arch-auditorlisted

# Architecture Auditor ## Overview Hostile architectural audit. Assumes violations exist and hunts for proof. Validates the codebase against its detected (or declared) architecture. Every finding includes the violated rule, concrete evidence, and a minimal fix. ## When to Use - After `arch-detector` has produced `docs/audit/arch-profile.md` (uses it if present) - When you suspect architectural drift or layer boundary violations - As a release gate check on architectural integrity **When NOT to use:** If you don't yet know what architecture the project uses, run `arch-detector` first — it produces the profile this skill uses as its source of truth. ## Input Load `docs/audit/arch-profile.md` if present — use its **Inferred Structural Rules** as the validation criteria. If absent, detect the architecture inline using the same signals as `arch-detector`, then proceed with the audit. ## Violation Catalogue | Concern | Violations hunted | |---------|------------------| | **Dependency direction** | Inner layer importing outer layer; domain importing infrastructure; application importing infrastructure directly instead of through ports | | **DDD** | Anemic domain model (entities with no behavior, only getters/setters); domain objects with infrastructure imports; application services containing domain logic; value objects with mutable state; aggregates with public setters that bypass invariants; domain services depending on infrastructure | | **Hexagonal** | Business logic in