feat(supply-chain): tool-backed audit-trail index + determinism record

[Davincc77]

Summary

First tool-backed automation stage of the x.klickd supply-chain protocol. Two traceability elements move from spec to real, re-checkable artefacts produced by a script. This does not automate the full pipeline.

Added:

• scripts/generate_supply_chain_audit.py — stdlib-only, offline CLI (generate / check). Collects the 42 NON-NORMATIVE v4.1 candidate skill packs + manifest (43 inputs), enforces the artifact_loaded + sha256_matches_manifest gate, and writes the two artefacts. Exits non-zero on a missing/changed input, manifest hash mismatch, banned-claim string, or obvious secret/PII in its own output.
• .internal-skills/supply-chain/audit/audit_trail_index.json — consultable index: repo, source commit, checked-artifact count + hash summary, declared validation commands, append-style event list, and a per-stage stage_automation map (tool / partial / planned / manual).
• .internal-skills/supply-chain/audit/determinism_record.json — input/output file hashes + deterministic_run_id derived only from inputs.
• .internal-skills/supply-chain/audit/README.md — operator doc.
• tests/test_supply_chain_audit.py — 10 tests (generability, JSON parse, required fields, run_id stability across two runs, timestamp-is-the-only-non-deterministic-field, no secret/PII, no banned claim, check in-sync + tamper/injection detection).

What is now actually automated vs. planned

Stage	State
audit-trail index	tool (this PR)
determinism / reproducibility record	tool (this PR)
reproducibility check (check subcommand)	tool (this PR)
pack hash verification, candidate mapping validation	tool (pre-existing scripts)
PII/secrets scan	partial — tripwire on this stage's own output only
diff report, threat model, license check, source-freshness, public/private boundary, context-graph gen, candidate-skill gen	planned (spec-only)
premium pass	manual (human/agent)

validation_results in the index is intentionally empty: the generator records the declared commands but does not run them, so it asserts no outcome it did not observe. Pre-filled "pass" values would be a mirage.

Determinism

deterministic_run_id = sha256: over sorted (relative_path, sha256) pairs — independent of clock, host, run order. The only non-deterministic field, generated_at, is quarantined under non_deterministic_zone and excluded from every hash. Two consecutive generate runs produce an identical run_id (sha256:10fa77ec…); only generated_at differs.

Validations run

Check	Result
python scripts/verify_xklickd_skill_packs.py verify	OK — 42 verified (8 Lite, 34 Pro), all hash-match (exit 0)
python scripts/validate_v4_1_candidate_mapping.py	OK — 49 rows, 42 artefacts, all checks pass (exit 0)
pytest tests/test_supply_chain_audit.py	10 passed
pytest tests/test_rfc009_scaffold.py tests/test_v4_1_candidate_mapping.py tests/test_starter_pack_validator.py	70 passed, 1 skipped
python scripts/generate_supply_chain_audit.py generate ×2 then check	stable run_id, in-sync (exit 0)
Full suite pytest tests/ -q	6 failed, 141 passed, 1 skipped, 36 errors — the +10 vs. the #115 baseline (131) are exactly the new tests; all failures/errors are pre-existing missing-dependency import errors in test_xai_grok_adapter.py / test_llamaindex_adapter.py / test_post_v4_demos.py, unchanged by this PR
Codename leak in JSON artefacts + true public surfaces (README.md, docs/public/)	clean
Banned public claims in new files	none (only the detector blocklist literal)

Boundaries (non-claims)

• No release / tag / merge / publish / deploy / DOI / package-version change. No communications. Private repo klickd-ai untouched. This agent does not approve PRs.
• No "universal standard", no "automatic GDPR / EU AI Act compliance", no proven benchmark superiority. The 70–80% automation figure is a design target, not a guarantee.
• A catalogue entry is not a loaded skill; only bytes-on-disk + hash-match count.

Relationship to #115

Branched from main, independent of #115 (docs-only spec, still open/unmerged). The audit README references the supply-chain RFC without naming internal paths in public-facing copy. #115 is not touched or merged.

Limitations / next step

• Pipeline remains mostly planned; this PR adds only the two traceability stages + a reproducibility check. Not end-to-end executable.
• Full pytest suite cannot run fully green due to pre-existing missing optional deps (unrelated).
• Next: implement the next planned stage (logical diff report or license/source-freshness check) as real tooling, and optionally wire generate_supply_chain_audit.py check into CI.

🤖 Generated with Claude Code