chore(#221): retrofit 7 audit skills onto _lib-audit-history.sh

[atlas-apex]

Summary

• Retrofits the 7 remaining audit skills onto _lib-audit-history.sh (the shared persistence + trend lib shipped in feat(#218): audit-skill artefact persistence + canonical structure #222)
• Each skill (/compliance-check, /accessibility-audit, /performance-audit, /seo-audit, /monitoring-audit, /docs-audit, /analytics-audit) now writes a structured JSON+MD pair per run AND appends a trend section, mirroring the threat-model and security-review pilots from feat(#218): audit-skill artefact persistence + canonical structure #222
• 7 new canonical templates at templates/audits/<dim>.md, each shaped for its dimension (POUR groupings for accessibility, Diataxis quadrants for docs, regulatory exposure for compliance, etc.)
• Per-skill mapping from each existing legacy verdict vocabulary (e.g. "GDPR readiness: NOT READY", "Incident readiness: NOT READY", "Documentation readiness: PARTIAL") → the generic three-state (pass / conditional / fail) so trend renderer comparisons stay coherent across dimensions
• After this PR, all 9 audit skills consume the shared lib uniformly. The audit-skill family is fully on-pattern.

Why this matters

Before this PR, only /launch-check (since #183), /threat-model and /security-review (since #222) wrote structured artefacts. The other 7 audits dumped findings to stdout and disappeared. Comparing two compliance reviews from a quarter apart was an exercise in reading two free-form essays.

After this PR, every audit run (/threat-model, /security-review, AND the 7 in this PR) lands in projects/<name>/audits/<dimension>/<ts>.md + runs/<ts>.json with frontmatter that the trend renderer can compare across runs. Any audit dimension answering "is the project's posture improving or regressing" is now a audit_render_trend "<project>" "<dim>" 5 away — no per-skill custom code.

The retrofits were mechanical because the shared lib was designed for it: each skill assembles a findings[] array (lowercase severity), composes its dimension-specific MD body, and calls audit_run_persist + audit_render_trend. ~70 lines of additional SKILL.md content per skill, all following the same pattern.

Testing

• Each retrofitted SKILL.md includes a ## Persist the run + render trend section before the existing ## Rules section, with subsections for project/score/verdict resolution + payload+body construction + persist call + trend render + opt-in commit marker
• Each retrofitted SKILL.md gains 2 new Rules entries: "Always persist via the lib" + "Severity vocabulary in the JSON is lowercase"
• Each canonical template at templates/audits/<dim>.md exists and has dimension-specific structure (verified via ls templates/audits/ — 9 templates total, including the 2 from feat(#218): audit-skill artefact persistence + canonical structure #222)
• grep verifies each retrofitted SKILL has both audit_run_persist AND audit_render_trend mentions (2 hits each)
• Reviewer can spot-check one or two retrofits against the /threat-model retrofit from feat(#218): audit-skill artefact persistence + canonical structure #222 to confirm structural symmetry (they should look near-identical except for dimension name + finding examples)
• Reviewer can sanity-check the legacy-vocabulary mapping in each "Resolve verdict" section is sensible (e.g. "GDPR readiness: PARTIAL → conditional", "Incident readiness: NOT READY → fail")
• Manual smoke test post-merge: invoke any of the 7 retrofitted skills against a registered project, confirm artefact written under projects/<name>/audits/<dimension>/, confirm trend renders on a second invocation

Glossary

Term	Definition
Retrofit	The mechanical SKILL.md edit + template creation that brings a previously-stdout-only audit skill onto the shared _lib-audit-history.sh API. Same pattern across all 7 dimensions.
Per-dim canonical template	A reference markdown file at templates/audits/<dim>.md capturing the dimension-specific shape of the audit's body (POUR groupings, Diataxis quadrants, regulatory exposure tables, etc.). The skill itself embeds equivalent shape inline; the template is a copy-paste starting point.
Legacy verdict vocabulary	Each pre-existing audit skill had its own verdict shape (GDPR readiness: READY/PARTIAL/NOT READY, Incident readiness: READY/NOT READY, Documentation readiness: COMPLETE/PARTIAL/MISSING, etc.). Each retrofit documents the per-skill mapping to the generic three-state (pass/conditional/fail) so trend rendering across mixed-dimension data stays coherent.
Headline score	score = max(0, 100 - 25*critical - 10*high - 3*medium - 1*low) — single 0-100 number per run plotted on the trend chart's Y-axis. Same formula across all 9 audits for cross-dimension comparability.
POUR groupings	Accessibility findings are organised by WCAG's four principles: Perceivable, Operable, Understandable, Robust. The accessibility template surfaces this grouping in its body.
Diataxis quadrants	Documentation findings are organised by the Diataxis framework's four documentation types: tutorials, how-to guides, reference, explanation. The docs-audit template surfaces this grouping.

🤖 Generated with Claude Code

[atlas-apex]

Code Review: PR #239

Commit: aedd800c9c4835c87b7430b1dfadc67a1d8daeaa

Summary

Mechanical retrofit completing #221 — brings the remaining 7 audit skills (/compliance-check, /accessibility-audit, /performance-audit, /seo-audit, /monitoring-audit, /docs-audit, /analytics-audit) onto the shared _lib-audit-history.sh API shipped in #222. After this, all 9 audit skills consume the lib uniformly. +600/−0 across 14 files (7 SKILL.md modified, 7 templates added).

Checklist Results

• Architecture & Design: Pass — uses lib as-shipped; no lib changes (verified diff has no hits on _lib-audit-history.sh).
• Code Quality: Pass — high structural symmetry across all 7 retrofits.
• Testing: Pass — manual smoke-test plan documented in PR body; mechanical edits + new templates don't warrant unit tests.
• Security: N/A — no auth/crypto/secrets paths touched.
• Performance: N/A — documentation/skill edits only.
• PR Description & Glossary: Pass — Summary, Why, Testing, Glossary all present; 6 well-defined glossary entries (Retrofit, Per-dim canonical template, Legacy verdict vocabulary, Headline score, POUR groupings, Diataxis quadrants).
• Technical Decisions (AgDR):N/A — load-bearing decisions captured in AgDR-0019 (already on dev). This PR is mechanical application.

Verification of reviewer asks

1. Structural symmetry across the 7 retrofits — Confirmed. Each modified SKILL.md inserts ## Persist the run + render trend before ## Rules, with the same three subsections (### Resolve project name + score + verdict, ### Persist + render, ### Opt-in commit). Each calls audit_run_persist + audit_render_trend with the dimension's own slug.
2. Score formula consistency — Confirmed. score = max(0, 100 - 25*critical - 10*high - 3*medium - 1*low) appears verbatim in all 7 retrofits. Verdict mapping (critical/high → fail, medium → conditional, low/none → pass) is consistent.
3. Legacy-vocabulary mappings — Confirmed per skill: accessibility "WCAG 2.1 AA estimate" (FAIL/PARTIAL/PASS), compliance "GDPR readiness" (NOT READY/PARTIAL/READY), docs "Documentation readiness" (PARTIAL/MISSING/COMPLETE), monitoring "Incident readiness" (NOT READY/READY), performance "Performance readiness" (NEEDS WORK/GOOD), SEO "SEO readiness" (GOOD/NEEDS WORK). All map cleanly to the three-state.
4. Dimension-specific templates — Confirmed via spot-checks: accessibility groups by POUR (Perceivable/Operable/Understandable/Robust) with WCAG criterion numbers; docs groups by Diataxis quadrants (Tutorials/How-to/Reference/Explanation) plus README quality + Staleness sections; compliance has dedicated "Regulatory exposure" section citing GDPR Art. 6/7/17 and ePrivacy. Templates are not generic boilerplate.
5. 2 new Rules entries per skill — Confirmed. All 7 retrofits add identical entries 5 + 6: "Always persist via the lib" and "Severity vocabulary in the JSON is lowercase."
6. No lib changes — Confirmed. _lib-audit-history.sh does not appear in the diff.
7. PR body + commit format — Pass. Title chore(#221): retrofit 7 audit skills onto _lib-audit-history.sh matches the validator regex; body includes Closes #221. CI green (lychee, markdownlint, ticket-ID check).

Issues Found

None blocking.

Suggestions (non-blocking)

• The compliance-check retrofit's Rule #6 has slightly more explanatory text than the other 6 (mentions stats.by_severity). Minor inconsistency — feel free to leave or harmonise.
• Per-skill audit_run_persist example calls all use placeholder "fail" + numeric scores (60/55/35). Consistent with the pilots; no action needed.

Verdict

APPROVED (submitting as comment because Rex cannot self-approve via gh).

Mechanical retrofit is on-pattern with #222, structurally symmetric across all 7 dimensions, with dimension-specific templates that demonstrate care (POUR / Diataxis / regulatory-exposure groupings rather than copy-paste boilerplate). Glossary is high-quality and explains the retrofit + legacy-vocabulary mapping concepts cleanly. Ready to merge subject to CEO approval.

---

Reviewed by Rex (Code Reviewer Agent)
Reviewed commit: aedd800c9c4835c87b7430b1dfadc67a1d8daeaa