v1.57.0.0 feat: carve-guard system + carve cso/document-release/design-consultation (#1907)

* test: canonical CARVE_GUARDS registry; derive parity + size-budget from it

Single source of truth for the carved-skill set + per-skill invariants
(EQ1). parity-harness.ts sectioned entries and skill-size-budget.ts
SECTIONS_EXTRACTED now derive from it instead of hand-maintained lists.
Closes a pre-existing drift: plan-devex-review was in SECTIONS_EXTRACTED
but had no sectioned parity invariant; now generated. carve-guards.ts is
a pure leaf data module (import type only) to avoid an import cycle.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test: shared carve-guard check fns with injectable root

discoverCarvedSkills/checkOrdering/checkCompleteness take a root param so
the negative tests can point the real guards at a fixture dir.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test: E2 data-driven carve static ordering guard (gate)

Per-PR backstop for every carved skill, one test() per skill, driven by
CARVE_GUARDS staticInvariants. Generalizes + retires the ceo-specific
ordering test.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test: E1 carve-guard completeness meta-guard (gate)

Asserts filesystem carved set == CARVE_GUARDS set both directions, so a
future carve without a registry entry fails CI.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test: ET1 guard-of-guards negative tests (gate)

Temp fixture broken 3 ways proves E1/E2 actually throw, via the injectable
root. Kills the silent-pass-guard failure class.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test: T2 data-driven behavioral section-loading guard (periodic)

One file iterating CARVE_GUARDS, one test() per skill with GSTACK_CARVE_SKILL
cost-scoping (D-CODEX A). external carves (ship, plan-ceo) keep bespoke
tests; testNames aligned to their touchfile keys. Registered in touchfiles.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: defer E3 real-session carve canary to TODOS

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: carve document-release into skeleton + on-demand section

Steps 2-9 (per-file audit, auto-updates, risky-change asks, CHANGELOG
voice polish, cross-doc consistency, TODOS cleanup, VERSION bump, commit +
PR body) move to sections/release-body.md, read on demand after the Step
1.5 coverage map. Skeleton 59,256 -> 45,797 B (-23%); union preserved.
Adds the CARVE_GUARDS entry (auto-extends parity + size-budget via EQ1).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: carve design-consultation into skeleton + on-demand section

Phases 3-6 (complete proposal, drill-downs, design preview, writing
DESIGN.md) move to sections/proposal-and-preview.md, read on demand after
product context + research. Skeleton 80,719 -> 59,229 B (-27%); union
preserved. Adds the CARVE_GUARDS entry.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: carve cso into skeleton + on-demand section (security-safe)

Scope-dependent audit Phases 2-11 move to sections/audit-phases.md. Mode
dispatch (## Arguments, ## Mode Resolution), always-run Phases 0/1, and the
Phase 12 false-positive-filtering exceptions stay ALWAYS-LOADED in the
skeleton. Skeleton 79,383 -> 65,117 B (-18%); union preserved.

Adds a cso CARVE_GUARDS entry with an earliest-use invariant (mustPrecedeStop):
mode dispatch must appear before any STOP-Read, so a directive that decides
which sections to read can't be stranded behind the STOP that reads them
(codex outside-voice #6). carve-guard-checks gains the mustPrecedeStop check.
parity moves cso monolith -> generated carved entry. cso-preserved.test.ts
strengthened: phrases checked against the union, plus an always-loaded
contract on the skeleton (dispatch + FP-filtering, codex #5).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test: make redaction/taxonomy tests union-aware for cso + document-release carves

The cso carve moved Secrets Archaeology (prefixes, lib/redact-patterns.ts
pointer, git-history scan) into sections/audit-phases.md, and the
document-release carve moved the Step 9 PR-body redaction scan into
sections/release-body.md. Three content-presence tests asserted that content
in the skeleton SKILL.md/.md.tmpl; they now read the skeleton+sections union
(same fix as cso-preserved + parity).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* chore: bump version and changelog (v1.57.0.0)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix: address pre-landing review (codex) on the carve

- cso section: add a scope-gate header so '--owasp' (and other scoped modes)
  run only their selected phases, not every phase bundled in the section
  ('execute in full' no longer overrides Mode Resolution).
- carve-guard-checks: gateAfterStop now compares against the LAST STOP, not the
  first, so a gate stranded between two STOPs in a multi-STOP skeleton fails.
- TODOS: behavioral section-loading hermeticity (verifier matches global-install
  path, not the fixture) — pre-existing in auq-sdk-capture.ts, deferred.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

test/carve-guards-negative.test.ts

@@ -0,0 +1,100 @@
+/**
+ * ET1 — guard-of-guards negative tests (GATE tier, free).
+ *
+ * Proves the guards actually BITE. The happy-path E1/E2 tests prove the real
+ * skills pass; these prove a BROKEN carve fails. Without this, a logic bug in
+ * checkOrdering/checkCompleteness would pass silently and protect nothing — the
+ * exact silent-pass failure class this whole effort exists to kill.
+ *
+ * The checks take an injectable `root` (codex #5), so we point the REAL guard
+ * functions at a temp fixture dir broken three ways — not at a wrapper.
+ */
+
+import { describe, test, expect, beforeAll, afterAll } from 'bun:test';
+import * as fs from 'fs';
+import * as os from 'os';
+import * as path from 'path';
+import type { CarveGuard } from './helpers/carve-guards';
+import { checkOrdering, checkCompleteness, discoverCarvedSkills } from './helpers/carve-guard-checks';
+
+let root = '';
+
+/** Write a syntactically-valid carved skill under `root`. */
+function writeCarve(skill: string, opts: { stop: boolean; autoGen: boolean; leakBody: boolean }) {
+  const dir = path.join(root, skill);
+  const secDir = path.join(dir, 'sections');
+  fs.mkdirSync(secDir, { recursive: true });
+  fs.writeFileSync(
+    path.join(secDir, 'manifest.json'),
+    JSON.stringify({ skill, sections: [{ id: 'body', file: 'body.md', title: 'Body', trigger: 'doing the work' }] }),
+  );
+  const header = opts.autoGen ? '<!-- AUTO-GENERATED -->\n' : '';
+  fs.writeFileSync(path.join(secDir, 'body.md'), `${header}## Heavy Body\nThe real work lives here. MOVED_MARKER.\n`);
+  const stopLine = opts.stop ? '> **STOP.** Before doing the work, Read `sections/body.md` and execute it.\n' : '';
+  const leak = opts.leakBody ? 'MOVED_MARKER\n' : '';
+  fs.writeFileSync(
+    path.join(dir, 'SKILL.md'),
+    `# ${skill}\n## Step 0: Setup\nstays here\n## Section index\n| When | Read |\n${stopLine}${leak}## EXIT PLAN MODE GATE\n`,
+  );
+}
+
+const guardFor = (skill: string): CarveGuard => ({
+  skill,
+  expectedSections: ['body.md'],
+  requiredReads: ['body.md'],
+  scenario: 'do the work',
+  staticInvariants: {
+    mustStayInSkeleton: ['## Step 0: Setup'],
+    mustMoveToSection: ['MOVED_MARKER'],
+    gateAfterStop: 'EXIT PLAN MODE GATE',
+  },
+  maxSkeletonBytes: 999_999,
+  minUnionBytes: 0,
+  mustContain: [],
+});
+
+beforeAll(() => {
+  root = fs.mkdtempSync(path.join(os.tmpdir(), 'carve-neg-'));
+});
+afterAll(() => {
+  fs.rmSync(root, { recursive: true, force: true });
+});
+
+describe('guard-of-guards — the guards bite (gate, free)', () => {
+  test('a well-formed fixture carve passes checkOrdering (control)', () => {
+    writeCarve('goodskill', { stop: true, autoGen: true, leakBody: false });
+    expect(checkOrdering(root, guardFor('goodskill'))).toEqual([]);
+    fs.rmSync(path.join(root, 'goodskill'), { recursive: true, force: true });
+  });
+
+  test('E2 fails when the STOP-Read directive is removed', () => {
+    writeCarve('nostopskill', { stop: false, autoGen: true, leakBody: false });
+    const failures = checkOrdering(root, guardFor('nostopskill'));
+    expect(failures.some((f) => f.includes('no STOP-Read directive'))).toBe(true);
+    fs.rmSync(path.join(root, 'nostopskill'), { recursive: true, force: true });
+  });
+
+  test('E2 fails when heavy body leaks back into the skeleton', () => {
+    writeCarve('leakskill', { stop: true, autoGen: true, leakBody: true });
+    const failures = checkOrdering(root, guardFor('leakskill'));
+    expect(failures.some((f) => f.includes('still in the skeleton'))).toBe(true);
+    fs.rmSync(path.join(root, 'leakskill'), { recursive: true, force: true });
+  });
+
+  test('E2 fails when a section is hand-edited (no AUTO-GENERATED header)', () => {
+    writeCarve('handeditskill', { stop: true, autoGen: false, leakBody: false });
+    const failures = checkOrdering(root, guardFor('handeditskill'));
+    expect(failures.some((f) => f.includes('hand-edited'))).toBe(true);
+    fs.rmSync(path.join(root, 'handeditskill'), { recursive: true, force: true });
+  });
+
+  test('E1 fails when a skill is carved on disk but missing from the registry', () => {
+    writeCarve('unregisteredskill', { stop: true, autoGen: true, leakBody: false });
+    // Discovery sees it...
+    expect(discoverCarvedSkills(root)).toContain('unregisteredskill');
+    // ...and completeness flags it as an unguarded carve.
+    const failures = checkCompleteness(root);
+    expect(failures.some((f) => f.includes('unregisteredskill') && f.includes('NOT in CARVE_GUARDS'))).toBe(true);
+    fs.rmSync(path.join(root, 'unregisteredskill'), { recursive: true, force: true });
+  });
+});