auditlisted

# Audit — Confirm Recent Commits Before You Trust Them Law 4 says verify before reporting. A merged commit with green CI is a claim, not a proof. This skill runs the audit-driven loop: take a window of recent commits, hunt for real defects, prove each one before touching code, fix on a branch, and verify every surface the fix touches before declaring the audit clean. ## When to Activate - After a batch of commits lands ("audit today's commits"), especially on money-handling, auth, or state-mutating code. - When a feature shipped across several surfaces (backend, frontend, admin, migration) and you suspect one was missed. - After a large refactor or a conflicted merge — exactly when individually-correct functions can still cancel each other out. - Before a release cut, as the last gate over "everything claimed done." ## The Loop ``` 1. Scope — pick the commit window (e.g. main since last release, or HEAD~N..HEAD) 2. Find — hunt for real defects, one concern per pass 3. Confirm — prove each finding against the actual code; false positives die here 4. Fix — one branch, one concern per commit, smallest diff that closes the defect 5. Verify — exercise EVERY surface the fix touches, not just the one you edited 6. Report — confirmed defects, dismissed false positives, and no-op items, with evidence ``` ## Find: One Concern Per Pass Run the find pass once per dimension rather than one undifferentiated sweep. The dimensions that have actually caught defects in