Quality system
Executable guards encode conventions that matter: reference integrity, naming rules, schema truthfulness, and site link integrity. Recurring authoring mistakes become named anti-patterns, mechanical guards, and baselines that ratchet toward zero.
For contributors. Guards live in scripts/ as npm run check:*; tests run under Vitest in tests/.
The guard suite
Guards are TypeScript scripts under scripts/ that walk the workflows worktree or this site's HTML and report violations. Each convention named in a specification or architecture page has a matching check — the spec defines the rule; the guard enforces it mechanically. Run them with npm run check:<name>; a clean tree always yields the same result.
workflows branch; Vitest mirrors key corpus checks so regressions fail npm test; the deploy-docs workflow runs the site pipeline on documentation PRs.Most guards are hard-zero — any finding fails the run. A few compare against a committed baseline of reviewed, pre-existing findings and fail only when the corpus grows beyond that snapshot; re-snapshot with --update-baseline after an intentional change. The full command list is in package.json.
The test architecture
The Vitest suite (thirty-plus files) is organized around what could break:
- Unit coverage of the machinery — schema validation and generation, every loader, and the session store's sharp edges: HMAC sealing, index derivation, collision handling, legacy-folder migration.
- Fidelity behaviour — the runtime validators, binding provenance, fetch observability (including
technique_bundledcoverage), reference-not-repeat delivery, and trace-token signing, each tested as an observable contract rather than an implementation detail. - End-to-end execution —
mcp-server.test.tsdrives real tool calls; a deterministic walker (tests/e2e/walker.ts) enumerates every reachable path through every workflow definition and executes each one against the live server, so an unreachable activity or an impossible transition in content fails the server's test suite. - Documentation —
site.test.tsruns the two site guards and the drift check described below, making stale documentation a red build. - Agent smoke runs —
scripts/smoke/drives a real agent through a workflow for the behaviour no deterministic walk can check: whether the instructions actually steer a model.
Generated, then guarded
Two artifacts are machine-derived from the source, and both are guarded against drift rather than trusted to stay fresh. The documentation site itself follows the same pattern — hand-authored pages with generated API regions — and check:site / check:svg keep links and diagrams honest:
The same discipline extends to deployment: the GitHub Pages workflow re-runs the site guards before publishing, so the deployed site is exactly the checked, committed one.
Next
Where this machinery lives in the server is server anatomy; how runs are kept on-script at runtime is workflow fidelity.