Audit System

  period: project
  owner: hinata
  status: living
  converted: 2026-05-28

Audit System Overview

The six-audit chain that keeps Hinata internally consistent: structure, agent, task, prompt, website, orchestration. Plus audit-audit (meta — inspects the auditors). CLI health checks fold into /chat-audit (not a standalone audit).

Severity Spectrum

structure-audit          Most violent — moves folders, deletes files
agent-audit              Creates/removes/updates agent definitions
task-audit               Reclassifies, moves, discards files
prompt-audit             Communication layer — prompts only
website-audit            Live web surfaces, deploy scripts, CF config
orchestration-audit      LaunchAgents, cron, daemon health, service topology

Changes ripple upward and downward — a structure change makes agent definitions potentially stale, etc.

Skill Paths

~/.claude/skills/structure-audit/SKILL.md
~/.claude/skills/agent-audit/SKILL.md
~/.claude/skills/task-audit/SKILL.md
~/.claude/skills/prompt-audit/SKILL.md
~/.claude/skills/website-audit/SKILL.md
~/.claude/skills/orchestration-audit/SKILL.md
~/.claude/skills/audit-audit/SKILL.md (meta)

CLI Health Checks — Folded into /chat-audit

CLI health checks (installed CLIs, auth state, config inventory, routing compliance) are not a standalone audit. They are folded into /chat-audit.

Why: CLI health is a harness-layer concern that surfaces in conversation context, not a vault structural change. /chat-audit already owns lost-context recovery and transcript health — CLI status is a natural addition there.

Severity spectrum: structure → agent → task → prompt → website → orchestration.

audit-audit Phase 2j still covers CLI-audit integration check — the cross-check remains; only the standalone skill path is removed.

Audit Chain Skills Path

All audit cross-location path verification must scan ~/.claude/skills/ as the authoritative skill location.

Why: Skills migrated from .claude/commands/ (vault-local) to ~/.claude/skills/ (global) in session 2026-05-15. The vault-local location is now secondary. Audits that only scan .claude/commands/ will miss hardcoded paths and stale references in the active skills.

How to apply: Any audit phase that runs a cross-location path check or skill staleness scan must include ~/.claude/skills/ as a root. The Python glob in structure-audit Phase 3d and agent-audit Phase 2g now include this.

Audit Scope Gaps — Webhooks, Workers, Orchestration

Task #840027 raised three concerns the website-audit chain does NOT cover: (a) Cloudflare Worker scripts, (b) Inbound webhooks, (c) Cross-job orchestration.

(a) Cloudflare Workers → AUGMENT website-audit

Placement: Add Phase 10 "Worker integrity" to ~/.claude/skills/website-audit/SKILL.md. 1 Worker in production today — premature to spawn a dedicated audit. Re-evaluation trigger: if Worker count reaches 3+ or Workers diverge across multiple apps, fork into worker-audit.

(b) Webhooks → DEFER (reserve slot)

No audit created. Zero active inbound webhooks today. Telegram uses polling. Named emergence trigger: first inbound webhook receiver lands in Sandpit/hinata/applications/*/api/.

(c) Orchestration → NEW: `orchestration-audit`

30 LaunchAgents on macOS host with overlapping time windows. Imminent host migration (Pi takes cron ownership). New ~/.claude/skills/orchestration-audit/SKILL.md (7th audit; 8th counting audit-audit). Covers: plist ↔ script sync, time-slot collision detection, loaded vs expected drift, retry policy presence, event-stream instrumentation, cross-host invariant.

Sign-off: Orochimaru PENDING — concurrence required before orchestration-audit SKILL.md is committed.

Real-World Finding (2026-05-26)

UCL seed verification surfaced that the UCL LaunchAgent had been failing silently — python3.13 not found because the plist lacked an EnvironmentVariables/PATH block. PL plist had the same issue. Both fixed. Quick scan found 10 other com.hinata.*.plist files with the same missing-PATH pattern: health-export, health-normaliser, inbox-clear, nightly-vault-diff, normalise-inbox, pilates-researcher, poll-monzo, smoking-update, telegram-poller, transcribe-audio. Strengthens the case for orchestration-audit ratification.

Finding → task conversion contract

Law since 2026-06-10 (finding H15, full-stack diagnostic). An audit is not finished when its report is written — it is finished when every finding has become exactly one of:

a task row in the-government/tasks/tasks.json with an owner, or
an explicit no-action ruling recorded in the report (with one-line reason), or
an interview question surfaced to Michael.

A report whose findings exist nowhere in the ledger is an unfinished audit; the fold step that closes the audit checks this conversion before sign-off. (Precedent: the 2026-06-10 diagnostic's 38 findings converted to tasks 024–027, rulings, and three interview items in the same cycle.)

◆ hinata · projects/audit-system.html · phase-18 flatten

Audit System ​

Audit System Overview ​

Severity Spectrum ​

Skill Paths ​

CLI Health Checks — Folded into /chat-audit ​

Audit Chain Skills Path ​

Audit Scope Gaps — Webhooks, Workers, Orchestration ​

(a) Cloudflare Workers → AUGMENT website-audit ​

(b) Webhooks → DEFER (reserve slot) ​

(c) Orchestration → NEW: orchestration-audit ​

Real-World Finding (2026-05-26) ​

Finding → task conversion contract ​