vijay_admin/sentryagent-idp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(governance): add V&V Architect (LeadValidator) — independent audit agent

Browse Source 
Fixes a critical bug where VALIDATOR.md contained a copy of start-validator.sh
(making the validator unlaunchable). Introduces a fully independent V&V Architect
agent that audits the codebase against the PRD and OpenSpec outside the CTO's
chain of command.

Changes:
- VALIDATOR.md: rewritten as proper system prompt (8-phase audit methodology,
  issue format, severity model, communication protocol)
- scripts/start-validator.sh: isolated workspace setup, sanity check, auto-init
  ledger, validator-specific CLAUDE.md (no CEO context contamination)
- openspec/vv_audit/LEDGER.md: shared audit ledger index (CEO release gate view)
- openspec/changes/archive/2026-04-07-vv-architect-setup/: full OpenSpec artifacts
  (proposal.md, design.md, tasks.md — 28 tasks, all complete)

Note: .cto-workspace/CLAUDE.md updated (gitignored — persists on disk only).
#vv-findings hub channel created for real-time validator notifications.

CEO approved 2026-04-07.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
SentryAgent.ai Developer
2026-04-07 02:56:36 +00:00
parent 8cabc0191c
commit d216096dfb
6 changed files with 633 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
openspec/changes/archive/2026-04-07-vv-architect-setup/proposal.md Normal file
View File

@@ -0,0 +1,54 @@
# OpenSpec Proposal — vv-architect-setup
**Status:** Approved & Archived
**Proposed:** 2026-04-07
**Approved by:** CEO
---
## Problem Statement
The SentryAgent.ai multi-agent engineering system has no independent quality gate.
The Virtual CTO directs the engineering team (Architect, Developer, QA), which means
the same chain of command that builds the software also signs off on its correctness.
This creates a conflict of interest — the team grades its own homework.
Additionally, `VALIDATOR.md` existed in the repository but contained the wrong content:
a copy of `scripts/start-validator.sh` (the shell script). If the validator had been
launched, Claude would have received a bash script as its system prompt, producing
a broken agent with no defined purpose or audit methodology.
## Proposed Solution
Introduce a **V&V Architect (Lead Validator)** — a 4th independent Claude Code instance
that runs outside the CTO's chain of command and reports directly to the CEO.
**WS1 — Fix VALIDATOR.md**
Rewrite `VALIDATOR.md` as the proper system prompt for the Lead Validator agent.
Must define: identity, independence principle, startup protocol, 8-phase audit
methodology, issue format, severity definitions, and communication protocol.
**WS2 — Fix start-validator.sh**
Update `scripts/start-validator.sh` to:
- Build a validator-specific workspace (not inherit CEO session context)
- Include a sanity check that aborts if VALIDATOR.md still contains shell script content
- Auto-initialise the shared V&V audit ledger on first run
**WS3 — Shared V&V Issue Ledger**
Create `openspec/vv_audit/` as the shared filesystem ledger accessible by both the
Validator and the CTO via absolute paths. Create `LEDGER.md` as the audit index.
**WS4 — Central Hub Channel**
Create `#vv-findings` channel on the central hub for real-time validator notifications
to CEO and CTO. BLOCKER findings also escalate to `#vpe-cto-approvals`.
**WS5 — CTO Peer-Review Protocol Update**
Update `.cto-workspace/CLAUDE.md` to reference the correct ledger path, hub channel,
and dispute/resolution process so the CTO knows how to respond to validator findings.
## CEO Approval
Approved 2026-04-07 per CEO directive:
"if possible — yes you have my approvals — as our technical and business consultant —
please make the changes you need to make sure we have fully independent system to check
we have fully implemented our PRD per OpenSpec protocols"