vijay_admin/sentryagent-idp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
sentryagent-idp/openspec/changes/archive/2026-04-07-vv-architect-setup/tasks.md
SentryAgent.ai Developer d216096dfb feat(governance): add V&V Architect (LeadValidator) — independent audit agent 
Fixes a critical bug where VALIDATOR.md contained a copy of start-validator.sh
(making the validator unlaunchable). Introduces a fully independent V&V Architect
agent that audits the codebase against the PRD and OpenSpec outside the CTO's
chain of command.

Changes:
- VALIDATOR.md: rewritten as proper system prompt (8-phase audit methodology,
  issue format, severity model, communication protocol)
- scripts/start-validator.sh: isolated workspace setup, sanity check, auto-init
  ledger, validator-specific CLAUDE.md (no CEO context contamination)
- openspec/vv_audit/LEDGER.md: shared audit ledger index (CEO release gate view)
- openspec/changes/archive/2026-04-07-vv-architect-setup/: full OpenSpec artifacts
  (proposal.md, design.md, tasks.md — 28 tasks, all complete)

Note: .cto-workspace/CLAUDE.md updated (gitignored — persists on disk only).
#vv-findings hub channel created for real-time validator notifications.

CEO approved 2026-04-07.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-07 02:56:36 +00:00

4.7 KiB
Raw Permalink Blame History

Tasks — vv-architect-setup

WS1 — Fix VALIDATOR.md (System Prompt)

  • 1.1 Identify the bug: VALIDATOR.md contained an exact copy of scripts/start-validator.sh (byte-for-byte identical — 1900 bytes each)
  • 1.2 Rewrite VALIDATOR.md as the proper system prompt for the LeadValidator agent
  • 1.3 Define validator identity and independence principle (not under CTO authority; reports to CEO)
  • 1.4 Define 6-step startup protocol (read PRD → register hub → check ledger → check channel → report readiness → begin audit)
  • 1.5 Define Phase A — OpenSpec task completeness check (verify all archived tasks.md [x] items have corresponding code)
  • 1.6 Define Phase B — API surface audit (every route must have an OpenAPI spec; spec must match implementation)
  • 1.7 Define Phase C — TypeScript standards audit (no any, strict mode, JSDoc, error hierarchy)
  • 1.8 Define Phase D — DRY principle audit (no duplicated logic, utility files as single sources of truth)
  • 1.9 Define Phase E — SOLID principles audit (SRP spot-checks on key services, constructor injection)
  • 1.10 Define Phase F — Test coverage audit (>80% threshold, integration tests for all endpoints)
  • 1.11 Define Phase G — AGNTCY compliance audit (agent identity model, lifecycle, DID, conformance tests)
  • 1.12 Define Phase H — Security audit (OWASP Top 10 checks)
  • 1.13 Define issue format: VV_ISSUE_NNN.md with Status, Severity, Category, Finding, Evidence, Required Action, CTO Response, Resolution
  • 1.14 Define severity model: BLOCKER / MAJOR / MINOR with clear ownership and release impact
  • 1.15 Define communication protocol: #vv-findings for routine findings, #vpe-cto-approvals for BLOCKER escalations
  • 1.16 Define dispute resolution protocol: CTO writes justification → Validator evaluates → CEO as final arbiter
  • 1.17 Define AUDIT LEDGER INDEX maintenance requirements

WS2 — Fix scripts/start-validator.sh

  • 2.1 Remove the line that copies CEO's CLAUDE.md into the validator workspace (was contaminating validator with CEO-session context)
  • 2.2 Add sanity check: abort with clear error if VALIDATOR.md first line is #!/bin/bash (prevents relaunching with wrong content)
  • 2.3 Add SHARED_LEDGER variable pointing to openspec/vv_audit/
  • 2.4 Add mkdir -p "$SHARED_LEDGER" to auto-create ledger directory on first run
  • 2.5 Add auto-initialisation of LEDGER.md if it does not exist (idempotent — skipped if already present)
  • 2.6 Write validator-specific CLAUDE.md to workspace (absolute paths only, no CEO-session context, no role-switching instructions)
  • 2.7 Update echoed launch checklist to reflect validator's actual responsibilities
  • 2.8 Ensure exec claude --system-prompt-file "$VALIDATOR_SYSTEM_PROMPT" uses the correct variable name

WS3 — Shared V&V Issue Ledger

  • 3.1 Create openspec/vv_audit/ directory in project root (accessible by both validator and CTO via absolute paths)
  • 3.2 Create openspec/vv_audit/LEDGER.md — structured audit index with Summary table, Issue Index, Audit History, and usage instructions
  • 3.3 Document who updates what: Validator updates Summary and Issue Index; CTO updates issue files; CEO reads for release gate status

WS4 — Central Hub Channel

  • 4.1 Create #vv-findings channel on central hub with description: "V&V Architect findings — audit issues, BLOCKER notifications, resolution tracking"
  • 4.2 Verify #vpe-cto-approvals (CEO channel) already exists — BLOCKER escalations go here

WS5 — CTO Peer-Review Protocol Update

  • 5.1 Update .cto-workspace/CLAUDE.md Peer-Review Protocol section
  • 5.2 Replace relative path ./specs/issues/ with absolute path openspec/vv_audit/
  • 5.3 Add #vv-findings channel reference
  • 5.4 Clarify CTO cannot dismiss validator findings — only resolve or dispute
  • 5.5 Clarify BLOCKER resolution protocol: CEO automatically notified; CTO must not resolve without CEO awareness
  • 5.6 Add instruction on how to start the validator (./scripts/start-validator.sh)

WS6 — OpenSpec Documentation (this change)

  • 6.1 Create openspec/changes/archive/2026-04-07-vv-architect-setup/ directory
  • 6.2 Write proposal.md — problem statement, proposed solution, CEO approval
  • 6.3 Write design.md — architecture, decisions (D1D5), file map, hub channels
  • 6.4 Write tasks.md (this file) — complete task breakdown with all items checked
  • 6.5 Create specs/ directory (no API specs needed — this is agent governance tooling, not an API change)
  • 6.6 Commit all changes to git: VALIDATOR.md, scripts/start-validator.sh, openspec/vv_audit/, openspec/changes/archive/2026-04-07-vv-architect-setup/
Reference in New Issue View Git Blame Copy Permalink