harness-oia-audit

The 13th worker (ADR-150 Phase 2) — runs three MetaHarness static surfaces in one shot, computes a composite worst-severity signal, and persists the audit record to memory so drift over time is visible.

Algorithm

Implementation: scripts/oia-audit.mjs.

1. Run harness oia-manifest <path> — Open Infrastructure Architecture layer alignment (L1-L9).
2. Run harness threat-model <path> — categorized MCP-surface threat report with worst: clean|low|medium|high.
3. Run harness mcp-scan <path> — per-server/tool policy + permissions
   • dep findings.
4. Composite worst = max(threatModel.worst, max(mcpScan.findings.severity)).
5. Persist payload to memory namespace metaharness-audit with key audit-<iso-timestamp> (unless --dry-run).
6. --alert-on-worst <severity>: exit 1 if composite worst ≥ threshold.