From 419ab076aa95a8d0ab6b93af1be118350ac8e0f4 Mon Sep 17 00:00:00 2001 From: jordyamoedo Date: Sun, 14 Jun 2026 23:25:27 -0300 Subject: [PATCH 1/2] docs(governance): PROP-20260614-forensic-output-authorship.yaml --- ...P-20260614-forensic-output-authorship.yaml | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 governance/proposals/PROP-20260614-forensic-output-authorship.yaml diff --git a/governance/proposals/PROP-20260614-forensic-output-authorship.yaml b/governance/proposals/PROP-20260614-forensic-output-authorship.yaml new file mode 100644 index 0000000000..bfb2f8acc0 --- /dev/null +++ b/governance/proposals/PROP-20260614-forensic-output-authorship.yaml @@ -0,0 +1,58 @@ +framework_proposal: + version: "1.0" + id: "PROP-20260614-forensic-output-authorship" + date: "2026-06-14" + proposer: "external-contributor (consumer-project audit)" + source_finding: "AF-20260614-forensic-output-authorship" + + target: + layer: "L2" + artifact_type: "rule" + artifact_path: ".claude/rules/output-conventions.md (NEW) + produced_by frontmatter in story/gate templates" + operation: "create" + + generalization: + pattern_name: "Forensic authorship + root-cause tagging" + when_to_apply: | + Any project where multiple agents/models produce artifacts (stories, gates, + reports, docs), and where failed gates should teach the PROCESS instead of + being re-fixed at the symptom. Two conventions: + 1. produced_by — every agent-generated artifact carries + `produced_by: { agent, model, date }` in its frontmatter/header. + 2. process_breakpoint — every gate with a non-PASS verdict tags, per issue, + WHERE in the process the error was born (incomplete story? context-less + handoff? unvalidated input? environment?). "Fix the process, not the symptom." + examples_from_other_domains: + - "Multi-model pipelines: knowing which model produced an artifact is the input to model-tiering / validation sampling" + - "Quality gates: tagging where a defect was born reveals recurring process breakpoints to mechanize" + - "Audit trails: 'who/which model produced what' is forensic provenance for any agentic system" + + migration_path: + breaking_change: false + affected_consumers: [] + rollout_plan: | + Additive. Adds a documentation rule and two optional frontmatter fields. + No existing behavior changes; both conventions are advisory (report-only). + + deprecation_plan: + deprecates: [] + sunset_window: "n/a" + + cost_benefit: + cost: "~1 documentation rule + two optional frontmatter fields" + benefit: | + Directly feeds the framework's own evolution-pipeline: produced_by gives the + provenance the pipeline needs (who/which model), and process_breakpoint surfaces + recurring failure points that become promotion candidates. Forensic, cheap, advisory. + risk: "low — additive; advisory by default; predicate is presence-of-frontmatter-field (100% checkable)" + + approval: + eliel_decision: "PENDING" + eliel_decision_at: null + eliel_decision_rationale: "" + revision_request: [] + + implementation: + pr_url: "" + merged_at: "" + distributed_to: [] From 1ed52c08a856d201dd5eda9fa5bbfeda38bc7950 Mon Sep 17 00:00:00 2001 From: jordyamoedo Date: Sun, 14 Jun 2026 23:25:57 -0300 Subject: [PATCH 2/2] docs(governance): AF-20260614-forensic-output-authorship.yaml --- ...F-20260614-forensic-output-authorship.yaml | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 audits/promoted/AF-20260614-forensic-output-authorship.yaml diff --git a/audits/promoted/AF-20260614-forensic-output-authorship.yaml b/audits/promoted/AF-20260614-forensic-output-authorship.yaml new file mode 100644 index 0000000000..84430645c9 --- /dev/null +++ b/audits/promoted/AF-20260614-forensic-output-authorship.yaml @@ -0,0 +1,37 @@ +audit_finding: + version: "1.0" + id: "AF-20260614-forensic-output-authorship" + date: "2026-06-14" + auditor: "external-contributor (@aiox-master in a consumer project)" + source_session: "Comparative audit of a hardened consumer fork against aiox-core v5.2.9" + + context: + project: "a production consumer project (anonymized)" + epic: "framework learning-loop audit" + triggered_by: "The framework's evolution-pipeline needs provenance and recurring-breakpoint signals it cannot currently capture" + + finding: + summary: "Agent-produced artifacts carry no authorship/provenance metadata, and failed gates record the symptom rather than WHERE in the process the error was born — so recurring issues get re-fixed at the symptom and the loop never learns." + evidence: + - "No produced_by header on stories/gates/reports → cannot tell which agent/model produced an artifact" + - "Gate findings describe the defect, not the process step that produced it (story / handoff / input / environment)" + - "Without a breakpoint tag, the same root cause recurs and is patched again at the symptom" + impact_observed: + blast_radius: "medium" + affected_artifacts: ["stories", "quality gates", "reports", "the evolution-pipeline's own inputs"] + cost: "Lost provenance for model-tiering decisions; recurring defects re-fixed instead of mechanized" + + framework_candidate: true + framework_candidate_rationale: | + Project-agnostic. Any agentic framework with multiple models and quality gates + benefits from provenance (produced_by) and root-cause tagging (process_breakpoint). + Both are presence-of-field predicates — mechanizable as advisory, no judgement needed. + + references: + - kind: pattern + path: "Forensic authorship + root-cause tagging" + + proposed_disposition: + - "Add produced_by frontmatter convention to agent-generated artifacts" + - "Add process_breakpoint to every non-PASS gate finding" + - "Adopt 'a recurring breakpoint is fixed at the process, not the symptom' as a closing rule"