audit path. user: "$audit-candidate-eou-set ./my-candidates.yml" assistant: "I'll audit. Heads-up that if any candidate has authority_level approve/publish or proposes weakening validators, I'll escalate to FAIL regardless of other test outc
Audit value_invocations in run traces for EOUs with classification.judgment_authorized:true. Verifies invocations against the captured_workflow's declared priority (no F15), checks for drift over multiple runs (no F16), detects hallucinated value ids (no F17), catches silent decisions on contested cases (F14), and runs counterfactual-swap audit as the V1 anti-theater defense. <example> Context: An EOU with judgment_authorized:true has accumulated several run traces with value_invocations. The owner wants to verify the invocations are load-bearing, not citation theater. user: "$audit-judgment compose-dish" assistant: "I'll load compose-dish.yml, its app's captured_workflow, and the run traces under foundry/runs/compose-dish/. I'll check each value_invocation entry against F14-F17, then run counterfactual-swap audit on up to 5 sampled invocations. Verdict report goes to foundry/audits/judgment-audits/compose-dish.judgment-audit.yml." </example> <example> Context: An EOU with judgment_authorized:false is passed
| name | eou-audit |
| description | Audit EOU specs for Foundry V2 faceted classification, authority limits, schemas, validation, failure modes, trace, blast radius, and responsibility ownership. |
Audit an EOU spec at $target, or all specs in foundry/eous/ and foundry/meta-eous/ when no target is given.
Auto-discover any foundry/captured-workflows/cw-*.yml with all four human_approval gates populated. When found AND the audited spec's target_object is not in engine/governance.yml rule_96_exempt_target_objects, Step 9 (Value Operationalization Test) runs.
foundry/constitution.ymlfoundry/governance.ymlfoundry/failure-taxonomy.ymlschemas/eou.schema.ymlStop and record a critical finding before proceeding if:
schemas/eou.schema.yml does not exist — cannot validate spec completeness.$target is provided but does not resolve to any spec file in foundry/eous/ or foundry/meta-eous/.python3 scripts/validate_foundry.py
Record any schema errors as critical findings before proceeding.
Verify all six classification facets are present and use schema-allowed values:
| Facet | Allowed values |
|---|---|
function | generate | specify | validate | diagnose | promote | refactor | audit | propose | activate | implement | retire |
automation_mode | deterministic | LLM_assisted | hybrid | human_executed |
authority_level | suggest_only | draft_only | write_candidate | write_inactive | mutate_active | approve | publish |
risk_level | low | medium | high | critical |
lifecycle_stage | candidate | draft | simulated | pilot | active | monitored | stable | deprecated | retired |
Finding: any missing or out-of-vocabulary value → severity high.
mutate_active or higher requires risk_level: high or critical.blast_radius.forbidden_scope must be declared for mutate_active or higher.authority_level must not exceed what the EOU's function requires.Finding: mismatched authority/risk → severity high.
Each EOU must declare: purpose (with non_goals), inputs (with forbidden_assumptions), context_manifest, execution (with stop_conditions), outputs, success_criteria, failure_modes (with repair_actions), escalation, responsibility, versioning, blast_radius.
Finding: any missing field → severity medium. Placeholder text (e.g. "Perform bounded operation", "target artifact") → severity high.
deterministic work must not be mixed with LLM_assisted judgment steps in a single EOU step.responsibility.executor must not equal responsibility.approver.Finding: violation → severity high.
outputs must include trace: foundry/runs/{eou_id}/{run_id}.yml.execution.steps must be specific enough to reconstruct what ran.Finding: absent trace output → severity medium.
For every EOU with function: generate:
generation_envelope.forbidden_outputs must include active_eou, approved_eou, constitution_change.generation_envelope.default_status must be candidate.generation_budget.max_candidates must be declared.minimality_test and operational_value_test must be declared.counter_generation.required must be true.Finding: any violation → severity high.
escalation.require_human_when.responsibility.cannot_delegate must list at least one item for EOUs with authority_level: mutate_active or higher.Finding: absent escalation on high-stakes EOU → severity high.
Skip if no captured_workflow exists with complete human_approval, OR if the spec's target_object is in rule_96_exempt_target_objects.
Verify that success_criteria.must_pass contains at least one entry whose text references at least one domain_value.id of priority ≤ 3 from the loaded captured_workflow.
Severity by lifecycle_stage:
active, monitored, stable → blockingpilot → highdraft or candidate → mediumRecord operationalized domain_value.id entries in the audit report under operationalized_values so future audits can detect drift. The test is string-match based; reviewers should spot-check value invocations for citation theater per the deferred counterfactual-swap defense (dev-docs/07-agentic-judgment-proposal.md).
Write one file per audited EOU to foundry/audits/eou-audits/{eou_id}.audit.yml:
audit_date:
eou_id:
eou_version:
checks:
- check_name: # faceted_classification | authority_blast_radius | structural_fields | separation_of_concerns | trace | generating_eou | escalation
status: # pass | fail | skip
findings:
- severity: # critical | high | medium | low
field: # YAML field path where the violation occurs
description:
required_fix:
summary:
total_findings:
by_severity: {critical: 0, high: 0, medium: 0, low: 0}
verdict: # PASS | FAIL | CONDITIONAL_PASS
When auditing the whole foundry/ directory, write one file per EOU. Do not merge findings across specs.
validate_foundry.py before manual checks — its output is authoritative for schema errors.