All-Bun sub-agent that watches open PRs on Gitea, reads ship-claims,
and hard-blocks merges when the code doesn't back the claim. First
commit of N; this is the skeleton. Dynamic/static/inference/kb checks
+ poller land in follow-up commits on this same branch.
- auditor/types.ts — Claim, Finding, Verdict, PrSnapshot shapes
- auditor/gitea.ts — minimal API client (listOpenPrs, getPrDiff,
postCommitStatus, postReview). Live-proven: returned 0 open PRs
against our repo (which IS the current state — every commit today
went to main directly, which is the problem this auditor is meant
to prevent)
- auditor/policy.ts — stub `assembleVerdict` + severity rules.
Intentionally conservative defaults: strong claim + zero evidence
= block, not warn.
- auditor/README.md — how to run + the hard-block mechanism
Workflow discipline change: starting with this branch, no more
direct pushes to main. Every change lands as a PR. When this
auditor is fully built and running, it'll review its own
completion PR — the recursive self-test.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
