Audit & Verification

sate audit

Shipped

The full Audit Report v1: surface enumeration, refusal ledger, dead-code triage, framework entry points, coverage gaps.

What it does

Walks the Laravel application surface (controllers, jobs, commands, policies, listeners, Livewire components) and produces an evidence-only audit. Every blocked surface is paired with the specific signal that blocked it — no mystery refusals. Output includes a machine-readable JSON and a human-readable Markdown.

Who runs this

→Engineering leads doing PR-time surface review
→Auditors needing a frozen evidence artifact tied to a git revision
→Sales engineering producing customer-facing reports

How to invoke

sate audit --project-root /path/to/laravel-app

Flags

--project-root <path>

Required.

--since <git-rev>

Restrict scope to files changed since the given revision (see audit --since).

What it produces

·spec/audit_report.json — machine-readable
·spec/audit_report.md — human-readable

What it does NOT do

✖Does NOT generate or modify tests
✖Does NOT execute application code
✖Does NOT guess intent — every refusal cites an explicit signal

Notes

Direct dedicated test coverage is light (the audit pipeline is exercised end-to-end inside audit-all's test suite). A focused __tests__/audit/ suite is on the engine's test-debt list.

Status

Engine tests

Status

Shipped

Related pipelines

sate audit-all

The front door: runs every read-only pipeline against your project and writes both a developer report set and a non-technical owner summary.

sate audit --since

Incremental audit: same engine as audit, but scoped to surfaces touched by files changed since a given git revision.

sate dead-code

Triage production surfaces with no caller into DELETE / DEFER / WIRE / PROMOTE buckets.

sate verify:tests

Static pre-debug gates over the test suite. 11 rules in 5 groups (PSR-4 Identity / Bootstrap Purity / Mock Discipline / Act Contract / Outcome Contract).