Skip to content

PNT next-steps items 1, 4, 3: Evaluate front-door, typed report, egress lint#6

Merged
richbodo merged 1 commit into
mainfrom
pnt-next-steps-1-4-3
May 29, 2026
Merged

PNT next-steps items 1, 4, 3: Evaluate front-door, typed report, egress lint#6
richbodo merged 1 commit into
mainfrom
pnt-next-steps-1-4-3

Conversation

@richbodo
Copy link
Copy Markdown
Owner

@richbodo richbodo commented May 29, 2026

Implements three items from plans/pnt-next-steps-plan.md (execution order 1 → 4 → 3). Items 5/6 (community-care use case, Tonsky file-sync) and item 2 (skill split) are deferred per the plan.

Item 1 — Install signpost + promote Evaluate

  • README.md: the three modes now lead with Evaluate ("audit any contact app for safety before you install it"), with a concrete symlink install snippet pointing to the User's Guide.
  • llms.txt: opens with a cold-agent "start with the skill" route to SKILL.md as the entry point.

Item 4 — Typed evaluate-report artifact

  • tools/evaluate-report.schema.json (JSON Schema Draft 2020-12): AC-keyed findings with per-AC status (conformant/non-conformant/not-applicable/unable-to-determine), code-location citations, a summary posture, and a source-tagged (deterministic/llm/human) evidence array. Conditional rules enforce citations on (non)conformant and rationale on n/a + undetermined.
  • Placed in tools/, not contracts/, because it realizes no AC (would fail lint-spec-ids.py).
  • SKILL.md evaluate flow emits the artifact as source of truth; the prose report is a view over it. Makes two runs on the same candidate diffable.

Item 3 — Egress lint (deterministic AC-1 sovereignty check)

  • tools/egress-lint.py: static scan for off-device egress vectors (fetch/XHR/sendBeacon/WebSocket/EventSource/import()/importScripts/axios/jQuery and HTML src/action/object data/<link href>/<use href>), flagging remote origins not on a per-flavor egress-allow.json. Ignores localhost, root-relative paths, data:/mailto:, xmlns, and <a href> navigation.
  • --json emits a source: deterministic, tool: egress-lint evidence object that validates against #/$defs/evidence in the item-4 schema and folds into an AC-1 finding (verified).
  • Self-test fixtures in tools/egress-lint-fixtures/{clean,dirty}, enforced by a new egress-lint-selftest CI job.

Docs

  • docs/users-guide.md: signals Evaluate as the low-friction front door, makes the typed-report diff/drift workflow actionable, threads egress-lint through the build (Goal 1) and audit (Goal 2) flows, expands tool discovery, and splits the status note into tested (deterministic tooling) vs not-yet-exercised-end-to-end (build/audit/contribute skill flows).
  • plans/pnt-next-steps-plan.md: items 1, 4, 3 marked done.

Verification (local)

  • lint-spec-ids.py → exit 0 (12/12 contracts).
  • egress-lint clean fixture → exit 0; dirty fixture → exit 1 (8 vectors); no false positives on xmlns/<a href>/mailto:/data:/localhost/root-relative.
  • evaluate-report schema valid (Draft 2020-12); sample instance + all conditional negative tests pass; egress-lint --json evidence validates against the schema and drops into a full report.

🤖 Generated with Claude Code

@richbodo @claude
Land PNT next-steps items 1, 4, 3: front-door, typed report, egress lint
5e50ca1 
Item 1 — Install signpost + promote Evaluate:
- README leads the three modes with Evaluate ("audit any contact app for
  safety before you install it") and carries a symlink install snippet.
- llms.txt opens with a cold-agent "start with the skill" route to SKILL.md.

Item 4 — Typed evaluate-report artifact:
- tools/evaluate-report.schema.json (JSON Schema Draft 2020-12): AC-keyed
  findings, per-AC status, citations, summary posture, and a source-tagged
  evidence array. Lives in tools/ (not contracts/) since it realizes no AC.
- SKILL.md evaluate flow emits the artifact as source of truth, prose as a view.

Item 3 — Egress lint (deterministic AC-1 sovereignty check):
- tools/egress-lint.py static-scans for off-device egress vectors against a
  per-flavor egress-allow.json allow-list; --json emits report-schema evidence.
- Self-test fixtures + new egress-lint-selftest CI job.

Docs: users-guide.md threads all three through the build/audit flows, splits the
status note into tested (deterministic tooling) vs not-yet-exercised (skill
flows), and expands tool discovery. Items 1/4/3 marked done in the plan.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@richbodo richbodo merged commit 6eafa17 into main May 29, 2026
2 checks passed
@richbodo richbodo mentioned this pull request May 29, 2026
Merged
richbodo added a commit that referenced this pull request May 31, 2026
@richbodo @claude
spec: extend Toolkit-Version stamping to the tools added by #6
ec01074 
egress-lint.py and evaluate-report.schema.json (landed on main via #6)
are toolkit artifacts too — stamp them and add them to the lint's
versioned set, so 'the entire toolkit is versioned as a unit' actually
holds after the merge with main.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This was referenced May 31, 2026
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@richbodo