feat: add TestTypeFileConvention audit check

AST-based test enforcing that type definitions live in types.go.
Detects "pure type implementation files" (types + receivers only,
no standalone functions) and auto-exempts them. 38 existing
violations grandfathered; new violations fail the test.

Includes TestTypeFileConventionReport for detailed analysis output.
Also adds GITNEXUS.md and CLAUDE.md cross-reference.

Spec: specs/ast-audit-tests.md
Signed-off-by: Jose Alekhinne <jose@ctx.ist>

Author: josealekhine

.context/TASKS.md

@@ -27,7 +27,7 @@ TASK STATUS LABELS:
 
 ### Code Cleanup Findings
 
-- [ ] Add TestTypeFileConvention audit check: type definitions must live in types.go, not mixed into function files. Scan all non-test .go files for ast.TypeSpec declarations; flag any that appear in files not named types.go. Migrate violations. #priority:medium #added:2026-04-03-030033
+- [x] Add TestTypeFileConvention audit check: type definitions must live in types.go, not mixed into function files. Scan all non-test .go files for ast.TypeSpec declarations; flag any that appear in files not named types.go. Migrate violations. #priority:medium #added:2026-04-03-030033 #done:2026-04-03
 
 - [ ] Extend flagbind helpers (IntFlag, DurationFlag, DurationFlagP, StringP, BoolP) and migrate ~50 call sites to unblock TestNoFlagBindOutsideFlagbind #added:2026-04-01-233250
 

CLAUDE.md

@@ -86,5 +86,9 @@ GitNexus code intelligence is available via MCP skills in
 `.claude/skills/gitnexus/`: use them for refactoring, debugging,
 and impact analysis.
 
+Further GitNexus tips, usage patterns, tables, command examples, and
+more can be found in [GITNEXUS.md](GITNEXUS.md) (slim file: ~120 lines; 
+read it in full while you're here).
+
 Gemini Search is available via the `gemini-search` MCP server:
 prefer it over built-in web search for faster, more accurate results.

GITNEXUS.md

@@ -0,0 +1,121 @@
+<!-- gitnexus:start -->
+# GitNexus — Code Intelligence
+
+This project is indexed by GitNexus as **ctx** (13417 symbols, 67059 relationships, 257 execution flows). Use the GitNexus MCP tools to understand code, assess impact, and navigate safely.
+
+> If any GitNexus tool warns the index is stale, run `npx gitnexus analyze` in terminal first.
+
+## Always Do
+
+- **MUST run impact analysis before editing any symbol.** Before modifying a function, class, or method, run `gitnexus_impact({target: "symbolName", direction: "upstream"})` and report the blast radius (direct callers, affected processes, risk level) to the user.
+- **MUST run `gitnexus_detect_changes()` before committing** to verify your changes only affect expected symbols and execution flows.
+- **MUST warn the user** if impact analysis returns HIGH or CRITICAL risk before proceeding with edits.
+- When exploring unfamiliar code, use `gitnexus_query({query: "concept"})` to find execution flows instead of grepping. It returns process-grouped results ranked by relevance.
+- When you need full context on a specific symbol — callers, callees, which execution flows it participates in — use `gitnexus_context({name: "symbolName"})`.
+
+## When Debugging
+
+1. `gitnexus_query({query: "<error or symptom>"})` — find execution flows related to the issue
+2. `gitnexus_context({name: "<suspect function>"})` — see all callers, callees, and process participation
+3. `READ gitnexus://repo/ctx/process/{processName}` — trace the full execution flow step by step
+4. For regressions: `gitnexus_detect_changes({scope: "compare", base_ref: "main"})` — see what your branch changed
+
+## When Refactoring
+
+- **Renaming**: MUST use `gitnexus_rename({symbol_name: "old", new_name: "new", dry_run: true})` first. Review the preview — graph edits are safe, text_search edits need manual review. Then run with `dry_run: false`.
+- **Extracting/Splitting**: MUST run `gitnexus_context({name: "target"})` to see all incoming/outgoing refs, then `gitnexus_impact({target: "target", direction: "upstream"})` to find all external callers before moving code.
+- After any refactor: run `gitnexus_detect_changes({scope: "all"})` to verify only expected files changed.
+
+## Never Do
+
+- NEVER edit a function, class, or method without first running `gitnexus_impact` on it.
+- NEVER ignore HIGH or CRITICAL risk warnings from impact analysis.
+- NEVER rename symbols with find-and-replace — use `gitnexus_rename` which understands the call graph.
+- NEVER commit changes without running `gitnexus_detect_changes()` to check affected scope.
+
+## Tools Quick Reference
+
+| Tool | When to use | Command |
+|------|-------------|---------|
+| `query` | Find code by concept | `gitnexus_query({query: "auth validation"})` |
+| `context` | 360-degree view of one symbol | `gitnexus_context({name: "validateUser"})` |
+| `impact` | Blast radius before editing | `gitnexus_impact({target: "X", direction: "upstream"})` |
+| `detect_changes` | Pre-commit scope check | `gitnexus_detect_changes({scope: "staged"})` |
+| `rename` | Safe multi-file rename | `gitnexus_rename({symbol_name: "old", new_name: "new", dry_run: true})` |
+| `cypher` | Custom graph queries | `gitnexus_cypher({query: "MATCH ..."})` |
+
+## Impact Risk Levels
+
+| Depth | Meaning | Action |
+|-------|---------|--------|
+| d=1 | WILL BREAK — direct callers/importers | MUST update these |
+| d=2 | LIKELY AFFECTED — indirect deps | Should test |
+| d=3 | MAY NEED TESTING — transitive | Test if critical path |
+
+## Resources
+
+| Resource | Use for |
+|----------|---------|
+| `gitnexus://repo/ctx/context` | Codebase overview, check index freshness |
+| `gitnexus://repo/ctx/clusters` | All functional areas |
+| `gitnexus://repo/ctx/processes` | All execution flows |
+| `gitnexus://repo/ctx/process/{name}` | Step-by-step execution trace |
+
+## Self-Check Before Finishing
+
+Before completing any code modification task, verify:
+1. `gitnexus_impact` was run for all modified symbols
+2. No HIGH/CRITICAL risk warnings were ignored
+3. `gitnexus_detect_changes()` confirms changes match expected scope
+4. All d=1 (WILL BREAK) dependents were updated
+
+## Keeping the Index Fresh
+
+After committing code changes, the GitNexus index becomes stale. Re-run analyze to update it:
+
+```bash
+npx gitnexus analyze
+```
+
+If the index previously included embeddings, preserve them by adding `--embeddings`:
+
+```bash
+npx gitnexus analyze --embeddings
+```
+
+To check whether embeddings exist, inspect `.gitnexus/meta.json` — the `stats.embeddings` field shows the count (0 means no embeddings). **Running analyze without `--embeddings` will delete any previously generated embeddings.**
+
+> Claude Code users: A PostToolUse hook handles this automatically after `git commit` and `git merge`.
+
+## CLI
+
+| Task | Read this skill file |
+|------|---------------------|
+| Understand architecture / "How does X work?" | `.claude/skills/gitnexus/gitnexus-exploring/SKILL.md` |
+| Blast radius / "What breaks if I change X?" | `.claude/skills/gitnexus/gitnexus-impact-analysis/SKILL.md` |
+| Trace bugs / "Why is X failing?" | `.claude/skills/gitnexus/gitnexus-debugging/SKILL.md` |
+| Rename / extract / split / refactor | `.claude/skills/gitnexus/gitnexus-refactoring/SKILL.md` |
+| Tools, resources, schema reference | `.claude/skills/gitnexus/gitnexus-guide/SKILL.md` |
+| Index, status, clean, wiki CLI commands | `.claude/skills/gitnexus/gitnexus-cli/SKILL.md` |
+| Work in the Pad area (405 symbols) | `.claude/skills/generated/pad/SKILL.md` |
+| Work in the Session area (107 symbols) | `.claude/skills/generated/session/SKILL.md` |
+| Work in the Audit area (106 symbols) | `.claude/skills/generated/audit/SKILL.md` |
+| Work in the Rc area (97 symbols) | `.claude/skills/generated/rc/SKILL.md` |
+| Work in the Parser area (89 symbols) | `.claude/skills/generated/parser/SKILL.md` |
+| Work in the Root area (85 symbols) | `.claude/skills/generated/root/SKILL.md` |
+| Work in the Memory area (82 symbols) | `.claude/skills/generated/memory/SKILL.md` |
+| Work in the Lookup area (73 symbols) | `.claude/skills/generated/lookup/SKILL.md` |
+| Work in the Initialize area (71 symbols) | `.claude/skills/generated/initialize/SKILL.md` |
+| Work in the Trace area (59 symbols) | `.claude/skills/generated/trace/SKILL.md` |
+| Work in the Journal area (57 symbols) | `.claude/skills/generated/journal/SKILL.md` |
+| Work in the Agent area (51 symbols) | `.claude/skills/generated/agent/SKILL.md` |
+| Work in the Server area (49 symbols) | `.claude/skills/generated/server/SKILL.md` |
+| Work in the Drift area (46 symbols) | `.claude/skills/generated/drift/SKILL.md` |
+| Work in the Notify area (46 symbols) | `.claude/skills/generated/notify/SKILL.md` |
+| Work in the Task area (45 symbols) | `.claude/skills/generated/task/SKILL.md` |
+| Work in the Lock area (42 symbols) | `.claude/skills/generated/lock/SKILL.md` |
+| Work in the Bootstrap area (41 symbols) | `.claude/skills/generated/bootstrap/SKILL.md` |
+| Work in the Watch area (39 symbols) | `.claude/skills/generated/watch/SKILL.md` |
+| Work in the Sysinfo area (38 symbols) | `.claude/skills/generated/sysinfo/SKILL.md` |
+
+<!-- gitnexus:end -->