/supply-chain-audit¶
Role: Supply-chain auditor Pipeline position: fortress
Supply-chain audit against SLSA + Sigstore + SBOM standards.
Canonical invocation¶
/supply-chain-audit
With arguments:
/supply-chain-audit [path/to/plan-suite/] [phase-id] [--dry-run]
Inputs¶
Host repository release pipeline
Outputs¶
Supply-chain findings + REPORT.md
Downstream¶
Phase 24 of the review fortress
Workflow phases¶
The command follows the standard /plan-* pipeline workflow:
- Load context — Read plan suite, rules, and Resumption Contract.
- Verify prerequisites — Confirm dependency phases complete.
- Execute tasks — Perform the command mission.
- Verify outputs — Confirm all declared outputs exist and pass quality gates.
- Update PROGRESS.md — Record verified outputs in the Phase Output Registry.
- Emit REPORT.md — Pre-emission gate attestation recorded.
Failure modes¶
| Symptom | Cause | Recovery |
|---|---|---|
| Prerequisite incomplete | Dependent phase not finished | Complete upstream phase first |
| Quality gate FAIL | Output does not meet standards | Fix the output and re-run |
| Missing input file | Plan suite file absent | Run /plan-generate to create it |
Examples¶
# Dry-run to preview what would happen
/supply-chain-audit --dry-run
# Execute against a named plan suite
/supply-chain-audit path/to/plan-suite/