feat: carve cso into skeleton + on-demand section (security-safe)

Scope-dependent audit Phases 2-11 move to sections/audit-phases.md. Mode dispatch (## Arguments, ## Mode Resolution), always-run Phases 0/1, and the Phase 12 false-positive-filtering exceptions stay ALWAYS-LOADED in the skeleton. Skeleton 79,383 -> 65,117 B (-18%); union preserved. Adds a cso CARVE_GUARDS entry with an earliest-use invariant (mustPrecedeStop): mode dispatch must appear before any STOP-Read, so a directive that decides which sections to read can't be stranded behind the STOP that reads them (codex outside-voice #6). carve-guard-checks gains the mustPrecedeStop check. parity moves cso monolith -> generated carved entry. cso-preserved.test.ts strengthened: phrases checked against the union, plus an always-loaded contract on the skeleton (dispatch + FP-filtering, codex #5). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-18 15:50:11 +02:00 · 2026-06-07 17:57:50 -07:00
parent 672cbf6f30
commit 12ab68dda0
9 changed files with 662 additions and 558 deletions
@@ -1,16 +1,22 @@
 /**
- * cso security-guidance preservation test (v1.45.0.0 T6).
+ * cso security-guidance preservation test.
 *
- * The cso skill carries load-bearing security prose: OWASP Top 10 mappings,
- * STRIDE threat-model phrasing, "do not auto-fix without user approval"
- * gates. Codex 2nd-pass critique #9: "cso exemption too broad ... should
- * still get resolver dedup, catalog trim, sectioning if safe, and targeted
- * evals around must-not-miss checks."
+ * cso carries load-bearing security prose: OWASP Top 10 mappings, STRIDE
+ * threat-model phrasing, mode dispatch, and false-positive-filtering exceptions
+ * that must NOT be auto-discarded.
 *
- * This test pins the must-not-miss checks. cso gets the same resolver gate
- * (T2), jargon dedup (T3), and catalog trim (T4) as every other skill — but
- * its security-guidance body content stays intact. Future compression work
- * that would strip this content fails CI here.
+ * cso is now carved (skeleton SKILL.md + sections/audit-phases.md). The
+ * scope-dependent audit phases (2-11) moved to the section; the mode dispatch
+ * (## Arguments, ## Mode Resolution), the always-run phases (0, 1), and the
+ * FP-filtering exceptions (Phase 12) stay always-loaded in the skeleton.
+ *
+ * Two distinct guarantees (codex outside-voice #5 — earliest-use, not loose
+ * substrings):
+ *  1. PRESERVATION — the security phrases survive somewhere in the union
+ *     (skeleton + sections); a carve relocates, it never drops.
+ *  2. ALWAYS-LOADED CONTRACT — dispatch + FP-filtering directives stay in the
+ *     skeleton, and mode dispatch precedes any STOP-Read (a directive that
+ *     decides which sections to read can't sit behind the STOP that reads them).
 */

 import { describe, test, expect } from 'bun:test';
@@ -18,69 +24,84 @@ import * as fs from 'fs';
 import * as path from 'path';

 const REPO_ROOT = path.resolve(import.meta.dir, '..');
-const CSO_SKILL = path.join(REPO_ROOT, 'cso', 'SKILL.md');
+const CSO_DIR = path.join(REPO_ROOT, 'cso');
+const CSO_SKELETON = path.join(CSO_DIR, 'SKILL.md');

-const MUST_PRESERVE_PHRASES = [
-  // OWASP / STRIDE positioning
-  'OWASP',
-  'STRIDE',
-  // Mode discipline
-  'daily',
-  'comprehensive',
-  // Severity language
-  'confidence',
-  // Active verification requirement (codex critique: "active verification")
-  'verif', // covers "verify", "verification", "verified"
-];
+function readSkeleton(): string {
+  return fs.readFileSync(CSO_SKELETON, 'utf-8');
+}
+function readUnion(): string {
+  let text = readSkeleton();
+  const dir = path.join(CSO_DIR, 'sections');
+  if (fs.existsSync(dir)) {
+    for (const f of fs.readdirSync(dir).sort()) {
+      if (f.endsWith('.md') && !f.endsWith('.md.tmpl')) {
+        text += '\n' + fs.readFileSync(path.join(dir, f), 'utf-8');
+      }
+    }
+  }
+  return text;
+}

-const MUST_PRESERVE_HEADINGS = [
-  '## Preamble',  // from PREAMBLE resolver
-];
+// Security content that must survive the carve (checked against the UNION).
+const MUST_PRESERVE_PHRASES = ['OWASP', 'STRIDE', 'daily', 'comprehensive', 'confidence', 'verif'];

 describe('cso skill preserves load-bearing security guidance', () => {
-  test('cso/SKILL.md exists and is non-trivial', () => {
-    expect(fs.existsSync(CSO_SKILL)).toBe(true);
-    const content = fs.readFileSync(CSO_SKILL, 'utf-8');
-    // cso is a content-heavy security skill; under 30 KB suggests stripping went too far.
-    expect(content.length).toBeGreaterThan(30_000);
+  test('cso skeleton exists and is non-trivial', () => {
+    expect(fs.existsSync(CSO_SKELETON)).toBe(true);
+    // Skeleton stays substantial: dispatch + always-run phases + FP filtering +
+    // report phases are all always-loaded. Under 30 KB means too much moved out.
+    expect(readSkeleton().length).toBeGreaterThan(30_000);
  });

-  test('cso preserves required security phrases (case-insensitive)', () => {
-    const content = fs.readFileSync(CSO_SKILL, 'utf-8').toLowerCase();
-    const missing: string[] = [];
-    for (const phrase of MUST_PRESERVE_PHRASES) {
-      if (!content.includes(phrase.toLowerCase())) missing.push(phrase);
-    }
+  test('security phrases survive in the union (skeleton + sections)', () => {
+    const union = readUnion().toLowerCase();
+    const missing = MUST_PRESERVE_PHRASES.filter((p) => !union.includes(p.toLowerCase()));
    if (missing.length > 0) {
      throw new Error(
-        `cso/SKILL.md is missing required security phrases: ${missing.join(', ')}. ` +
-        `These are load-bearing for the skill's audit posture. If you intentionally ` +
-        `removed them, update this test with the new phrasing.`,
+        `cso union is missing required security phrases: ${missing.join(', ')}. ` +
+        `These are load-bearing. A carve relocates them; it must not drop them.`,
      );
    }
  });

-  test('cso preserves required headings', () => {
-    const content = fs.readFileSync(CSO_SKILL, 'utf-8');
-    for (const heading of MUST_PRESERVE_HEADINGS) {
-      expect(content).toContain(heading);
+  test('ALWAYS-LOADED: mode dispatch + FP-filtering stay in the skeleton', () => {
+    const skeleton = readSkeleton();
+    // Dispatch must be always-loaded — the agent resolves scope before reading sections.
+    expect(skeleton).toContain('## Arguments');
+    expect(skeleton).toContain('## Mode Resolution');
+    // FP-filtering with its critical exceptions is mandatory and must not be on-demand.
+    expect(skeleton).toContain('Phase 12');
+    // The "SKILL.md files are NOT documentation" exception is a must-not-miss
+    // security directive (skill supply-chain findings); it stays always-loaded.
+    expect(skeleton).toContain('NOT documentation');
+  });
+
+  test('EARLIEST-USE: mode dispatch precedes any STOP-Read directive (codex #6)', () => {
+    const skeleton = readSkeleton();
+    const stop = skeleton.indexOf('> **STOP.**');
+    const modeRes = skeleton.indexOf('## Mode Resolution');
+    const args = skeleton.indexOf('## Arguments');
+    expect(modeRes).toBeGreaterThan(-1);
+    expect(args).toBeGreaterThan(-1);
+    if (stop >= 0) {
+      // A dispatch directive stranded after the STOP can't govern which sections to read.
+      expect(args).toBeLessThan(stop);
+      expect(modeRes).toBeLessThan(stop);
    }
  });

  test('cso catalog trim landed (frontmatter description ≤ 200 chars)', () => {
-    const content = fs.readFileSync(CSO_SKILL, 'utf-8');
+    const content = readSkeleton();
    const fmMatch = content.match(/^---\n([\s\S]*?)\n---/);
    expect(fmMatch).not.toBeNull();
-    const fm = fmMatch![1];
-    const descMatch = fm.match(/^description:\s+(.+)$/m);
-    expect(descMatch).not.toBeNull();
-    const desc = descMatch![1].trim();
-    expect(desc.length).toBeLessThanOrEqual(200);
-    expect(desc).toContain('(gstack)');
+    const desc = fmMatch![1].match(/^description:\s+(.+)$/m);
+    expect(desc).not.toBeNull();
+    expect(desc![1].trim().length).toBeLessThanOrEqual(200);
+    expect(desc![1]).toContain('(gstack)');
  });

  test('cso routing prose moved to "## When to invoke" body section', () => {
-    const content = fs.readFileSync(CSO_SKILL, 'utf-8');
-    expect(content).toContain('## When to invoke this skill');
+    expect(readSkeleton()).toContain('## When to invoke this skill');
  });
 });
@@ -88,6 +88,19 @@ export function checkOrdering(root: string, guard: CarveGuard): string[] {
    }
  }

+  // 3b. Earliest-use: dispatch directives must appear BEFORE the first STOP
+  // (codex #6 — a directive that governs which sections to read can't sit after
+  // the STOP that reads them).
+  const firstStopIdx = skeleton.indexOf(STOP);
+  for (const anchor of guard.staticInvariants.mustPrecedeStop ?? []) {
+    const at = skeleton.indexOf(anchor);
+    if (at < 0) {
+      failures.push(`mustPrecedeStop anchor missing from skeleton: "${anchor}"`);
+    } else if (firstStopIdx >= 0 && at > firstStopIdx) {
+      failures.push(`mustPrecedeStop anchor "${anchor}" appears AFTER the STOP (stranded)`);
+    }
+  }
+
  // 4. Heavy body moved out of the skeleton but is preserved in the union.
  for (const moved of guard.staticInvariants.mustMoveToSection) {
    if (skeleton.includes(moved)) {
@@ -31,6 +31,14 @@ export interface CarveStaticInvariants {
   * universal STOP/section-index checks E2 already runs).
   */
  mustStayInSkeleton: string[];
+  /**
+   * Substrings that MUST appear in the skeleton BEFORE the first STOP-Read
+   * (earliest-use, codex #6). For cso: mode-dispatch directives (## Arguments,
+   * ## Mode Resolution) must be resolved before any section is read — a dispatch
+   * directive stranded after the STOP can't govern which sections to read.
+   * Empty/undefined = skip (most skills).
+   */
+  mustPrecedeStop?: string[];
  /**
   * Substrings that MUST be in the union (skeleton + sections) but MUST NOT be in
   * the skeleton — i.e. the heavy body that the carve relocated. Empty = skip.
@@ -225,6 +233,38 @@ export const CARVE_GUARDS: Record<string, CarveGuard> = {
    minUnionBytes: 72_000,
    mustContain: ['Typography', 'Color', 'Aesthetic Direction'],
  },
+  cso: {
+    skill: 'cso',
+    expectedSections: ['audit-phases.md'],
+    requiredReads: ['audit-phases.md'],
+    scenario:
+      'Run a security audit on this repository in --owasp mode (OWASP Top 10 only). Resolve the mode, do the Phase 0 stack detection and Phase 1 attack-surface census, then run the scoped audit phases and produce the findings report. Skip any step that needs network access.',
+    staticInvariants: {
+      // Dispatch + always-run + FP-filtering phases are ALWAYS loaded (security).
+      mustStayInSkeleton: [
+        '## Arguments',
+        '## Mode Resolution',
+        '### Phase 0',
+        '### Phase 1',
+        '### Phase 12',
+        '### Phase 13',
+        '### Phase 14',
+      ],
+      // Earliest-use: mode must be resolvable before any section is read (codex #6).
+      mustPrecedeStop: ['## Arguments', '## Mode Resolution'],
+      // Scope-dependent audit detail moved to the section.
+      mustMoveToSection: [
+        '### Phase 2: Secrets Archaeology',
+        '### Phase 9: OWASP Top 10 Assessment',
+        '### Phase 10: STRIDE Threat Model',
+      ],
+      gateAfterStop: undefined,
+    },
+    behavioral: 'prompt',
+    maxSkeletonBytes: 70_000,
+    minUnionBytes: 72_000,
+    mustContain: ['OWASP', 'STRIDE', 'daily', 'comprehensive', 'verif'],
+  },
 };

 /** Sorted carved-skill names. Consumers derive their lists from this — no parallel lists. */
@@ -205,13 +205,7 @@ export function runParityChecks(opts: {
 * from the size-budget / static / behavioral guards.
 */
 const MONOLITH_INVARIANTS: ParityInvariant[] = [
-  {
-    skill: 'cso',
-    mustContain: ['OWASP', 'STRIDE', 'daily', 'comprehensive', 'verif'],
-    mustHaveHeadings: ['## Preamble', '## When to invoke'],
-    maxSizeRatio: 1.05,
-    minBytes: 30_000,
-  },
+  // cso is now carved — its invariant is generated from CARVE_GUARDS below.
  {
    skill: 'review',
    mustContain: ['confidence', 'P1', 'P2'],