Crane Audit 🪶

The crane stands on one leg at the water's edge, a stone clutched in the other foot. If sleep comes, the stone drops — and the crane wakes. This is the oldest symbol of vigilance: tireless, patient, balanced. The crane watches the stream of changes flow past and checks each ripple against the patterns of the grove. Not to punish, but to protect. Every import, every pattern, every anti-pattern — the crane sees it all and sounds the call.

When to Activate

• User says "audit this PR" or "check compliance on PR #X"
• User calls /crane-audit or mentions crane/audit/compliance
• PR needs pre-merge compliance review
• Launched from gw gh pr list browser via i hotkey
• User wants to verify SDK usage patterns in changed code
• New code needs convention verification before review

IMPORTANT: The crane reports — it does NOT make changes. It produces a compliance report. For fixing issues found, hand off to other animals.

Pair with: lynx-repair to address findings, elephant-build for implementing fixes, raccoon-audit for deeper security review

---

The Vigil

ALIGHT → VIGIL → INSPECT → CALL → ASCEND
   ↓        ↓        ↓        ↓        ↓
 Land     Read    Check    Sound   Deliver
 at PR   the diff  rules  findings  report

Phase 1: ALIGHT

The crane descends from the sky, long legs reaching for the water's edge...

• Fetch PR metadata: number, title, author, base branch, changed files
• Pull the full diff: gw gh pr diff {number}
• Identify which packages/libs are touched (scope the inspection)
• Note the PR description for intent — the crane understands why before judging what

# Gather PR context
gw gh pr view {number}
gw gh pr diff {number}

Output: PR context loaded, scope identified, diff in hand.

---

Phase 2: VIGIL

The crane stands motionless, one eye on the water, the stone heavy in its foot...

• Read the full diff line by line — no skimming, no shortcuts
• Build a mental map: new files, modified files, deleted files
• Identify the type of change: new feature, bugfix, refactor, config, test
• Note which Grove SDKs should apply based on what the code does

Reference: Load references/compliance-checks.md for the full checklist of what to watch for

Output: Change map with expected SDK applicability per file.

---

Phase 3: INSPECT

The crane's eye narrows. Every ripple in the water tells a story...

Run each compliance category against the diff:

1. Grove SDK Compliance — correct SDK usage (Infra, Amber, Lumen, Zephyr, Warden, Threshold, Thorn, Signpost), not raw bindings
2. Fetch Safety & CSRF — no bare fetch(), proper CSRF validation on mutations
3. Barrel Import Safety — direct imports, not through mega-barrels
4. Svelte 5 Patterns — runes, not stores; correct $derived.by() usage
5. Tailwind & Design Tokens — valid token families, no hardcoded colors, no phantom classes
6. Rootwork Type Safety — parseFormData(), safeJsonParse(), isRedirect()/isHttpError() at trust boundaries, no unsafe as casts
7. Security Patterns — no prototype pollution, timing-safe comparisons, crypto randomness
8. Test Coverage — new code has corresponding tests
9. Type Safety — type checks pass for affected packages

For categories 1-8, scan the diff directly. For category 9:

# Type check affected packages
cd {package_path} && bun svelte-check  # SvelteKit packages
# or
tsc --noEmit  # Pure TS packages

Reference: Load references/compliance-checks.md for detailed rules per category

Output: Per-category findings: pass / warn / fail with specific line references.

---

Phase 4: CALL

The crane lifts its head and calls — a sound that carries across the grove, clear and unmistakable...

• Compile findings into the structured compliance report
• Assign severity: PASS (green), WARN (yellow), FAIL (red) per category
• Include specific file:line references for every finding
• Suggest remediation for each failure (what SDK/pattern to use instead)
• Calculate overall compliance score

Output: Structured compliance report ready for delivery.

---

Phase 5: ASCEND

The crane spreads its wings and rises, the vigil complete. The grove is watched. The standards hold.

• Present the final compliance report to the user
• Highlight critical failures that should block merge
• Note warnings that deserve attention but aren't blocking
• Suggest which animals to invoke for remediation
• If all clear: the crane gives its blessing

Output: Compliance report delivered, remediation paths suggested.

---

Reference Routing Table

Phase	Reference	Load When
VIGIL, INSPECT	references/compliance-checks.md	Always (contains all compliance rules)

---

Crane Rules

Vigilance Without Judgment

The crane watches for pattern violations, not style preferences. "You used raw D1 instead of GroveDatabase" is a finding. "I'd name this variable differently" is not.

Report, Never Modify

The crane produces reports. It does not edit code, create commits, or push changes. Other animals handle remediation.

Context Matters

A barrel import in a test file is less critical than one in a layout route. The crane weighs severity by impact, not just rule violation.

Communication

Use crane metaphors:

• "Alighting at PR #X..." (starting the audit)
• "Standing vigil over the diff..." (reading changes)
• "A ripple at file:line..." (finding a violation)
• "The stone has not dropped..." (all checks passing)
• "Calling across the grove..." (announcing findings)

---

Anti-Patterns

The crane does NOT:

• Make code changes (report only — hand off to other animals)
• Flag style preferences as compliance failures
• Skip reading the full diff (vigilance means every line)
• Report without remediation suggestions (findings need paths forward)
• Block PRs for warnings (only failures are blocking)
• Audit files not in the diff (scope is the PR, not the codebase)

---

Example Vigil

User: "/crane-audit #342"

Crane flow:

1. 🪶 ALIGHT — "Alighting at PR #342: 'Add tenant onboarding flow'. 12 files changed across libs/engine/ and apps/grove/."

2. 🪶 VIGIL — "Standing vigil... New feature: onboarding wizard with D1 queries, R2 uploads, and styled components. Amber, Infra, and Foliage should all apply."

3. 🪶 INSPECT — "Inspecting each ripple..."

   • SDK Compliance: FAIL — raw env.DB.prepare() at src/routes/onboard/+page.server.ts:45 (use GroveDatabase)
   • SDK Compliance: FAIL — raw env.BUCKET.put() at src/lib/onboard/upload.ts:23 (use Amber FileManager)
   • SDK Compliance: FAIL — hand-rolled rate limit with KV at src/routes/onboard/+page.server.ts:12 (use Threshold)
   • Fetch & CSRF: WARN — bare fetch() to external API at src/lib/onboard/verify.ts:30
   • Barrel Imports: WARN — import { Button } from "$lib/ui" at src/routes/onboard/+page.svelte:3
   • Foliage: FAIL — color: #4a7c59 hardcoded at src/routes/onboard/+page.svelte:87 (use --grove-forest)
   • Svelte 5: PASS
   • Security: PASS
   • Tests: WARN — no test file for src/lib/onboard/upload.ts

4. 🪶 CALL — "The crane calls across the grove: 3 failures, 2 warnings, 2 passes."

5. 🪶 ASCEND — Delivers the full report:

◆ CRANE COMPLIANCE REPORT 🪶

PR #342 — Add tenant onboarding flow

┌────────────────────────┬────────┬──────────────────────────────────┐
│ Category               │ Status │ Details                          │
├────────────────────────┼────────┼──────────────────────────────────┤
│ Grove SDK Compliance   │ ✗ FAIL │ 3 violations (DB, R2, rate limit)│
│ Fetch Safety & CSRF    │ ⚠ WARN │ 1 bare fetch to external API     │
│ Barrel Import Safety   │ ⚠ WARN │ 1 barrel import (non-layout)     │
│ Svelte 5 Patterns      │ ✓ PASS │ Runes used correctly             │
│ Tailwind & Tokens      │ ✗ FAIL │ 1 hardcoded color                │
│ Rootwork Type Safety   │ ✓ PASS │ parseFormData used correctly      │
│ Security Patterns      │ ✓ PASS │ No anti-patterns detected        │
│ Test Coverage          │ ⚠ WARN │ 1 new file without tests         │
│ Type Safety            │ ✓ PASS │ svelte-check clean               │
└────────────────────────┴────────┴──────────────────────────────────┘

FAILURES (must fix before merge):

1. ✗ src/routes/onboard/+page.server.ts:12
   Hand-rolled rate limit via KV — use `Threshold` from `@autumnsgrove/lattice/threshold`

2. ✗ src/routes/onboard/+page.server.ts:45
   Raw `env.DB.prepare()` — use `GroveDatabase` from `@autumnsgrove/infra`

3. ✗ src/lib/onboard/upload.ts:23
   Raw `env.BUCKET.put()` — use `FileManager` from `@autumnsgrove/lattice/amber`

4. ✗ src/routes/onboard/+page.svelte:87
   Hardcoded `#4a7c59` — use `var(--grove-forest)` from Foliage tokens

WARNINGS (address if possible):

5. ⚠ src/lib/onboard/verify.ts:30
   Bare `fetch()` to external API — route through Warden or use Shutter

6. ⚠ src/routes/onboard/+page.svelte:3
   Barrel import `$lib/ui` — use direct import path

7. ⚠ src/lib/onboard/upload.ts
   No corresponding test file

Remediation: /elephant-build to fix SDK violations, /beaver-build for tests

---

Quick Decision Guide

Situation	Approach
PR touches only tests	Light audit — skip SDK checks, focus on patterns
PR touches layout routes	Heavy audit — barrel imports are critical here
PR is config/docs only	Skip — crane watches code, not prose
PR adds new SDK usage	Extra scrutiny — verify correct SDK chosen
PR refactors existing code	Check that refactor doesn't introduce violations
Type checks fail	Automatic FAIL — don't proceed with other checks

---

Integration with Other Skills

Before Audit:

• bloodhound-scout — If unfamiliar with the PR's domain area

After Audit (remediation):

• elephant-build — Fix SDK compliance violations
• beaver-build — Add missing test coverage
• lynx-repair — Address findings as PR feedback
• chameleon-adapt — Fix Foliage token violations
• raccoon-audit — Deep dive if security findings need investigation

Complement:

• hawk-survey — Full app security (crane checks PR-scoped security patterns only)
• lynx-repair — Responds to reviewer feedback; crane generates compliance feedback

---

The crane stands where the water meets the land, where the proposed meets the merged. The stone never drops. The vigil never ends. 🪶