feat(supply-chain): tool-backed logical diff report for skill/pack candidates

[Davincc77]

Summary

Adds the logical diff stage of the x.klickd skill/pack supply chain as real tooling. Given a previous candidate (--before) and a new one (--after), scripts/generate_supply_chain_diff.py classifies the changes that matter — governance, guardrails, memory policy, evidence, claims, public/private boundary — instead of diffing raw JSON lines, and emits a deterministic JSON report to help a reviewer decide: accept / premium-pass / reject / rollback.

Independent of PRs #115 and #116 (both still OPEN, not merged). Based on main — no dependency on their branches; the SUPPLY_CHAIN spec doc from #115 is not on main, so this stage stands alone. #115/#116 were not touched or merged.

What is now tool-backed vs. planned

Capability	State
logical diff classification (governance/guardrail/memory/evidence/claim/public boundary)	tool (this PR)
deterministic diff id + JSON report	tool (this PR)
hard-fail on guardrail lowering / claim / public-boundary violation	tool (this PR)
pack hash verification, candidate-mapping validation	tool (pre-existing scripts)
audit-trail index + determinism record	tool (PR #116, separate)
threat model, license check, source-freshness, full PII/secrets scanner	planned
candidate-skill / context-graph generation	planned
premium pass	manual (human/agent, post-diff)

No claim of full end-to-end automation. This is one stage.

Change classification

added, removed, changed, unchanged, risk_raised, guardrail_lowered, evidence_changed, governance_changed, memory_policy_changed, public_boundary_changed, claim_boundary_changed.

Exit codes

• 0 — no blocking finding
• 1 — at least one blocking finding (guardrail lowered, claim-boundary, or public/private-boundary violation)
• 2 — usage / input error

Any lowering of a non-lowerable safeguard is a hard fail, not a silent change (per the supply-chain rules).

Files added (13, +2020; nothing edited or deleted)

• scripts/generate_supply_chain_diff.py — stdlib-only offline CLI.
• .internal-skills/supply-chain/diff/README.md — operator doc (usage, blocking conditions, determinism, tool-vs-planned matrix). Internal codename path not referenced.
• tests/test_supply_chain_diff.py — 17 tests.
• tests/fixtures/supply_chain_diff/ — 1 before.json + 9 after_*.json (unchanged, benign, and one per blocking/non-blocking class).

Determinism

deterministic_diff_id = sha256: over before/after input hashes + sorted normalized findings. Clock-/host-/run-order independent; verified identical across two runs. Any clock marker a caller adds lives in non_deterministic_zone, excluded from the hash.

Example detected blocking cases (from fixtures)

• guardrail_lowered — a block gate weakened to confirm; a non_lowerable_floor entry removed; raise_only disabled; evidence_policy.required_for_claims turned off; final_decision_owner moved off human_carrier. → exit 1.
• claim_boundary_changed — claims_v41_ga flipped true, banned claims ("universal standard", "automatic GDPR compliance") introduced. → exit 1.
• public_boundary_changed — internal codename leaked into candidate, contains_real_pii flipped true, a forbidden_fields entry removed. → exit 1.

Validation results

Check	Command	Result
New diff tests	pytest tests/test_supply_chain_diff.py	17 passed
Pack verifier	python scripts/verify_xklickd_skill_packs.py verify	OK — 42 verified (8 Lite, 34 Pro) (exit 0)
Candidate mapping	python scripts/validate_v4_1_candidate_mapping.py	OK — 49 rows, 42 artefacts (exit 0)
Existing supply-chain tests	pytest test_rfc009_scaffold.py test_v4_1_candidate_mapping.py test_starter_pack_validator.py	70 passed, 1 skipped
Determinism	generate ×2	identical deterministic_diff_id
Codename leak (new files + public surfaces)	grep chimera	only the detector constant + the deliberate violation fixture; README.md/docs/public clean
Banned claims (new files)	grep banned list	only the detector blocklist + README's documented-list + the violation fixture; none asserted as product claims
Full suite (regression baseline)	pytest tests/ -q	6 failed, 148 passed, 1 skipped, 36 errors

Full-suite note (not masked): the 6 failed + 36 errors are pre-existing ModuleNotFoundError: No module named 'klickd' env issues in test_xai_grok_adapter.py, test_llamaindex_adapter.py, test_post_v4_demos.py (optional/non-installed package). Unchanged by this PR — zero regressions.

Limitations / non-claim boundaries

• The diff understands the documented x.klickd pack shape; restructured roots are reported as generic changed rather than mapped to a semantic class.
• Banned-claim and codename checks are substring tripwires on the candidate document, not a general-purpose PII/secrets scanner.
• This stage does not generate, promote, release, tag, publish, or deploy anything.
• No new public claims. No "universal standard", no automatic GDPR/EU AI Act compliance, no benchmark superiority.

No release / publish / tag / DOI / merge / communication. Private repo klickd-ai untouched. This agent does not approve PRs.