33 lines
1.6 KiB
Markdown
33 lines
1.6 KiB
Markdown
|
|
# Audit Severity Guide
|
||
|
|
|
||
|
|
Shared three-tier severity classification used by all cc-architect audit
|
||
|
|
workflows (`${CLAUDE_PLUGIN_ROOT}/workflows/audit-plugin.md`,
|
||
|
|
`${CLAUDE_PLUGIN_ROOT}/workflows/audit-skill.md`,
|
||
|
|
`${CLAUDE_PLUGIN_ROOT}/workflows/audit-workflow.md`,
|
||
|
|
`${CLAUDE_PLUGIN_ROOT}/workflows/audit-command.md`).
|
||
|
|
|
||
|
|
## Tiers
|
||
|
|
|
||
|
|
| Tier | Meaning | Verdict impact |
|
||
|
|
|------|---------|-----------------|
|
||
|
|
| **Significant** | Breaks compliance or correctness: missing required structure, broken references, invalid manifest/frontmatter, ambiguous ownership, incomplete flow | 1+ significant → **Not Ready** |
|
||
|
|
| **Minor** | Works but deviates from convention: missing optional files, inconsistent patterns, suboptimal structure, missing recommended infrastructure | Does not block verdict; must still be reported |
|
||
|
|
| **Polish** | Cosmetic: wording, formatting, organization | Does not block verdict; optional to fix |
|
||
|
|
|
||
|
|
**Verdict rule:** Ready only if there are zero significant findings,
|
||
|
|
regardless of minor/polish count.
|
||
|
|
|
||
|
|
## Per-artifact specifics
|
||
|
|
|
||
|
|
Each audit workflow defines what counts as significant/minor/polish for its
|
||
|
|
artifact type (a plugin's significant findings differ from a skill's). Look
|
||
|
|
for the "Severity for X" section in the specific audit workflow — this
|
||
|
|
document only defines the shared tiers and verdict rule.
|
||
|
|
|
||
|
|
## Applying it
|
||
|
|
|
||
|
|
1. Classify every finding into exactly one tier.
|
||
|
|
2. Group findings by tier in the report (significant → minor → polish).
|
||
|
|
3. Compute the verdict from the significant count alone.
|
||
|
|
4. Present significant findings first when reporting to the user.
|