Skip to content

Commit 7c959ab

Browse files
kryptobaseddevclaude
kryptobaseddev
and
claude
committed
docs: fix canon accuracy — audit trail + validation scope (versionguard review)
Per versionguard-opencode security review: - "Immutable Audit Trail" → "Append-Only Audit Trail" (pruneAuditLog deletes entries with configurable retention, so "immutable" is inaccurate) - "Every operation undergoes four-layer validation" → "Every MCP mutate operation" (CLI bypasses MCP middleware, uses domain-specific validation) Full review at cleoos-workspace/reviews/versionguard-canon-review.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 8fb46b1 commit 7c959ab

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

docs/concepts/CLEO-VISION.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -464,7 +464,7 @@ NEXUS leverages graph structures built into each project's `tasks.db` and `brain
464464

465465
## Anti-Hallucination Protocol
466466

467-
Every operation undergoes **four-layer validation**:
467+
Every MCP mutate operation undergoes **four-layer validation** (CLI operations rely on domain-specific validation within core modules):
468468

469469
### Layer 1: Schema -- JSON Schema Enforcement
470470

@@ -520,7 +520,7 @@ When you use CLEO with any AI coding tool, you establish a formal contract:
520520
- **Numeric Exit Codes** -- All errors have numeric exit codes for programmatic branching (0-99 standard, 100+ special conditions)
521521
- **Validation First** -- All operations validate first, fail fast on invalid input -- four-layer anti-hallucination
522522
- **Persistent Memory** -- All project state is persisted in SQLite (`tasks.db` for work and sessions; `brain.db` for dedicated memory) as the single source of truth per project
523-
- **Immutable Audit Trail** -- All changes are logged in an append-only audit log with provenance tags
523+
- **Append-Only Audit Trail** -- All changes are logged in an append-only audit log with provenance tags and configurable retention
524524
- **Atomic Writes** -- All writes are atomic with automatic backup and rollback -- no partial corruption
525525
- **Lifecycle Governance** -- Significant work follows the RCASD-IVTR+C pipeline with gate enforcement
526526
- **Canonical Completion Path** -- Task completion is enforced through `tasks.complete` semantics (dependencies, acceptance policy, verification gates, lifecycle-aware failure codes). `tasks.update status=done` MUST route through the same completion checks

0 commit comments

Comments
 (0)