docs(#19): full rule-audit table at docs/rule-audit.md

[atlas-apex]

Summary

Full rule-audit table at docs/rule-audit.md — every MUST / NEVER / HARD-STOP rule across CLAUDE.md, 8 .claude/rules/*.md files, and 3 workflows/*.md files, each mapped to its enforcement mechanism (hook, agent, or prose) and classified as mechanized / partially mechanized / advisory / deferred.

73 rows across 9 sections. This is the documentation artifact that AgDR-0001 explicitly deferred: the design decisions were captured in the AgDR, but the complete enumeration of which rules are mechanized vs advisory was not. This PR closes that gap.

Refs #19

Counts

Status	Count	Meaning
Mechanized	26	Enforced by a hook — the harness blocks the action
Partial	6	Part of the rule is hooked, part stays prose (e.g. workflow gates with composite sub-rules)
Advisory	36	Self-discipline, not mechanizable in a shell harness (lint-level, behavioral, metric-based)
Deferred	5	Mechanizable but tracked as a separate open ticket (#15, #20, #21, #22, #23, #25)

What changed

• New docs/rule-audit.md (183 lines) — 9-section table with a "How to use this doc" header explaining when to update the table and the changelog-vs-new-AgDR rule of thumb.
• CLAUDE.md Quick Reference — added one row pointing to the audit doc.

Ambiguity calls documented in the table

1. Composite workflow gates (gates 2/3/4) — each gate is a multi-part rule where some sub-parts are hooked and others aren't. Classified as partial with a note.
2. Ticket vocabulary — the rule is self-discipline on chat output (advisory) but the backstops on durable artifacts (validate-pr-create, verify-commit-refs) are mechanical. Classified as partial.
3. Pre-push lint/typecheck/test/build — pre-push-gate.sh is a reminder, not a runner. The actual pass/fail is per-project CI. Classified as partial.
4. Coverage > 80% — appears in three different source files. Deduplicated to one row citing all three sources.

Non-goals

• No new hooks
• No rule-file changes (the table observes, it doesn't prescribe)
• Does not modify AgDR-0001

Glossary

Term	Definition
Rule audit	The complete enumeration of every MUST/NEVER/HARD-STOP rule in the framework, mapped to its enforcement mechanism.
Mechanized	Enforced by a shell hook that blocks the tool call (exit 2). The harness runs it; Claude cannot skip it.
Advisory	A rule that depends on self-discipline or lint-level tooling, not a shell hook. The model may drop it under pressure.
Partial	A composite rule where some sub-parts are hooked and others stay prose.
Deferred	Mechanizable in principle, but tracked as a separate open ticket rather than implemented now.
AgDR changelog	An amendment section appended to a historical AgDR to record threshold refinements without rewriting the original decision block. Pattern established in #18.

Test plan

• Visual review: every MUST in every source file appears in the table
• grep -rn 'MUST\|NEVER\|HARD.STOP' CLAUDE.md .claude/rules/ workflows/ count matches the 73-row table ± deduplication
• CLAUDE.md Quick Reference link resolves correctly
• Code Reviewer (Rex) review
• Explicit per-PR CEO approval

🤖 Generated with Claude Code

[atlas-apex]

Code Review: PR #27

Commit: 2dffa8a29147baad0b3d5ac6b2bc2841ad62e6a0

Summary

Pure-docs PR adding docs/rule-audit.md — a 73-row audit table mapping every MUST/NEVER/HARD-STOP rule to its enforcement mechanism, plus one Quick Reference row in CLAUDE.md.

Checklist Results

• N/A Architecture & DDD: docs-only, no code
• N/A Code Quality: docs-only
• N/A Testing: docs-only
• ✅ Security: no secrets, no code
• N/A Performance: docs-only
• ✅ PR Description & Glossary: present and thorough (6 terms defined)
• ✅ Technical Decisions (AgDR): N/A — no new decisions; correctly references AgDR-0001

Issues Found

None blocking.

Cross-Reference Results

1. Completeness: 73 rows cover all 8 rule files + 3 workflow files + CLAUDE.md. Two minor DDD prescriptions from code-standards.md ("Value objects for domain concepts", "Domain events for side effects") are not individually listed — defensible since they lack MUST/NEVER language, but worth noting if the intent is exhaustive coverage.

2. Hook attributions: every hook filename in the table matches a real entry in .claude/settings.json. Matchers (if: patterns) align correctly with PreToolUse/PostToolUse/SessionStart events.

3. Partial classifications: all 6 justified. Composite workflow gates (2/3/4), ticket vocabulary, pre-push reminder, and IaC review — each explains which sub-part is hooked and which stays prose.

4. Deferred tickets: all 6 references (#15, #20, #21, #22, #23, #25) verified open. The 5-rows-vs-6-tickets discrepancy is explained in the summary paragraph.

5. Changelog-vs-new-AgDR rule of thumb: clear, actionable test ("would a reader who only saw the new state understand why without re-reading the old options?"). Consistent with AgDR-0001's post-ship amendment pattern.

6. CLAUDE.md Quick Reference link: points to docs/rule-audit.md — correct path.

7. PR quality: glossary present with 6 terms; title format docs(#19): valid; single ticket ref; Refs #19 used (appropriate for QA-state workflow).

Suggestions (nice-to-have, not blocking)

• Consider adding the two missing DDD lines (value objects, domain events) to the code-standards section for completeness, even if marked advisory. They are style prescriptions without MUST language, so omission is reasonable.

Surprising

The footnote system is well-done — six footnotes with cross-references to AgDR-0001 rationale. The [^coverage] footnote explaining why framework-level coverage enforcement was rejected adds real value for anyone forking apexstack and wondering "why isn't this a hook?"

Verdict

COMMENT — no blocking issues. Thorough, well-structured, accurate.

---

🤖 Reviewed by Rex (Code Reviewer Agent)
📌 Reviewed commit: 2dffa8a29147baad0b3d5ac6b2bc2841ad62e6a0