fix: resolve review round 3 findings

- reviewer, auditor: add qa-checklist to skills (both produce envelopes) - worker-protocol: annotate ac_coverage as optional in envelope template - message-schema: document that security_findings.high is non-blocking - qa-checklist: reframe plan_result has_blockers as intent confirmation
2026-05-08 11:40:12 -04:00 · 2026-04-02 08:03:31 -04:00 · 2026-04-02 08:03:31 -04:00 · 7fdbb40656
commit 7fdbb40656
parent 76f7f16eff
5 changed files with 5 additions and 3 deletions
--- a/agents/auditor.md
+++ b/agents/auditor.md
@ -9,6 +9,7 @@ maxTurns: 25
 skills:
  - conventions
  - message-schema
+  - qa-checklist
  - project
 ---

--- a/agents/reviewer.md
+++ b/agents/reviewer.md
@ -9,6 +9,7 @@ maxTurns: 20
 skills:
  - conventions
  - message-schema
+  - qa-checklist
  - project
 ---

--- a/skills/message-schema/SKILL.md
+++ b/skills/message-schema/SKILL.md
@ -118,7 +118,7 @@ typecheck_status: pass | fail | skipped
 Required: `type`, `signal`, `security_findings`, `build_status`, `test_status`
 Optional: `typecheck_status`

-**Hard rule:** `security_findings.critical > 0` or `build_status: fail` or `test_status: fail` requires `signal: fail`.
+**Hard rule:** `security_findings.critical > 0` or `build_status: fail` or `test_status: fail` requires `signal: fail`. High-severity findings (`security_findings.high > 0`) do not require `fail` — use `pass_with_notes`.

 Body: Security findings by severity (or CLEAN), then Runtime section with tested/passed/failed.

--- a/skills/qa-checklist/SKILL.md
+++ b/skills/qa-checklist/SKILL.md
@ -48,7 +48,7 @@ Before returning your output, validate against every item below. If you find a v
 - Are hard rules satisfied?
  - `review_verdict`: `critical_count > 0` requires `signal: fail`
  - `audit_verdict`: `security_findings.critical > 0` or `build_status: fail` or `test_status: fail` requires `signal: fail`
-  - `plan_result`: `has_blockers: true` requires orchestrator escalation to user before worker dispatch
+  - `plan_result`: if you set `has_blockers: true`, confirm this is intentional — it triggers user escalation before worker dispatch

 ## After validation

--- a/skills/worker-protocol/SKILL.md
+++ b/skills/worker-protocol/SKILL.md
@ -15,7 +15,7 @@ signal: rfr | blocked | escalate
 files_changed:
  - path/to/file1
  - path/to/file2
-ac_coverage:
+ac_coverage:                          # optional — omit when no AC provided
  AC1: pass | fail | partial | na
  AC2: pass | fail | partial | na
 qa_check: pass | fail