failure analysis.

Signed-off-by: Jose Alekhinne <jose@ctx.ist>

Author: josealekhine

.context/LEARNINGS.md

@@ -17,6 +17,8 @@ DO NOT UPDATE FOR:
 <!-- INDEX:START -->
 | Date | Learning |
 |----|--------|
+| 2026-04-08 | fmt.Fprintf to strings.Builder silently discards errors |
+| 2026-04-08 | AST audit tests must cover unexported functions too |
 | 2026-04-06 | Agents ignore system-reminder content without explicit relay instructions |
 | 2026-04-04 | Format-verb strings are localizable text, not exempt from magic string checks |
 | 2026-04-04 | Agents add allowlist entries to make tests pass — guard every exemption |
@@ -109,6 +111,26 @@ DO NOT UPDATE FOR:
 
 ---
 
+## [2026-04-08-074612] fmt.Fprintf to strings.Builder silently discards errors
+
+**Context**: golangci-lint errcheck allows fmt.Fprintf to strings.Builder because Write never fails, but project convention says zero silent discard
+
+**Lesson**: Linter coverage gaps exist where language guarantees mask conventions. AST tests fill the gap
+
+**Application**: Created TestNoUncheckedFmtWrite to enforce fmt.Fprintf error handling. Use if _, err := fmt.Fprintf(...) with log.Warn on the error path
+
+---
+
+## [2026-04-08-074604] AST audit tests must cover unexported functions too
+
+**Context**: TestDocCommentStructure only checked exported functions, so agent-written helpers in format.go had no godoc enforcement
+
+**Lesson**: Convention enforcement tests must default to scanning all documented functions. Use explicit opt-outs (test files) not opt-ins (exported only)
+
+**Application**: When adding AST audit tests, scan all functions. We fixed TestDocCommentStructure to drop the IsExported gate and fixed 84 violations
+
+---
+
 ## [2026-04-06-204226] Agents ignore system-reminder content without explicit relay instructions
 
 **Context**: Provenance line (Session: abc | Branch: main @ hash) was emitted by

.context/TASKS.md

@@ -42,6 +42,8 @@ TASK STATUS LABELS:
 
 ### Phase -2: Task completion nudge:
 
+- [ ] Move 6 grandfathered cross-package MCP types to entity/ #session:cc97cb0d #branch:main #commit:e8d5c60a #added:2026-04-08-074620
+
 - [ ] Design UserPromptSubmit hook that runs `make audit` at
   session start and surfaces failures as a consolidation-debt
   warning before the agent acts on stale assumptions.
@@ -91,18 +93,18 @@ TASK STATUS LABELS:
   non-atomic ownership, inverted logic, force-delete orphans,
   global state mutation.
 
-  - [ ] Design SKILL.md for ctx-architecture-failure-analysis:
+  - [x] Design SKILL.md for ctx-architecture-failure-analysis:
     inputs (architecture artifacts), analysis phases, output
     format (DANGER-ZONES.md), quality checklist
     #added:2026-03-25-060000
-  - [ ] Define the adversarial analysis framework: categories
+  - [x] Define the adversarial analysis framework: categories
     of silent failure (concurrency, ordering, cache,
     amplification, ownership, error swallowing, global state)
     with heuristics for each #added:2026-03-25-060000
-  - [ ] Implement skill with GitNexus integration: use impact
+  - [x] Implement skill with GitNexus integration: use impact
     analysis for blast radius estimation, use context for
     shared-state detection #added:2026-03-25-060000
-  - [ ] Add Gemini Search integration: cross-reference
+  - [x] Add Gemini Search integration: cross-reference
     discovered patterns against known failure modes in similar
     systems. #added:2026-03-25-060000
 

docs/reference/skills.md

@@ -70,6 +70,7 @@ opinionated behavior on top.
 | [`/ctx-loop`](#ctx-loop)                                 | Generate autonomous loop script                                 | user-invocable |
 | [`/ctx-worktree`](#ctx-worktree)                         | Manage git worktrees for parallel agents                        | user-invocable |
 | [`/ctx-architecture`](#ctx-architecture)                 | Build and maintain architecture maps                            | user-invocable |
+| [`/ctx-architecture-failure-analysis`](#ctx-architecture-failure-analysis) | Adversarial failure analysis for correctness bugs | user-invocable |
 | [`/ctx-remind`](#ctx-remind)                             | Manage session-scoped reminders                                 | user-invocable |
 | [`/ctx-doctor`](#ctx-doctor)                             | Troubleshoot ctx behavior with health checks and event analysis | user-invocable |
 | [`/ctx-skill-audit`](#ctx-skill-audit)                   | Audit skills against Anthropic prompting best practices         | user-invocable |
@@ -560,6 +561,39 @@ rather than re-analyzing everything.
 
 ---
 
+### `/ctx-architecture-failure-analysis`
+
+Adversarial failure analysis that generates falsifiable incident
+hypotheses against architecture artifacts. Hunts for correctness
+bugs that survive code review and tests: race conditions, ordering
+assumptions, cache staleness, error swallowing, ownership gaps,
+idempotency failures, state machine drift, and scaling cliffs.
+
+Requires `/ctx-architecture` artifacts as input. Reads
+`ARCHITECTURE.md`, `DETAILED_DESIGN*.md`, and `map-tracking.json`,
+then systematically applies 9 failure categories to every mutation
+point. Each finding carries an evidence standard (code path,
+trigger, failure path, silence reason, code evidence), a confidence
+level, and an explicit risk score. A mandatory challenge phase
+attempts to disprove each finding before it is accepted.
+
+Produces `.context/DANGER-ZONES.md` with ranked findings split
+into Critical (risk >= 7, silent/cascading) and Elevated tiers.
+
+**Wraps**: reads architecture artifacts, source code; writes
+`DANGER-ZONES.md`. Optionally uses GitNexus for blast radius
+and Gemini Search for cross-referencing known failure patterns.
+
+**Relationship**:
+
+| Skill | Mode |
+|-------|------|
+| `/ctx-architecture` | Map what exists |
+| `/ctx-architecture-enrich` | Improve map fidelity |
+| `/ctx-architecture-failure-analysis` | Generate falsifiable incident hypotheses |
+
+---
+
 ### `/ctx-remind`
 
 Manage session-scoped reminders via natural language. Translates user