Skip to content

feat(v0.1.3): audience classifier + --audit-profile suppression + p1-env-hints Pattern 2 #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
brettdavies merged 6 commits into from
Apr 22, 2026
Merged

feat(v0.1.3): audience classifier + --audit-profile suppression + p1-env-hints Pattern 2 #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c458adf
feat(scorecard): add audience classifier + wire into JSON emission
brettdavies Apr 21, 2026
d78085c
feat(cli): add --audit-profile suppression + scorecard echo
brettdavies Apr 21, 2026
3a46134
feat(p1-env-hints): add Pattern 2 bash-style $FOO detection
brettdavies Apr 22, 2026
4704f5b
docs: update CLAUDE.md after v0.1.3 audience classifier ships
brettdavies Apr 22, 2026
73ef0dc
refactor(help_probe): drop three redundant guards in extract_env_tokens
brettdavies Apr 22, 2026
d5e61f6
chore(completions): regenerate after --audit-profile flag addition
brettdavies Apr 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 12 additions & 5 deletions CLAUDE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,10 @@ coverage matrix pin against them.
grows.
- `Applicability::Universal` means every CLI; `Applicability::Conditional(reason)` names the gate in prose so the matrix
and the site `/coverage` page can render it.
- `ExceptionCategory` is reserved for v0.1.3 `audit_profile` suppression — do not consume before then.
- `ExceptionCategory` drives `--audit-profile` suppression. The `SUPPRESSION_TABLE` maps each variant to the check IDs
it suppresses; drift tests fail the build if a category has no entry or a listed check ID isn't in the catalog. Adding
a fifth category requires a plan revision — the four v0.1.3 categories (`human-tui`, `file-traversal`,
`posix-utility`, `diagnostic-only`) are the committed surface.

## covers() Declaration

Expand Down Expand Up @@ -131,15 +134,19 @@ deliberate commit, not a build-time artifact — the matrix is citable from outs

## Scorecard v1.1 Fields

`src/scorecard.rs` emits `schema_version: "1.1"` with three additions over the v1.0 shape:
`src/scorecard/mod.rs` emits `schema_version: "1.1"` with three additions over the v1.0 shape:

- `coverage_summary` — three-way `{must, should, may} × {total, verified}` counts, computed from the checks that
actually ran. Populated every run.
- `audience` — `Option<String>`, serialized `null` until v0.1.3 wires the audience classifier. Reserved.
- `audit_profile` — `Option<String>`, serialized `null` until v0.1.3 wires `registry.yaml` suppression. Reserved.
- `audience` — `Option<String>`, derived by `src/scorecard/audience.rs::classify()` from the 4 signal behavioral checks.
Emits `"agent_optimized"`, `"mixed"`, `"human_primary"`, or `null` when any signal check is missing from results
(including when suppressed by `--audit-profile`). The classifier is read-only over results and never gates totals or
exit codes — per CEO review Finding #3, label mismatches are fixed via registry, not classifier logic.
- `audit_profile` — `Option<String>`, echoes the applied `--audit-profile` flag value (`"human-tui"`,
`"file-traversal"`, `"posix-utility"`, `"diagnostic-only"`). `null` when no profile is set.

Consumers (notably the site's `/score/<tool>` page) must feature-detect the new fields — pre-v1.1 scorecards lack
them until handoff 3 regenerates.
them. v0.1.2 scorecards carry `audience: null` and `audit_profile: null`; v0.1.3+ populates both.

## Dogfooding Safety

Expand Down
137 changes: 134 additions & 3 deletions completions/anc.bash
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,26 +22,47 @@ _anc() {
anc,completions)
cmd="anc__completions"
;;
anc,generate)
cmd="anc__generate"
;;
anc,help)
cmd="anc__help"
;;
anc__generate,coverage-matrix)
cmd="anc__generate__coverage__matrix"
;;
anc__generate,help)
cmd="anc__generate__help"
;;
anc__generate__help,coverage-matrix)
cmd="anc__generate__help__coverage__matrix"
;;
anc__generate__help,help)
cmd="anc__generate__help__help"
;;
anc__help,check)
cmd="anc__help__check"
;;
anc__help,completions)
cmd="anc__help__completions"
;;
anc__help,generate)
cmd="anc__help__generate"
;;
anc__help,help)
cmd="anc__help__help"
;;
anc__help__generate,coverage-matrix)
cmd="anc__help__generate__coverage__matrix"
;;
*)
;;
esac
done

case "${cmd}" in
anc)
opts="-q -h -V --quiet --help --version check completions help"
opts="-q -h -V --quiet --help --version check completions generate help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 1 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
Expand All @@ -55,7 +76,7 @@ _anc() {
return 0
;;
anc__check)
opts="-q -h --command --binary --source --principle --output --include-tests --quiet --help [PATH]"
opts="-q -h --command --binary --source --principle --output --include-tests --audit-profile --quiet --help [PATH]"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
Expand All @@ -73,6 +94,10 @@ _anc() {
COMPREPLY=($(compgen -W "text json" -- "${cur}"))
return 0
;;
--audit-profile)
COMPREPLY=($(compgen -W "human-tui file-traversal posix-utility diagnostic-only" -- "${cur}"))
return 0
;;
*)
COMPREPLY=()
;;
Expand All @@ -94,8 +119,86 @@ _anc() {
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
anc__generate)
opts="-q -h --quiet --help coverage-matrix help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
anc__generate__coverage__matrix)
opts="-q -h --out --json-out --check --quiet --help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
--out)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--json-out)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
anc__generate__help)
opts="coverage-matrix help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
anc__generate__help__coverage__matrix)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
anc__generate__help__help)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
anc__help)
opts="check completions help"
opts="check completions generate help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
Expand Down Expand Up @@ -136,6 +239,34 @@ _anc() {
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
anc__help__generate)
opts="coverage-matrix"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
anc__help__generate__coverage__matrix)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
anc__help__help)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
Expand Down
35 changes: 34 additions & 1 deletion completions/anc.elvish
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,35 +26,68 @@ set edit:completion:arg-completer[anc] = {|@words|
cand --version 'Print version'
cand check 'Check a CLI project or binary for agent-readiness'
cand completions 'Generate shell completions'
cand generate 'Generate build artifacts (coverage matrix, etc.)'
cand help 'Print this message or the help of the given subcommand(s)'
}
&'anc;check'= {
cand --command 'Resolve a command from PATH and run behavioral checks against it'
cand --principle 'Filter checks by principle number (1-7)'
cand --output 'Output format'
cand --audit-profile 'Exemption category for the target. Suppresses checks that do not apply to this class of tool — e.g., TUI apps legitimately intercept the TTY, so `--audit-profile human-tui` skips the interactive-prompt MUSTs. Suppressed checks emit `Skip` with structured evidence so readers see what was excluded'
cand --binary 'Run only behavioral checks (skip source analysis)'
cand --source 'Run only source checks (skip behavioral)'
cand --include-tests 'Include test code in source analysis'
cand -q 'Suppress non-essential output'
cand --quiet 'Suppress non-essential output'
cand -h 'Print help (see more with ''--help'')'
cand --help 'Print help (see more with ''--help'')'
}
&'anc;completions'= {
cand -q 'Suppress non-essential output'
cand --quiet 'Suppress non-essential output'
cand -h 'Print help'
cand --help 'Print help'
}
&'anc;completions'= {
&'anc;generate'= {
cand -q 'Suppress non-essential output'
cand --quiet 'Suppress non-essential output'
cand -h 'Print help'
cand --help 'Print help'
cand coverage-matrix 'Render the spec coverage matrix (registry → checks → artifact)'
cand help 'Print this message or the help of the given subcommand(s)'
}
&'anc;generate;coverage-matrix'= {
cand --out 'Path for the Markdown artifact. Defaults to `docs/coverage-matrix.md`'
cand --json-out 'Path for the JSON artifact. Defaults to `coverage/matrix.json`'
cand --check 'Exit non-zero when committed artifacts differ from generated output. CI drift guard'
cand -q 'Suppress non-essential output'
cand --quiet 'Suppress non-essential output'
cand -h 'Print help'
cand --help 'Print help'
}
&'anc;generate;help'= {
cand coverage-matrix 'Render the spec coverage matrix (registry → checks → artifact)'
cand help 'Print this message or the help of the given subcommand(s)'
}
&'anc;generate;help;coverage-matrix'= {
}
&'anc;generate;help;help'= {
}
&'anc;help'= {
cand check 'Check a CLI project or binary for agent-readiness'
cand completions 'Generate shell completions'
cand generate 'Generate build artifacts (coverage matrix, etc.)'
cand help 'Print this message or the help of the given subcommand(s)'
}
&'anc;help;check'= {
}
&'anc;help;completions'= {
}
&'anc;help;generate'= {
cand coverage-matrix 'Render the spec coverage matrix (registry → checks → artifact)'
}
&'anc;help;generate;coverage-matrix'= {
}
&'anc;help;help'= {
}
]
Expand Down
26 changes: 22 additions & 4 deletions completions/anc.fish
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,18 +29,36 @@ complete -c anc -n "__fish_anc_needs_command" -s h -l help -d 'Print help'
complete -c anc -n "__fish_anc_needs_command" -s V -l version -d 'Print version'
complete -c anc -n "__fish_anc_needs_command" -f -a "check" -d 'Check a CLI project or binary for agent-readiness'
complete -c anc -n "__fish_anc_needs_command" -f -a "completions" -d 'Generate shell completions'
complete -c anc -n "__fish_anc_needs_command" -f -a "generate" -d 'Generate build artifacts (coverage matrix, etc.)'
complete -c anc -n "__fish_anc_needs_command" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
complete -c anc -n "__fish_anc_using_subcommand check" -l command -d 'Resolve a command from PATH and run behavioral checks against it' -r -f -a "(__fish_complete_command)"
complete -c anc -n "__fish_anc_using_subcommand check" -l principle -d 'Filter checks by principle number (1-7)' -r
complete -c anc -n "__fish_anc_using_subcommand check" -l output -d 'Output format' -r -f -a "text\t''
json\t''"
complete -c anc -n "__fish_anc_using_subcommand check" -l audit-profile -d 'Exemption category for the target. Suppresses checks that do not apply to this class of tool — e.g., TUI apps legitimately intercept the TTY, so `--audit-profile human-tui` skips the interactive-prompt MUSTs. Suppressed checks emit `Skip` with structured evidence so readers see what was excluded' -r -f -a "human-tui\t'TUI-by-design tools (lazygit, k9s, btop). Suppresses interactive-prompt MUSTs and SIGPIPE — their contract is the TTY'
file-traversal\t'File-traversal utilities (fd, find). Reserved for subcommand-structure relaxations as those checks land'
posix-utility\t'POSIX utilities (cat, sed, awk). P1 interactive-prompt MUSTs satisfied vacuously via stdin-primary input'
diagnostic-only\t'Diagnostic tools (nvidia-smi, vmstat). No write operations, so the P5 mutation-boundary MUSTs do not apply'"
complete -c anc -n "__fish_anc_using_subcommand check" -l binary -d 'Run only behavioral checks (skip source analysis)'
complete -c anc -n "__fish_anc_using_subcommand check" -l source -d 'Run only source checks (skip behavioral)'
complete -c anc -n "__fish_anc_using_subcommand check" -l include-tests -d 'Include test code in source analysis'
complete -c anc -n "__fish_anc_using_subcommand check" -s q -l quiet -d 'Suppress non-essential output'
complete -c anc -n "__fish_anc_using_subcommand check" -s h -l help -d 'Print help'
complete -c anc -n "__fish_anc_using_subcommand check" -s h -l help -d 'Print help (see more with \'--help\')'
complete -c anc -n "__fish_anc_using_subcommand completions" -s q -l quiet -d 'Suppress non-essential output'
complete -c anc -n "__fish_anc_using_subcommand completions" -s h -l help -d 'Print help'
complete -c anc -n "__fish_anc_using_subcommand help; and not __fish_seen_subcommand_from check completions help" -f -a "check" -d 'Check a CLI project or binary for agent-readiness'
complete -c anc -n "__fish_anc_using_subcommand help; and not __fish_seen_subcommand_from check completions help" -f -a "completions" -d 'Generate shell completions'
complete -c anc -n "__fish_anc_using_subcommand help; and not __fish_seen_subcommand_from check completions help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
complete -c anc -n "__fish_anc_using_subcommand generate; and not __fish_seen_subcommand_from coverage-matrix help" -s q -l quiet -d 'Suppress non-essential output'
complete -c anc -n "__fish_anc_using_subcommand generate; and not __fish_seen_subcommand_from coverage-matrix help" -s h -l help -d 'Print help'
complete -c anc -n "__fish_anc_using_subcommand generate; and not __fish_seen_subcommand_from coverage-matrix help" -f -a "coverage-matrix" -d 'Render the spec coverage matrix (registry → checks → artifact)'
complete -c anc -n "__fish_anc_using_subcommand generate; and not __fish_seen_subcommand_from coverage-matrix help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
complete -c anc -n "__fish_anc_using_subcommand generate; and __fish_seen_subcommand_from coverage-matrix" -l out -d 'Path for the Markdown artifact. Defaults to `docs/coverage-matrix.md`' -r -F
complete -c anc -n "__fish_anc_using_subcommand generate; and __fish_seen_subcommand_from coverage-matrix" -l json-out -d 'Path for the JSON artifact. Defaults to `coverage/matrix.json`' -r -F
complete -c anc -n "__fish_anc_using_subcommand generate; and __fish_seen_subcommand_from coverage-matrix" -l check -d 'Exit non-zero when committed artifacts differ from generated output. CI drift guard'
complete -c anc -n "__fish_anc_using_subcommand generate; and __fish_seen_subcommand_from coverage-matrix" -s q -l quiet -d 'Suppress non-essential output'
complete -c anc -n "__fish_anc_using_subcommand generate; and __fish_seen_subcommand_from coverage-matrix" -s h -l help -d 'Print help'
complete -c anc -n "__fish_anc_using_subcommand generate; and __fish_seen_subcommand_from help" -f -a "coverage-matrix" -d 'Render the spec coverage matrix (registry → checks → artifact)'
complete -c anc -n "__fish_anc_using_subcommand generate; and __fish_seen_subcommand_from help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
complete -c anc -n "__fish_anc_using_subcommand help; and not __fish_seen_subcommand_from check completions generate help" -f -a "check" -d 'Check a CLI project or binary for agent-readiness'
complete -c anc -n "__fish_anc_using_subcommand help; and not __fish_seen_subcommand_from check completions generate help" -f -a "completions" -d 'Generate shell completions'
complete -c anc -n "__fish_anc_using_subcommand help; and not __fish_seen_subcommand_from check completions generate help" -f -a "generate" -d 'Generate build artifacts (coverage matrix, etc.)'
complete -c anc -n "__fish_anc_using_subcommand help; and not __fish_seen_subcommand_from check completions generate help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
complete -c anc -n "__fish_anc_using_subcommand help; and __fish_seen_subcommand_from generate" -f -a "coverage-matrix" -d 'Render the spec coverage matrix (registry → checks → artifact)'
Loading